Communication method and device

文档序号：144915 发布日期：2021-10-22 浏览：47次中文

阅读说明：本技术 一种通信方法及装置 (Communication method and device ) 是由李�泳王勇陈璟于 2020-11-28 设计创作，主要内容包括：本申请实施例提供一种通信方法及装置,应用于通信领域,尤其是短距离通信领域,例如车载无线通信系统中,该方法包括：发送第一公钥以及第一公钥的签名；接收来自第二节点的第一信息,第一信息包含身份标识ID密文；根据第一公钥对应的第一私钥解密ID密文,得到第二节点的ID；向第二节点发送第二信息,第二信息包括与第二节点对应的临时ID,临时ID用于临时标记第二节点的身份。采用本申请实施例,能够保护节点的真实ID不被泄露,提高数据安全性。该方案进一步可用于提升自动驾驶或高级驾驶辅助系统ADAS能力,可应用于车联网,例如车辆外联V2X、车间通信长期演进技术LTE-V、车辆-车辆V2V等。(The embodiment of the application provides a communication method and a communication device, which are applied to the field of communication, in particular to the field of short-distance communication, for example, in a vehicle-mounted wireless communication system, and the method comprises the following steps: sending the first public key and the signature of the first public key; receiving first information from a second node, wherein the first information comprises an identity ID ciphertext; decrypting the ID ciphertext according to a first private key corresponding to the first public key to obtain the ID of the second node; and sending second information to the second node, wherein the second information comprises a temporary ID corresponding to the second node, and the temporary ID is used for temporarily marking the identity of the second node. By adopting the embodiment of the application, the real ID of the node can be protected from being leaked, and the data security is improved. The scheme can be further used for improving the capability of an automatic driving or Advanced Driving Assistance System (ADAS) and can be applied to the Internet of vehicles, such as vehicle external connection V2X, workshop communication long term evolution technology (LTE-V), vehicle-vehicle V2V and the like.)

1. A method of communication, comprising:

sending a first public key and a signature of the first public key;

receiving first information from a second node, wherein the first information comprises an identity ID (identity) ciphertext, and the ID ciphertext corresponds to the first public key and the ID of the second node;

decrypting the ID ciphertext according to a first private key corresponding to the first public key to obtain the ID of the second node;

and sending second information to the second node, wherein the second information comprises a temporary ID corresponding to the second node, and the temporary ID is used for temporarily marking the identity of the second node.

2. The method of claim 1, wherein the first public key is a one-time public key and the first private key is a one-time private key.

3. The method of claim 1, further comprising:

signing the first public key based on a private key corresponding to a digital certificate DC to obtain a signature of the first public key;

transmitting the DC to the second node.

4. A method of communication, comprising:

receiving first information from a second node, wherein the first information comprises an ID (identity) ciphertext, and the ID ciphertext corresponds to a first protection key and an ID of the second node;

determining the first protection key based on a security parameter, wherein the security parameter is a pre-shared key PSK between a first node and a second node or a first password of the first node; decrypting the ID ciphertext according to the first protection key to obtain the ID of the second node;

5. The method of claim 4, wherein said determining the first protection key based on the security parameter comprises:

and determining the first protection key according to the security parameter and the first random number.

6. The method according to claim 4 or 5, characterized in that the security parameter is a pre-shared key PSK between the first node and the second node; the PSK corresponds to a first PSK ID; the first information further includes the first PSKID.

7. The method according to any one of claims 1 to 6, wherein the first information further includes first indication information, and the first indication information is used to indicate that the association request information includes the ID ciphertext.

8. The method according to any one of claims 1-7, further comprising:

determining that the identity authentication of the second node passes;

assigning the temporary ID to the second node.

9. The method of claim 8, wherein the first message further comprises a first key agreement parameter; the determining that the identity authentication of the second node passes comprises:

determining a first key according to the first key negotiation parameter and a key negotiation algorithm;

sending third information to the second node, wherein the third information comprises first identity authentication information and second key agreement parameters, and the first identity authentication information is used for identity authentication of the first node;

receiving fourth information from the second node, wherein the fourth information comprises second identity authentication information;

and confirming that the identity authentication of the second node passes according to the second identity authentication information.

10. A method of communication, comprising:

receiving a first public key from a first node and a signature of the first public key;

determining that the integrity of the first public key passes verification according to the signature of the first public key;

sending first information to the first node, wherein the first information comprises an ID ciphertext, and the ID ciphertext is obtained by encrypting the ID of the second node through the first public key;

receiving second information from the first node, wherein the second information comprises a temporary ID corresponding to the ID of the second node, and the temporary ID is used for temporarily marking the identity of the second node.

11. The method of claim 10, wherein the first public key is a one-time public key.

12. The method as claimed in claim 10 or 11, wherein said determining that said one-time public key is verified based on said signature of said one-time public key comprises:

receiving a digital certificate DC from the first node;

and determining that the first public key passes verification according to the public key corresponding to the DC and the signature of the first public key.

13. A method of secure communication, comprising:

determining a first protection key based on a security parameter, wherein the security parameter is a pre-shared key PSK between a first node and a second node or a first password of the first node;

receiving second information from the first node, wherein the second information comprises a temporary ID corresponding to the second node, and the temporary ID is used for temporarily marking the identity of the second node.

14. The method of claim 13, wherein determining the first protection key based on the security parameter comprises:

and determining the first protection key according to the security parameter and the first random number.

15. A method according to claim 13 or 14, characterized in that said security parameter is a pre-shared key PSK between the first node and the second node; the PSK corresponds to a first PSK ID; the first information further includes the first PSKID.

16. The method according to any one of claims 10 to 15, wherein the first information further includes first indication information, and the first indication information is used to indicate that the association request includes the ID ciphertext.

17. The method according to any one of claims 10-16, further comprising:

receiving third information from the first node, wherein the third information comprises first identity authentication information and second key agreement algorithm parameters;

determining a first key according to the second key negotiation algorithm parameter and the key negotiation algorithm;

confirming that the identity authentication of the first node passes according to the first key and the first identity authentication information;

sending fourth information to the first node, wherein the fourth information comprises second identity authentication information; the second identity authentication information is used for authenticating the identity of the second node.

18. A communications apparatus, comprising:

a sending unit, configured to send a first public key and a signature of the first public key;

a receiving unit, configured to receive first information from a second node, where the first information includes an ID ciphertext, and the ID ciphertext corresponds to the first public key and an ID of the second node;

the processing unit is used for decrypting the ID ciphertext according to a first private key corresponding to the first public key to obtain the ID of the second node;

the sending unit is further configured to send second information to the second node, where the second information includes a temporary ID corresponding to the second node, and the temporary ID is used to temporarily mark an identity of the second node.

19. The apparatus of claim 18, wherein the first public key is a one-time public key and the first private key is a one-time private key.

20. The apparatus according to claim 18, wherein the processing unit is further configured to sign the first public key based on a private key corresponding to a digital certificate DC, so as to obtain a signature of the first public key;

the transmitting unit is further configured to transmit the DC to the second node.

21. A communications apparatus, comprising:

a receiving unit, configured to receive first information from a second node, where the first information includes an ID ciphertext, and the ID ciphertext corresponds to a first protection key and an ID of the second node;

a processing unit, configured to determine the first protection key based on a security parameter, where the security parameter is a pre-shared key PSK between a first node and the second node or a first password of the first node; decrypting the ID ciphertext according to the first protection key to obtain the ID of the second node;

a sending unit, configured to send second information to the second node, where the second information includes a temporary ID corresponding to the second node, and the temporary ID is used to temporarily mark an identity of the second node.

22. The apparatus according to claim 21, wherein the processing unit is specifically configured to determine the first protection key according to the security parameter and a first random number.

23. An apparatus according to claim 21 or 22, wherein the security parameter is a pre-shared key PSK between the first node and the second node; the PSK corresponds to a first PSK ID; the first information further includes the first PSKID.

24. The apparatus according to any one of claims 18 to 23, wherein the first information further includes first indication information, and the first indication information is used to indicate that the association request information includes the ID ciphertext.

25. The apparatus according to any of claims 18-24, wherein the processing unit is further configured to:

determining that the identity authentication of the second node passes;

assigning the temporary ID to the second node.

26. The apparatus of claim 25, wherein the first message further comprises a first key agreement parameter; the processing unit is further configured to determine a first key according to the first key agreement parameter and a key agreement algorithm;

the sending unit is further configured to send third information to the second node, where the third information includes first identity authentication information and a second key agreement parameter, and the first identity authentication information is used for identity authentication of the first node;

the receiving unit is further configured to receive fourth information from the second node, where the fourth information includes second identity authentication information;

the processing unit is further configured to confirm that the identity authentication of the second node passes according to the second identity authentication information.

27. A communications apparatus, comprising:

a receiving unit, configured to receive a first public key from a first node and a signature of the first public key;

the processing unit is used for determining that the integrity of the first public key passes the verification according to the signature of the first public key;

a sending unit, configured to send first information to the first node, where the first information includes an ID ciphertext obtained by encrypting an ID of a second node with the first public key;

the receiving unit is further configured to receive second information from the first node, where the second information includes a temporary ID corresponding to an ID of the second node, and the temporary ID is used to temporarily mark an identity of the second node.

28. The apparatus of claim 27, wherein the first public key is a one-time public key.

29. The apparatus according to claim 27 or 28, wherein said receiving unit is further configured to receive a digital certificate DC from the first node;

the processing unit is further configured to determine that the first public key passes verification according to the public key corresponding to the DC and the signature of the first public key.

30. A communications apparatus, comprising:

the processing unit is used for determining a first protection key based on a security parameter, wherein the security parameter is a pre-shared key PSK between a first node and a second node or a first password of the first node;

the processing unit is further configured to encrypt an identity ID of the second node according to the first protection key to obtain an ID ciphertext;

a sending unit, configured to send first information to the first node, where the first information includes an ID ciphertext obtained by encrypting an ID of a second node with the first protection key;

a receiving unit, configured to receive second information from the first node, where the second information includes a temporary ID corresponding to the second node, and the temporary ID temporarily marks an identity of the second node.

31. The apparatus of claim 30, wherein determining the first protection key based on the security parameter comprises:

and determining the first protection key according to the security parameter and the first random number.

32. An apparatus according to claim 30 or 31, wherein the security parameter is a pre-shared key PSK between the first node and the second node; the PSK corresponds to a first PSK ID; the first information further includes the first PSKID.

33. The apparatus according to any one of claims 27 to 32, wherein the first information further includes first indication information, and the first indication information is used to indicate that the association request includes the ID ciphertext.

34. The apparatus according to any of claims 27-33, wherein the accepting unit is further configured to receive third information from the first node, the third information comprising the first identity authentication information and the second key agreement algorithm parameter;

the processing unit is further configured to determine a first key according to the second key agreement algorithm parameter and the key agreement algorithm;

the processing unit is further configured to confirm that the identity authentication of the first node passes according to the first key and the first identity authentication information;

the sending unit is further configured to send fourth information to the first node, where the fourth information includes second identity authentication information; the second identity authentication information is used for authenticating the identity of the second node.

35. A chip system, characterized in that the chip system comprises at least one processor and a communication interface, the communication interface is used for sending and/or receiving data, the at least one processor is used for calling a computer program stored in at least one memory, so that an apparatus in which the chip system is located realizes the method according to any one of claims 1-9.

36. A chip system, characterized in that the chip system comprises at least one processor and a communication interface, the communication interface is used for sending and/or receiving data, the at least one processor is used for calling a computer program stored in at least one memory, so that an apparatus in which the chip system is located realizes the method according to any one of claims 10-17.

37. A computer-readable storage medium, in which a computer program is stored which, when run on one or more processors, performs the method of any one of claims 1-9.

38. A computer-readable storage medium, in which a computer program is stored which, when run on one or more processors, performs the method of any one of claims 10-17.

39. A communication system, comprising:

a first node comprising the communication device of any one of claims 18-26;

a second node comprising a communication device according to any of claims 27-34.

Technical Field

The invention relates to the field of communication technology and internet connection, in particular to the field of short-distance wireless communication technology, such as cabin area communication. In particular to a communication method and a device.

Background

With the continuous development of society, communication technology and application present a vigorous development situation. Intelligent terminals based on wireless communication technologies, such as intelligent transportation devices, intelligent home devices, and robots, are gradually entering the daily lives of people.

In a communication system, when a node (referred to as a second node for convenience of description) accesses another node (referred to as a first node for convenience of description), the node needs to indicate its identity to a peer node, where sending an Identity (ID) of the node to the first node by the second node is a common way for the second node to indicate its identity to the first node.

However, the true identity of a node is often associated with privacy and data security in the node. For example, an attacker can track the location of a user, obtain the recently processed services of a terminal, and the like through the identity of a node, so that the privacy, personal data, and the like of the user are revealed. For example, an attacker is in the range of 10: at 00, it is monitored that the node with the ID of "N" is executing the video uploading service at A, and at 10: at time 30, it is monitored at B that the node with ID "N" is performing update service, so that it can know that the node with ID "N" is at 10: 00-10: 30, the node A arrives at the node B, so that the action track of the node with the ID of "N" can be collected, and the privacy of the user is disclosed.

Therefore, privacy protection of the identity of the node (e.g., the ID of the node) is needed to prevent an attacker from obtaining the true identity of the user.

Disclosure of Invention

The embodiment of the application provides a communication method and device, which can protect the real ID of a node from being leaked and improve data security.

In a first aspect, an embodiment of the present application provides a communication method, including:

sending a first public key and a signature of the first public key;

decrypting the ID ciphertext according to a first private key corresponding to the first public key to obtain the ID of the second node;

The ID of the second node is a permanent ID (or also called a real ID, a fixed ID) of the second node, for example, an International Mobile Equipment Identity (IMEI) of a Mobile phone terminal may be understood as the permanent ID of the Mobile phone terminal, and the Identity of the node may be identified by the permanent ID.

In the embodiment of the application, the second node can protect the ID through the first public key to obtain the ID ciphertext, so that the real ID is not directly transmitted, and the source and the integrity of the first public key can be protected through the signature of the first public key. Further, the second node may verify the first public key according to the signature of the first public key, and then transmit the ID by using a "public key encryption, private key decryption" method. Therefore, the real ID of the second node can be obtained by decrypting the ID ciphertext, and the temporary ID can be used for marking the identity of the second node in subsequent communication, so that the real ID of the node is protected from being leaked, and the data security is improved.

In a specific implementation process, the first information may also be referred to as association request information (also referred to as association request message in a specific scenario), and the second information may also be referred to as association establishment information (also referred to as association establishment message in a specific scenario).

In a possible implementation manner of the first aspect, the first public key is a temporary public key, and the first private key is a temporary private key.

Wherein, the temporary secret key (including a temporary public key and a temporary private key) is a short-term secret key. The temporary key may specifically be a key with a short lifetime, for example, a key with a lifetime of 1 hour. The temporary key may also be a key that is encrypted a small number of times, for example a key that can only be used to encrypt 1 time, or a key that is only used to encrypt data units (data units) with a sequence number of 1-100.

It can be seen that because the existence duration of the temporary key is usually short, compared with the long-term key, the temporary key is not easy to be cracked, so that the privacy of the real ID can be improved by encrypting the real ID by using the temporary public key. In addition, since the long-term key is usually used for a long time, when the long-term key is cracked, all data of communication using the long-term key is affected, and the long-term key does not have forward security. The existing time of the temporary key is usually short, so that the safety of communication data before the temporary key is used is not influenced even if the temporary key is cracked, and the data safety is improved.

In yet another possible implementation of the first aspect, the first public key is a one-time public key and the first private key is a one-time private key.

It can be seen that the first public key and the first private key used in the embodiment of the present application may be one-time keys, i.e. only used for encryption and decryption of the ID. For example, after the ID ciphertext is decrypted by using the first private key, the first private key can be deleted, so that the private key is not easy to be broken, the real ID of the node is protected from being leaked, and the data security is improved.

In yet another possible implementation manner of the first aspect, the first public key is signed based on a private key corresponding to a Digital Certificate (DC), so as to obtain a signature of the first public key;

transmitting the DC to the second node.

A digital Certificate (also referred to as a security Certificate) is a digital Certificate that identifies an identity, and is a relatively authoritative and fair Certificate issued by a Certificate Authority (CA) center.

It can be seen that DC can be used to verify the origin of the first public key. For example, the certificate authority generates a DC for a public key PK of a first node and some information (e.g., description information of the first node, etc.), and the second node uses a key pair corresponding to the DC (i.e., a private key SK corresponding to the public key PK), and may determine that the first public key originates from the first node by means of "private key signature, public key signature verification".

In a specific embodiment, a long-term key pair (a long-term public key PK and a long-term private key SK) exists in the first node, the CA center authenticates the long-term public key PK, and the CA center encrypts the long-term public key PK with some related information (e.g., description information of the first node) by using its own private key cpk to generate the DC. The first node generates a signature of a first public key by using a private key corresponding to the certificate, the first public key, the signature of the first public key and the DC are sent to the second node, the second node decrypts the certificate by using a public key csk of a CA center, the DC can be determined to be issued by the CA, and a long-term public key PK in the DC is determined to be the public key of the first node, so that the source of the long-term public key PK is authenticated. The second node verifies the signature of the first public key using the long-term public key to determine that the first public key is from the first node, thereby encrypting the ID using the first public key.

In yet another possible implementation manner of the first aspect, the first information further includes first indication information, and the first indication information is used to indicate that the association request information includes the ID ciphertext.

Alternatively, the first indication information may be a first field included in the first information. For example, a value of "0" in the first field indicates that the first information includes the ID ciphertext. In this way, the first node may determine whether to perform the step of decrypting the ID ciphertext by parsing the first information. Further, when the value of the first field is "1", it is indicated that the first information includes the temporary ID. For another example, the first information may include an ID type, and the ID type may be one or more of an ID ciphertext, a temporary ID, and the like.

In yet another possible implementation of the first aspect, the method further comprises:

determining that the identity authentication of the second node passes;

assigning the temporary ID to the second node.

In yet another possible implementation manner of the first aspect, the first information further includes a first key agreement parameter; the determining that the identity authentication of the second node passes comprises:

determining a first key according to the first key negotiation parameter and a key negotiation algorithm;

receiving fourth information from the second node, wherein the fourth information comprises second identity authentication information;

and confirming that the identity authentication of the second node passes according to the second identity authentication information.

It can be seen that a first key may be generated by key agreement, and first authentication information may be generated using the first key, and the first authentication information may be used for the second node to verify identity. Furthermore, the identity of the second node can be verified through the second identity authentication information, if an attacker wants to impersonate the identity of the second node, the attacker cannot forge the first key and cannot pass the identity verification, so that the communication with an untrusted node is avoided, and the data security of the node is improved.

In a specific implementation process, the third information may also be referred to as security context request information (in a specific scenario, may also be referred to as a security context request message), and the fourth information may also be referred to as security context response information (in a specific scenario, may also be referred to as a security context response message).

In yet another possible implementation of the first aspect, the method further comprises:

fifth information is received from the second node, the fifth information indicating that the association is complete. Further, the fifth information may be referred to as association completion information (in a specific scenario, also referred to as an association completion message).

In a second aspect, an embodiment of the present application provides a communication method, which may be further applied in a first node, including:

decrypting the ID ciphertext according to the first protection key to obtain the ID of the second node;

Wherein the PSK is a secret value shared between the first node and the second node. It can be seen that the second node has a PSK predefined, pre-configured or pre-generated therein that is shared with the first node, so that the true ID can be encrypted using the PSK. Correspondingly, the ID ciphertext is decrypted according to the PSK, so that the real ID of the second node can be obtained, and the identity of the second node is determined. The temporary ID can be used for marking the identity of the second node during subsequent communication, so that the real ID of the node is protected from being leaked, and the data security is improved.

The first password of the first node may be regarded as an access password (password) of the first node, and specifically may be a password that is pre-configured or pre-defined by the first node in order to be accessible to the second node, or a secret value agreed between the first node and the second node. For example, in a scenario where a mobile phone accesses a router supporting a Wireless fidelity (Wi-fi) protocol, the mobile phone terminal may access the router using a "Wi-fi password", which may be understood as a first password of the router.

It can be seen that the second node may encrypt the ID of the second node based on the first password, and may thus decrypt the ID ciphertext based on the first password to obtain the ID of the second node. The node which acquires the first password is usually credible, so that the communication security can be ensured, and the temporary ID can be used for marking the identity of the second node during subsequent communication, so that the real ID of the node is protected from being leaked, and the data security is improved.

In one possible implementation manner of the second aspect, the determining the first protection key based on the security parameter includes:

and determining the first protection key according to the security parameter and the first freshness parameter.

In the above description, a decryption method is described, and since the first protection key used for decryption corresponds to the first protection key used for encryption, the first protection key used for encryption is also generated based on the security parameter and the first freshness parameter. In the encryption process, because the values of the freshness parameter are different at different moments, the first protection key for encrypting the ID of the first node every time is different, and the privacy of the group key is improved.

In yet another possible implementation manner of the second aspect, the determining the first protection key based on the security parameter includes:

and determining the first protection key according to the security parameters and a cryptographic algorithm.

In yet another possible implementation of the second aspect, the cryptographic algorithm comprises at least a hashing algorithm and/or a Key Derivation Function (KDF). For example, according to the password PW of the first node, the first protection key K1 is obtained by hashing algorithm hash, specifically for example: k1 ═ hash (pw). For another example, according to the hash value of the password PW of the first node and the first freshness parameter fresh1, the first protection key K1 is obtained through the KDF, specifically for example: k1 ═ KDF (hash (PW, fresh 1)).

In yet another possible embodiment of the second aspect, the first freshness parameter is a first random number.

In yet another possible implementation of the second aspect, the security parameter is a pre-shared key PSK between the first node and the second node; the PSK corresponds to a first PSK ID. Further, the first information further includes the first PSKID.

In yet another possible embodiment of the second aspect, the security parameter is a first password of the first node; the first password corresponds to a first password ID. Further, the first information further includes the first password ID.

In yet another possible implementation manner of the second aspect, the first information further includes first indication information, and the first indication information is used to indicate that the association request information includes the ID ciphertext.

In yet another possible embodiment of the second aspect, the method further comprises:

determining that the identity authentication of the second node passes;

assigning the temporary ID to the second node.

In yet another possible implementation manner of the second aspect, the first information further includes a first key agreement parameter; the determining that the identity authentication of the second node passes comprises:

determining a first key according to the first key negotiation parameter and a key negotiation algorithm;

receiving fourth information from the second node, wherein the fourth information comprises second identity authentication information;

and confirming that the identity authentication of the second node passes according to the first secret key and the second identity authentication information.

In yet another possible embodiment of the second aspect, the method further comprises:

In a third aspect, an embodiment of the present application provides a communication method, where the method may be further applied to a second node, and includes:

receiving a first public key from a first node and a signature of the first public key;

determining that the integrity of the first public key passes verification according to the signature of the first public key;

and receiving second information (association establishment information) from the first node, wherein the second information comprises a temporary ID corresponding to the ID of the second node, and the temporary ID is used for temporarily marking the identity of the second node.

In the embodiment of the application, the ID can be protected through the first public key to obtain the ID ciphertext, so that the real ID is not directly transmitted, and the source and the integrity of the first public key can be protected through the signature of the first public key. Further, the first public key may be verified based on the signature of the first public key, and then the ID may be transmitted using "public key encryption, private key decryption". Therefore, the first node can acquire the real ID of the second node by decrypting the ID ciphertext, and the temporary ID can be used for marking the identity of the second node in subsequent communication, so that the real ID of the node is protected from being leaked, and the data security is improved.

In a possible implementation manner of the third aspect, the first public key is a temporary public key.

In yet another possible implementation of the third aspect, the first public key is a one-time public key.

In yet another possible implementation manner of the third aspect, the determining that the one-time public key is verified according to the signature of the one-time public key includes:

receiving a digital certificate DC from the first node;

and determining that the first public key passes verification according to the public key corresponding to the DC and the signature of the first public key.

In yet another possible implementation manner of the third aspect, the first information further includes first indication information, and the first indication information is used to indicate that the association request includes the ID ciphertext.

In yet another possible implementation of the third aspect, the method further includes:

receiving third information from the first node, wherein the third information comprises first identity authentication information and second key agreement algorithm parameters;

determining a first key according to the second key negotiation algorithm parameter and the key negotiation algorithm;

confirming that the identity authentication of the first node passes according to the first key and the first identity authentication information;

In yet another possible implementation of the third aspect, the method further includes:

and sending fifth information to the first node, wherein the fifth information is used for indicating that the association is completed. Further, the fifth information may be referred to as association completion information (in a specific scenario, also referred to as an association completion message).

In a fourth aspect, an embodiment of the present application provides a communication method, which may be further applied in a second node, including:

determining a first protection key based on a security parameter, wherein the security parameter is a pre-shared key PSK between a first node and a second node or a first password of the first node;

encrypting the ID of the second node according to the first protection key to obtain an ID ciphertext;

Wherein the PSK is a secret value shared between the first node and the second node. It can be seen that the second node has a PSK predefined, pre-configured or pre-generated therein that is shared with the first node, so that the true ID can be encrypted using the PSK. Correspondingly, the first node decrypts the ID ciphertext according to the PSK so as to obtain the real ID of the second node and determine the identity of the second node. The temporary ID can be used for marking the identity of the second node during subsequent communication, so that the real ID of the node is protected from being leaked, and the data security is improved.

The first password of the first node may be regarded as an access password (password) of the first node, and specifically may be a password that is configured in advance by the first node in order to be accessible by the second node, or a secret value agreed between the first node and the second node. For example, in a scenario where a mobile phone accesses a router supporting a Wireless fidelity (Wi-fi) protocol, the mobile phone terminal may access the router using a "Wi-fi password", which may be understood as a first password of the router.

In a possible implementation manner of the fourth aspect, the determining the first protection key based on the security parameter includes:

and determining the first protection key according to the security parameter and the first freshness parameter.

In yet another possible implementation manner of the fourth aspect, the determining the first protection key based on the security parameter includes:

and determining the first protection key according to the security parameters and a cryptographic algorithm.

In yet another possible implementation of the fourth aspect, the cryptographic algorithm comprises at least a hashing algorithm and/or a Key Derivation Function (KDF). For example, according to the password PW of the first node, the first protection key K1 is obtained by hashing algorithm hash, specifically for example: k1 ═ hash (pw). For another example, according to the hash value of the password PW of the first node and the first freshness parameter fresh1, the first protection key K1 is obtained through the KDF, specifically for example: k1 ═ KDF (hash (PW, fresh 1)).

In yet another possible embodiment of the fourth aspect, the first freshness parameter is a first random number.

In yet another possible implementation of the fourth aspect, the security parameter is a pre-shared key PSK between the first node and the second node; the PSK corresponds to a first PSK ID. Further, the first information further includes the first PSKID.

In yet another possible embodiment of the fourth aspect, the security parameter is a first password of the first node; the first password corresponds to a first password ID. Further, the first information further includes the first password ID.

In yet another possible implementation manner of the fourth aspect, the first information further includes first indication information, and the first indication information is used to indicate that the association request includes the ID ciphertext.

In yet another possible implementation of the fourth aspect, the method further comprises:

receiving third information from the first node, wherein the third information comprises first identity authentication information and second key agreement algorithm parameters;

determining a first key according to the second key negotiation algorithm parameter and the key negotiation algorithm;

confirming that the identity authentication of the first node passes according to the first key and the first identity authentication information;

In yet another possible implementation of the fourth aspect, the method further comprises:

In a fifth aspect, the present application provides a communication apparatus including means for performing the method described in the first aspect or any one of the possible implementation manners of the first aspect.

In one possible implementation of the fifth aspect, the communication device includes:

a sending unit, configured to send a first public key and a signature of the first public key;

a receiving unit, configured to receive first information (association request information) from a second node (T node), where the first information includes an identification ID ciphertext corresponding to the first public key and an ID of the second node;

the processing unit is used for decrypting the ID ciphertext according to a first private key corresponding to the first public key to obtain the ID of the second node;

the sending unit is further configured to send second information (association establishment information) to the second node, where the second information includes a temporary ID corresponding to the second node, and the temporary ID is used to temporarily mark an identity of the second node.

In the embodiment of the application, the second node can protect the ID through the first public key to obtain the ID ciphertext, so that the real ID is not directly transmitted, and the source and the integrity of the first public key can be protected through the signature of the first public key. Further, the second node may verify the first public key according to the signature of the first public key, and then transmit the ID by using a "public key encryption, private key decryption" method. Therefore, the communication device can acquire the real ID of the second node by decrypting the ID ciphertext, and can mark the identity of the second node by using the temporary ID during subsequent communication, so that the real ID of the node is protected from being leaked, and the data security is improved.

In yet another possible implementation of the fifth aspect, the first public key is a temporary public key and the first private key is a temporary private key.

It can be seen that because the existence duration of the temporary key is usually short, compared with the long-term key, the temporary key is not easy to be cracked, so that the privacy of the real ID can be improved by encrypting the real ID by using the temporary public key. In addition, since the long-term key is usually used for a long time, when the long-term key is cracked, all data of communication using the key is affected, and the long-term key does not have forward security. The existing time of the temporary key is usually short, so that the safety of communication data before the temporary key is used is not influenced even if the temporary key is cracked, and the data safety is improved.

In yet another possible implementation of the fifth aspect, the first public key is a one-time public key and the first private key is a one-time private key.

In yet another possible implementation manner of the fifth aspect, the processing unit is further configured to sign the first public key based on a private key corresponding to a Digital Certificate (DC), so as to obtain a signature of the first public key;

the transmitting unit is further configured to transmit the DC to the second node.

In yet another possible implementation manner of the fifth aspect, the first information further includes first indication information, and the first indication information is used to indicate that the association request information includes the ID ciphertext.

In yet another possible implementation manner of the fifth aspect, the processing unit is further configured to:

determining that the identity authentication of the second node passes;

assigning the temporary ID to the second node.

In yet another possible implementation manner of the fifth aspect, the first information further includes a first key agreement parameter; the processing unit is further configured to determine a first key according to the first key agreement parameter and a key agreement algorithm;

the receiving unit is further configured to receive fourth information from the second node, where the fourth information includes second identity authentication information;

the processing unit is further configured to confirm that the identity authentication of the second node passes according to the first key and the second identity authentication information.

It can be seen that the communication apparatus may generate a first key through key agreement, and generate first authentication information using the first key, where the first authentication information is used for the second node to verify identity. Furthermore, the communication device can also verify the identity of the second node through the second identity authentication information, and if an attacker wants to impersonate the identity of the second node, the attacker cannot forge the first key and cannot pass the identity verification, so that the communication with an untrusted node is avoided, and the data security of the node is improved.

In a further possible implementation manner of the fifth aspect, the receiving unit is further configured to receive fifth information from the second node, where the fifth information is used to indicate that association is completed. Further, the fifth information may be referred to as association completion information (in a specific scenario, also referred to as an association completion message).

In a sixth aspect, the present application provides a communication device that includes means for performing the method described in any one of the possible implementation manners of the first aspect or the second aspect.

In one possible implementation of the sixth aspect, the communication device includes:

the processing unit is further configured to decrypt the ID ciphertext according to the first protection key to obtain the ID of the second node;

It can be seen that the second node has a PSK predefined, pre-configured or pre-generated therein that is shared with the first node, so that the true ID can be encrypted using the PSK. Correspondingly, the communication device can decrypt the ID ciphertext according to the PSK, so as to obtain the real ID of the second node and determine the identity of the second node. The temporary ID can be used for marking the identity of the second node during subsequent communication, so that the real ID of the node is protected from being leaked, and the data security is improved.

In another possible implementation manner of the sixth aspect, the processing unit is specifically configured to:

and determining the first protection key according to the security parameter and the first freshness parameter.

In another possible implementation manner of the sixth aspect, the processing unit is specifically configured to:

and determining the first protection key according to the security parameters and a cryptographic algorithm.

In yet another possible implementation of the sixth aspect, the cryptographic algorithm comprises at least a hashing algorithm and/or a Key Derivation Function (KDF). For example, according to the password PW of the first node, the first protection key K1 is obtained by hashing algorithm hash, specifically for example: k1 ═ hash (pw). For another example, according to the hash value of the password PW of the first node and the first freshness parameter fresh1, the first protection key K1 is obtained through the KDF, specifically for example: k1 ═ KDF (hash (PW, fresh 1)).

In yet another possible embodiment of the sixth aspect, the first freshness parameter is a first random number.

In yet another possible implementation of the sixth aspect, the security parameter is a pre-shared key PSK between the first node and the second node; the PSK corresponds to a first PSK ID; the first information further includes the first PSKID.

In yet another possible implementation manner of the sixth aspect, the first information further includes first indication information, and the first indication information is used to indicate that the association request information includes the ID ciphertext.

In yet another possible implementation manner of the sixth aspect, the processing unit is further configured to:

determining that the identity authentication of the second node passes;

assigning the temporary ID to the second node.

In yet another possible implementation manner of the sixth aspect, the first information further includes a first key agreement parameter; the processing unit is further configured to determine a first key according to the first key agreement parameter and a key agreement algorithm;

the receiving unit is further configured to receive fourth information from the second node, where the fourth information includes second identity authentication information;

the processing unit is further configured to confirm that the identity authentication of the second node passes according to the first key and the second identity authentication information.

In yet another possible implementation manner of the sixth aspect, the receiving unit is further configured to receive fifth information from the second node, where the fifth information is used to indicate that association is completed. Further, the fifth information may be referred to as association completion information (in a specific scenario, also referred to as an association completion message).

In a seventh aspect, this application provides a communication apparatus that includes means for performing the method described in any one of the possible implementation manners of the first aspect or the third aspect.

In a possible implementation manner of the seventh aspect, the communication device includes:

a receiving unit, configured to receive a first public key from a first node and a signature of the first public key;

the processing unit is used for determining that the integrity of the first public key passes the verification according to the signature of the first public key;

the receiving unit is further configured to receive second information (association establishment information) from the first node, where the second information includes a temporary ID corresponding to an ID of the second node, and the temporary ID is used to temporarily mark an identity of the second node.

In the embodiment of the application, the device can protect the ID through the first public key to obtain the ID ciphertext, so that the real ID is not directly transmitted, and the source and the integrity of the first public key can be protected through the signature of the first public key. Further, the above-mentioned device may verify the first public key according to the signature of the first public key, and then transmit the ID by using the "public key encryption, private key decryption". Therefore, the first node can acquire the real ID of the second node by decrypting the ID ciphertext, and the temporary ID can be used for marking the identity of the second node in subsequent communication, so that the real ID of the node is protected from being leaked, and the data security is improved.

In a possible implementation manner of the seventh aspect, the first public key is a temporary public key.

In yet another possible implementation of the seventh aspect, the first public key is a one-time public key.

In a further possible implementation manner of the seventh aspect, the receiving unit is further configured to receive a digital certificate DC from the first node;

the processing unit is further configured to determine that the first public key passes verification according to the public key corresponding to the DC and the signature of the first public key.

In yet another possible implementation manner of the seventh aspect, the first information further includes first indication information, and the first indication information is used to indicate that the association request includes the ID ciphertext.

In yet another possible implementation manner of the seventh aspect, the receiving unit is further configured to receive third information from the first node, where the third information includes the first identity authentication information and the second key agreement algorithm parameter;

the processing unit is further configured to determine a first key according to the second key agreement algorithm parameter and the key agreement algorithm;

the processing unit is further configured to confirm that the identity authentication of the first node passes according to the first key and the first identity authentication information;

In yet another possible implementation manner of the seventh aspect, the sending unit is further configured to send fifth information to the first node, where the fifth information is used to indicate that association is completed. Further, the fifth information may be referred to as association completion information (in a specific scenario, also referred to as an association completion message).

In an eighth aspect, the present application provides a communication apparatus including means for performing the method described in any one of the possible implementation manners of the first aspect or the fourth aspect.

In one possible implementation of the eighth aspect, the communication device includes:

the processing unit is further configured to encrypt an identity ID of the second node according to the first protection key to obtain an ID ciphertext;

It can be seen that the second node has a PSK predefined, pre-configured, or pre-generated therein to be shared with the first node, and thus the above-mentioned communication apparatus can encrypt the real ID using the PSK. Correspondingly, the first node decrypts the ID ciphertext according to the PSK so as to obtain the real ID of the second node and determine the identity of the second node. The temporary ID can be used for marking the identity of the second node during subsequent communication, so that the real ID of the node is protected from being leaked, and the data security is improved.

In a possible implementation manner of the eighth aspect, the processing unit is specifically configured to:

and determining the first protection key according to the security parameter and the first freshness parameter.

In another possible implementation manner of the eighth aspect, the processing unit is specifically configured to:

and determining the first protection key according to the security parameters and a cryptographic algorithm.

In yet another possible implementation of the eighth aspect, the cryptographic algorithm includes at least a hashing algorithm and/or a Key Derivation Function (KDF). For example, according to the password PW of the first node, the first protection key K1 is obtained by hashing algorithm hash, specifically for example: k1 ═ hash (pw). For another example, according to the hash value of the password PW of the first node and the first freshness parameter fresh1, the first protection key K1 is obtained through the KDF, specifically for example: k1 ═ KDF (hash (PW, fresh 1)).

In yet another possible embodiment of the eighth aspect, the first freshness parameter is a first random number.

In yet another possible implementation of the eighth aspect, the security parameter is a pre-shared key PSK between the first node and the second node; the PSK corresponds to a first PSK ID; the first information further includes the first PSKID.

In yet another possible implementation manner of the eighth aspect, the first information further includes first indication information, and the first indication information is used to indicate that the association request includes the ID ciphertext.

In yet another possible implementation manner of the eighth aspect, the receiving unit is further configured to receive third information from the first node, where the third information includes the first identity authentication information and the second key agreement algorithm parameter;

the processing unit is further configured to determine a first key according to the second key agreement algorithm parameter and the key agreement algorithm;

the processing unit is further configured to confirm that the identity authentication of the first node passes according to the first key and the first identity authentication information;

In yet another possible implementation manner of the eighth aspect, the sending unit is further configured to send fifth information to the first node, where the fifth information is used to indicate that association is completed. Further, the fifth information may be referred to as association completion information (in a specific scenario, also referred to as an association completion message).

In a ninth aspect, an embodiment of the present application provides a communication apparatus, including at least one processor and a communication interface, where the at least one processor is configured to invoke a computer program stored in at least one memory, so as to enable the communication apparatus to implement the method described in the first aspect or any one of the possible embodiments of the first aspect, or to implement the method described in the second aspect or any one of the possible embodiments of the second aspect.

In a tenth aspect, an embodiment of the present application provides a chip system, which includes at least one processor and a communication interface, where the at least one processor is configured to invoke a computer program stored in at least one memory, so as to enable an apparatus in which the chip system is located to implement the method described in the first aspect or any one of the possible implementations of the first aspect, or to implement the method described in the second aspect or any one of the possible implementations of the second aspect.

In an eleventh aspect, an embodiment of the present application further provides an information transmission system, where the information transmission system includes a first node and a second node, where the first node includes the communication device described in any one of the possible implementations of the third aspect or the third aspect, and the second node includes the communication device described in any one of the possible implementations of the fourth aspect or the fourth aspect.

In a twelfth aspect, the present application discloses a computer-readable storage medium, in which a computer program is stored, which, when running on one or more processors, implements the method described in the first aspect or any one of the possible implementations of the first aspect, or implements the method described in the second aspect or any one of the possible implementations of the second aspect, or implements the method described in any one of the possible implementations of the third aspect or the third aspect, or implements the method described in any one of the possible implementations of the fourth aspect or the fourth aspect.

In a thirteenth aspect, the present application discloses a computer program product, which when run on one or more processors implements the method described in the first aspect or any one of the possible implementations of the first aspect, or implements the method described in the second aspect or any one of the possible implementations of the second aspect, or implements the method described in any one of the possible implementations of the third aspect or the third aspect, or implements the method described in any one of the possible implementations of the fourth aspect or the fourth aspect.

In a fourteenth aspect, the present application discloses a terminal, which may be a smart car product, a vehicle, or the like, and the terminal includes a first node and/or a second node, where the first node (e.g., one or more of modules such as a camera, a screen, a microphone, a sound, a radar, an electronic key, keyless entry, a start-up system controller, and a user equipment UE) includes the apparatus described in any one of the possible embodiments of the third aspect or the third aspect, and the second node (e.g., a base station, a car cockpit area controller CDC, and the like) includes the communication apparatus described in any one of the possible embodiments of the fourth aspect or the fourth aspect. Alternatively, the vehicle can be replaced by an intelligent terminal or a transportation tool such as an unmanned aerial vehicle and a robot.

Drawings

The drawings used in the embodiments of the present application are described below.

Fig. 1 is a schematic architecture diagram of a communication system according to an embodiment of the present application;

fig. 2 is a schematic view of a usage scenario of a communication method according to an embodiment of the present application;

fig. 3 is a flowchart illustrating a communication method according to an embodiment of the present application;

fig. 4 is a schematic flowchart of another communication method provided in an embodiment of the present application;

fig. 5 is a flowchart illustrating a further communication method according to an embodiment of the present application;

fig. 6 is a flowchart illustrating a further communication method according to an embodiment of the present application;

fig. 7 is a flowchart illustrating a further communication method according to an embodiment of the present application;

fig. 8 is a schematic structural diagram of a communication device according to an embodiment of the present application;

fig. 9 is a schematic structural diagram of another communication device provided in an embodiment of the present application;

fig. 10 is a schematic structural diagram of another communication device provided in an embodiment of the present application;

fig. 11 is a schematic structural diagram of another communication device provided in an embodiment of the present application;

fig. 12 is a schematic structural diagram of another communication device according to an embodiment of the present application.

Detailed Description

The embodiments of the present application will be described below with reference to the drawings. In this application, the words "exemplary" or "such as" are used to mean serving as an example, instance, or illustration. Any embodiment or design described herein as "exemplary" or "such as" is not necessarily to be construed as preferred or advantageous over other embodiments or designs, and the use of the word "exemplary" or "such as" is intended to present relevant concepts in a concrete fashion.

The related art and terminology related to this application will be briefly introduced below to facilitate understanding.

One, node (node)

The node is an electronic device with data processing transceiving capability, and may include a terminal device or a network side device. For example, the node may be a car cabin (cockpit domain) device, or a module in the car cabin device (e.g., one or more of a cabin zone controller (CDC), a camera, a screen, a microphone, a stereo, an electronic key, a keyless entry or start system controller, etc.). In a specific implementation process, the node may also be a data relay device, such as a base station, a router, a repeater, a bridge, or a switch; or may be a terminal device, such as various types of User Equipment (UE), a mobile phone (mobile phone), a tablet computer (pad), a desktop computer, an earphone, a sound device, etc.; machine intelligence devices such as a self-driving (self-driving) device, a transportation safety (transportation safety) device, a Virtual Reality (VR) terminal device, an Augmented Reality (AR) terminal device, a Machine Type Communication (MTC) device, an industrial control (industrial control) device, a remote medical (remote medical) device, a smart grid (smart grid) device, a smart city (smart city) device; wearable devices (e.g., smartwatches, smartbands, pedometers, etc.) and the like may also be included.

In some technical scenarios, names of devices with similar data transceiving capabilities may not be referred to as nodes, but for convenience of description, electronic devices with data transceiving capabilities are referred to as nodes in the embodiments of the present application.

Second, cipher algorithm

A cryptographic algorithm may be a mathematical function, also referred to as a cryptographic function, used for one or more of encryption, or decryption, or generating a key, or deriving a password, etc. Common cryptographic algorithms include hash algorithms, encryption algorithms, authentication algorithms, Key derivation algorithms (KDFs), authentication algorithms, or the like.

(1) Hashing algorithm

The Hash algorithm is also called Hash (Hash) function and Hash algorithm, and can convert information with any length into an identifier, and the reverse rule is difficult to find.

(2) Encryption (encryption) algorithm

The encryption algorithm includes a symmetric encryption algorithm and an asymmetric encryption algorithm. Generally, the encryption key and the decryption key of a symmetric encryption algorithm are the same, the encryption key and the decryption key of an asymmetric encryption algorithm are different, and besides, a type of hash algorithm which does not need a key exists. Common symmetric encryption algorithms mainly include Data Encryption Standard (DES), triple data encryption algorithm (3 DES), Advanced Encryption Standard (AES), etc., common asymmetric algorithms mainly include RSA encryption algorithm, data structure analysis algorithm (DSA), etc., and hash algorithms mainly include secure hash algorithm (SHA-1), information digest (MD) algorithm (such as MD2, MD4, MD5, etc.), etc.

(3) Integrity protection algorithm

The integrity protection algorithm is an algorithm for protecting the integrity of a message, and may also be referred to as a MAC (message authentication code) algorithm or a completion protection algorithm. For example, an integrity protection algorithm implemented by a hash algorithm is referred to as a hash-based message authentication code (HMAC) algorithm, where the hash algorithm may be one of MD5, SHA-1, SHA-256, and so on, and these different HMAC implementations are generally labeled as: HMAC-MD5, HMAC-SHA1, HMAC-SHA256, and the like.

In some specific scenarios, the authentication encryption algorithm can be used for encrypting data and generating a message authentication code for a given original text, so that the authentication encryption algorithm can be used as an encryption algorithm and a security algorithm. For example, the message may be authenticated and encrypted by using an AES algorithm (AES-Galois/counter Mode, AES-GCM) based on GMAC and a counter encryption Mode, an AES algorithm (AES-CMAC/counter Mode, AES-CCM) based on CMAC and a counter encryption Mode, and the MAC may be generated to protect the integrity of the message during the authenticated and encrypted process.

(4) Key derivation algorithm

Key derivation algorithms, also called key derivation algorithms, are used to derive one or more secret values from a secret value. For example, the new secret value DK derived by the secret value Key can be expressed as: DK ═ kdf (key). Commonly used key derivation algorithms include password-based key derivation function (PBKDF), scripture (scrypt) algorithm, etc., wherein the PBKDF algorithm further includes first-generation PBKDF1 and second-generation PBKDF 2. Optionally, some KDF algorithms use a hash algorithm to hash the input secret value during the key derivation process, so that the KDF function may also receive an algorithm identifier as an input to indicate which hash algorithm to use.

(5) Key agreement algorithm

The key agreement is a process of obtaining a key through the interaction of a part of parameters between two communication parties. The algorithm for key agreement is called key agreement algorithm, which may also be called key exchange algorithm. Commonly used key agreement algorithms are Diffie-Hellman (DH) algorithm, Diffie-Hellman (ECDH) algorithm based on Elliptic Curve Cryptography (ECC), Oakley (Oakley) algorithm, and cryptographic algorithms (e.g. SM1, SM2, SM3, and SM 4).

Taking DH algorithm as an example, two nodes use two prime numbers p and a random number g with larger values, and generate random numbers a and b respectively. The first node generates a value a to the power a mod P of g (a ═ g)^amod p) to a second node, which generates a value B to the power B of g mod p (B ═ g)^bmod p) to the first node, which then performs a-th power operation on the received result (K ═ B)^amod p), the second node performs b-th power operation on the received result (K equals to a)^bmod p) since K ═ A^b mod p＝(g^a mod p)^b mod p＝g^ab mod p＝(g^b mod p)^a mod p＝B^amod p so the key K computed by the first and second nodes is the same.

In this case, if the attacker obtains a through a, g, and p, the formula of a is calculated as: a log_g ^Amodp, since the logarithm operation does not have a fast calculation algorithm, and the prime number p and the random number g are usually large in value, it is difficult for an attacker to obtain a through the logarithm operation and the modulus operation by using a, the prime number p and the random number g. The key K obtained by the DH algorithm is therefore secure.

Third, freshness parameter

The freshness parameter is used to generate a key, an authentication parameter, and the like, may also be referred to as freshness or freshness parameter, and may include at least one of a random number (NONCE), a count value (counter), a serial number (serial number), a sequence number (sequence number), and the like. Where NONCE is a random number that is used only once (or not repeated). The freshness parameters generated at different times are usually different, that is, the specific value of the freshness parameter changes every time the freshness parameter is generated, so that the freshness parameter used for generating the key (or the authentication parameter and the like) at this time is different from the freshness parameter used for generating the key (or the authentication parameter and the like) at the last time, and the security of the generated key can be improved.

For example, the freshness parameter may be a random number that the node acquires through a random number generator (random number generator).

Four, digital certificate

A digital Certificate (also referred to as a security Certificate) is a digital Certificate that identifies an identity and is a relatively authoritative and fair Certificate issued by a Certificate Authority (CA) center.

For example, a long-term key pair (a long-term public key PK and a long-term private key SK) exists in the first node, the CA center authenticates the long-term public key PK, and encrypts the long-term public key PK with some related information (e.g., description information of the first node) by using its own private key cpk to generate the DC. The first node generates a signature of the first public key (i.e., a "private key signature") using a private key corresponding to the certificate, sends the first public key, the signature of the first public key, and the DC to the second node, and the second node decrypts the certificate using a public key csk of the CA center, so as to determine that the DC is issued by the CA, and determine that a long-term public key PK in the DC is the public key of the first node, thereby authenticating the source of the long-term public key PK. The second node verifies the signature of the first public key using the long-term public key PK (i.e., "public key verification"), thereby determining that the first public key is from the first node.

It should be noted that, the terms "authentication", "verification" and "verification" in the embodiments of the present application may represent whether the check is correct or reasonable. In the embodiments of the present application, the association indicates a process of establishing a connection between a first node and a second node, and in some specific technical scenarios, the association may also be described as "access".

The system architecture and service scenario of the embodiment of the present application are described below. It should be noted that the system architecture and the service scenario described in the present application are for more clearly illustrating the technical solution of the present application, and do not constitute a limitation to the technical solution provided in the present application, and as a person having ordinary skill in the art knows, along with the evolution of the system architecture and the appearance of a new service scenario, the technical solution provided in the present application is also applicable to similar technical problems.

Referring to fig. 1, fig. 1 is a schematic diagram of a possible communication system provided by an embodiment of the present application, where the communication system includes a first node 101 and a second node 102. The first node 101 and the second node 102 may communicate, wherein the link for communication between the first node 101 and the second node 102 may comprise various types of connection media, including wired links (e.g., optical fibers), wireless links, or a combination of wired and wireless links, etc. For example, the short-range connection technology may include 802.11b/g, bluetooth (Blue Tooth), Zigbee (Zigbee), Radio Frequency Identification (RFID), Ultra Wideband (UWB), short-range wireless communication System (e.g., vehicle-mounted short-range wireless communication System), and the like, and the long-range connection technology may also include Global System for Mobile communication (GSM), General Packet Radio Service (GPRS), Universal Mobile Telecommunications System (UMTS), and the like.

Of course, there are other wireless communication technologies that may be used to support the first node 101 in communication with the second node 102. In some specific implementation scenarios, the second node 102 may also be referred to as a C node or a control node, and the first node 101 may also be referred to as a T node or a terminal. The communication link of a C node to a T node may be referred to as a C link, and the communication link of a T node to a C node may be referred to as a T link.

The second node 102 may request an association with the first node 101, at which time the second node 102 needs to indicate its identity to the first node 101. Generally, the second node 102 may indicate its identity to the first node 101 by sending its ID to the first node 101. However, the real identity of the nodes (e.g. the first node 101, the second node 102) is usually related to privacy and data security in the nodes, and the privacy, personal data and the like of the user can be leaked due to the stolen ID of the node.

For example, referring to fig. 2, fig. 2 is a schematic diagram of a scenario of wireless communication in a vehicle provided in an embodiment of the present application, where a Cabin Domain Controller (CDC) 201 of the vehicle is a control center in an intelligent cabin device, and may be regarded as a first node 101; one of the microphones 202 in the vehicle that supports wireless communication technology may be considered a second node 102. The microphone 202 may communicate with the CDC201, however, communication may require identification of the correspondent node, and in such cases, if the microphone 202 communicates with the CDC201 using its own permanent ID, an attacker may listen to and obtain the privacy of the user (e.g., the owner of the vehicle) from the ID. For example, an attacker is in the range of 10: at 00, it is monitored that the microphone 202 is performing an audio upload service at a, and again at 10: at 30, it is monitored at B that the microphone 202 is performing the update service, so that it can be known that the microphone 202 is at 10: 00-10: 30 reaches from a to B, so that the action track of the microphone 202 can be collected, the position and the action track of the vehicle are exposed, even the active time period is recorded, and the like, and the privacy of the user is disclosed.

Referring to fig. 3, fig. 3 is a flowchart illustrating a communication method according to an embodiment of the present application, and further, the method may be implemented based on the architecture shown in fig. 1. The method at least comprises the following steps:

step S301: the first node sends the first public key and a signature of the first public key.

Specifically, the first public key and the first private key are a key pair, the ciphertext encrypted by the first public key may be decrypted by using the first private key, and the ciphertext encrypted by the first private key may be decrypted by using the first public key. Typically, the first public key is made public to the outside and is therefore called the public key, while the first private key is kept private by itself and is therefore called the private key.

Alternatively, the first public key may be a temporary public key, e.g., the first node determines a temporary key (temporary key) pair comprising a temporary public key and a first temporary private key. The temporary key (including the temporary public key and the temporary private key) is a short-term key, and may be a key with a short lifetime, for example, a key with a lifetime of 1 hour, or may also be a key with a small number of encryptions, for example, a key that can only be used for encrypting 1 time, or a key that is only used for encrypting data units (data units) with serial numbers of 1 to 100. The lifetime of the temporary key pair is not specifically limited in the present application.

Further optionally, the first public key and the first private key are one time keys (one time keys), that is, keys that are normally used only once or that are invalidated or deleted after being used once. For example, after the first public key OTpk is used to encrypt the data a, the first public key OTpk is deleted; after the data a is decrypted by using the first private key OTsk, the first private key OTsk may be deleted. Therefore, the first public key can be used for encryption once and the first private key can be used for decryption once, so that the first private key is not easy to be broken, and the data security is improved.

The signature of the first public key may be used to verify the first public key. Specifically, the signature of the first public key may be obtained by signing the first public key based on a private key corresponding to a digital certificate (DC, which may also be referred to as a certificate). For example, the public key PK (which may be a long-term public key or a temporary public key) of the first node is signed by a private key of a Certificate Authority (CA) center to obtain the Certificate DC. The first node signs the first public key by using a private key SK corresponding to PK of the certificate DC to obtain a signature S of the first public key. The subsequent second node may verify the signature S using the public key of the certificate DC to determine that the first public key is from the first node. For example, taking the first public key as OTpk, S ═ Sign (SK, OTpk) is taken as an example. Wherein Sign is a digital signature algorithm.

The first node may send the first public key and the signature of the first public key to the second node in a unicast manner, or may send the first public key and the signature of the first public key in a broadcast or multicast manner. Accordingly, the second node receives the first public key and the signature of the first public key from the first node. Optionally, the first node may also transmit a DC, and correspondingly, the second node receives the DC from the first node.

Optionally, the first node may send the access information to the second node in a unicast (unicast) manner, or send the access information in a multicast (multicast) manner, or send the broadcast information in a broadcast (broadcast) manner. The unicast mode generally has only one sender and one receiver, and is specifically embodied that a destination address of a data unit sent in unicast is an address of an interface of the receiver, for example, a first node sends Access information to a second node through unicast, where the data unit of the Access information includes an Internet Protocol (IP) address of the second node and/or a Media Access Control (MAC) address of the second node. The multicast (or multicast in some scenarios) is usually a sender and a group of designated receivers, and the destination address of the data unit sent in multicast is a multicast address (the multicast address may identify the address of a group of interfaces, and in some scenarios, is a reserved D-type address), and the data unit sent to the multicast address is sent to the group of interfaces identified by the address. The Broadcast mode is usually a sender and all receivers in the subnet, and the Broadcast Address (Broadcast Address) is an Address dedicated to simultaneously transmitting to all workstations in the network. Specifically, the destination address of the data unit sent during broadcasting is a broadcast address, for example, in a network using a Transmission Control Protocol/Internet Protocol (TCP/IP) Protocol, an IP address with a host ID of all 1 is a broadcast address, and the data unit sent to the broadcast address is sent to all nodes related to the host ID segment. For example, for the segment 10.1.1.0(255.255.255.0), whose broadcast address is 10.1.1.255(255 is 11111111 in 2), when a data unit with a destination address of 10.1.1.255 is sent, it will be distributed to all nodes on the segment.

Further optionally, the access information or the broadcast information includes the first public key and a signature of the first public key, and may further include one or more of a DC, an identity of the first node, description information of the first node, or information indicating access of other nodes.

In one possible design, the first public key and the first private key may be determined by the first node, for example, the first node may periodically or aperiodically generate a key pair (including the first public key and the first private key). In practice, there are at least the following possibilities:

the first condition is as follows: the first node may determine one or more key pairs and determine an identity of the key pair. The second node may encrypt the data using the first public key in any one of the one or more key pairs to obtain a ciphertext, and when sending the ciphertext to the first node, the second node carries a key pair identifier corresponding to the used first public key. For example, the first node may generate a key pair non-periodically (e.g., based on configuration or demand) or periodically (e.g., ten minutes or a predefined duration) and configure the identity of the key pair. As another example, the first node may determine the key pair each time it receives a response from the second node. Further, the identity of the key pair may also be determined or determined by means of determining the identity of the key pair. Since the key used by the second node may be any one of the previously received multiple first public keys, the second node also carries the identifier of the key pair when sending the ciphertext encrypted by the first public key, which is convenient for the first node to determine the first private key for decrypting the ciphertext by using the identifier of the key pair.

Case two: the first node determines a key pair (or alternatively an identity of the key pair) for the second node and sends the first public key of the key pair and/or the identity of the key pair to the second node. The second node encrypts data using the first public key of the key pair, and since the key pair is determined by the first node for the second node, the first node decrypts the ciphertext using the first private key of the key pair when receiving the ciphertext from the second node.

For example, the first node may send broadcast information, where the broadcast information includes an identifier, an address, or description information of the first node, and the second node sends response information to the first node based on the broadcast information, and the first node receives the response information, determines a key pair for the second node, and sends the first public key in the key pair to the second node. When the subsequent first node receives the ciphertext from the second node, the ciphertext may be decrypted using the first private key of the key pair determined for the second node. Further, the response message may include an IP address of the second node, the first node sends the first public key to the second node through the IP address, and when a ciphertext from the IP address is subsequently received, the ciphertext may be decrypted using the first private key.

As another example, the first node determines a key pair and an identification of the key pair for the second node, and the key pair and the identification of the key pair may be stored in a third-party device (e.g., a server, a key distribution center, etc.). The first node sends the identifier of the key pair to the second node, and the second node can acquire the first public key in the key pair from the third-party equipment through the identifier of the key pair.

Case three: the first node determines one or more key pairs, sends a first public key of the key pairs in a broadcast, multicast or unicast mode, and encrypts the cipher text from the second node by using a first private key which is the latest (or the time distance of the determined key is the shortest now). Further, in the case where multiple key pairs are determined, the key pairs may have a certain validity period or usage duration, and when an old key pair expires, a new key pair is applied.

Step S302: and the second node determines that the first public key passes the verification according to the signature of the first public key.

In particular, the second node may determine that the first public key is from the first node and/or determine that the integrity of the first public key is verified based on the signature of the first public key.

In a possible implementation manner, the second node obtains the certificate DC, verifies the certificate according to the CA center, verifies the signature of the first public key according to the public key corresponding to the certificate if the certificate passes the verification, and determines that the first public key is from the first node and has not been tampered (i.e., the integrity verification passes) if the signature of the first public key passes the verification.

Step S303: and the second node encrypts the ID of the second node by using the first public key to obtain an ID ciphertext.

The ID of the second node is a permanent ID (also referred to as a real ID or a fixed ID) of the second node, for example, an International Mobile Equipment Identity (IMEI) of the Mobile phone terminal may be understood as the permanent ID of the Mobile phone terminal, and the Identity of the node may be identified by the permanent ID. For another example, the permanent ID of the second node may also be a MAC address of the second node, a device ID of the second node, or other identifier, character string, or address that can identify the second node.

Taking the first public key as the one-time public key OTpk as an example, the second node encrypts the ID (permanent ID) of the second node by using the first public key OTpk to obtain an ID ciphertext IDc, for example: IDc (OTpk, ID), where Enc is an encryption algorithm. Further optionally, the encryption algorithm may be obtained by a pre-negotiation between the first node and the second node, or may be sent by the first node to the second node through indication information (for example, carried in access information or broadcast information), or may be predefined in a protocol or standard.

Step S304: the second node sends the first information to the first node.

Specifically, the first information includes an ID ciphertext. The second node sends the first information to the first node, and correspondingly, the first node receives the first information from the second node.

Optionally, the first information may further include a first key agreement parameter (in some scenarios, the key agreement parameter may also be understood as a public key in the key agreement process), and the first key agreement parameter may be generated based on a key agreement algorithm, or obtained according to a pre-configured or pre-defined calculation manner.

Optionally, when the first public key corresponds to the identifier of the key pair, the first information further includes the identifier of the key pair corresponding to the first public key, so that the first node can determine the first private key by using the identifier of the key pair.

Further optionally, the first information further includes a freshness parameter (for convenience of description, referred to as a first freshness parameter). The first freshness parameter may include at least one of NONCE, count value (counter), serial number (serial number), sequence number (sequence number), and the like. For example, the first freshness parameter may be a random number nonce determined by the second node.

Optionally, the first information further includes first indication information, where the first indication information is used to indicate that the association request information includes the ID ciphertext. Alternatively, the first indication information may be a first field included in the first information. For example, a value of "0" in the first field indicates that the first information includes the ID ciphertext. In this way, the first node may determine whether to perform the step of decrypting the ID ciphertext by parsing the first information. Further, when the value of the first field is "1", it is indicated that the first information includes the temporary ID. For another example, the first information may include an ID type, and the ID type may be one or more of an ID ciphertext, a temporary ID, and the like.

Optionally, the first information further includes a PSK ID, and the PSKID is an ID corresponding to the PSK shared between the first node and the second node. Further, the PSKID may be used to determine the PSK, or the PSK IDs may correspond to the PSK one-to-one.

Optionally, in a specific implementation process, the first information may also be referred to as association request information (or an association request message in a specific scenario), or may also be referred to as access request information (or an access request message). The names of the messages or information are not limited in the present application, but are only exemplary for explanation and expression, and the names may be arbitrarily replaced.

Step S305: and the first node decrypts the ID ciphertext according to the first private key to obtain the ID of the second node.

Specifically, the first public key and the first private key are a key pair, so that the ciphertext encrypted by using the first public key can be decrypted by using the first private key.

Taking the first private key as the one-time private key OTsk as an example, the first node decrypts the ID ciphertext IDc using the first private key OTsk to obtain an ID (permanent ID) of the second node, for example, the ID is Dec (OTsk, IDc), where Dec is a decryption algorithm corresponding to the encryption algorithm (generally, the encryption algorithm and the decryption algorithm are the same algorithm, and different names are used here for convenience of description).

Step S306: the first node sends the second information to the second node.

Specifically, the second information includes a temporary ID assigned to the second node. Wherein the temporary ID is used to temporarily mark the identity of the second node. For example, the subsequent second node may carry the temporary ID when sending the information to the first node, and the first node may determine that the information is from the second node according to the temporary ID.

The temporary marking may refer to marking the identity of the second node with the temporary ID for a period of time, or marking the identity of the second node with the temporary ID during a certain communication period, or marking the identity of the second node with the ID when a certain service is processed. At least the following implementation modes can be realized:

implementation mode 1: the first node includes the temporary ID of the second node in the second information, and the temporary ID has a validity period, or the temporary ID has a certain use duration and/or use times. For example, the temporary ID may be used for a period of 1 hour or may be used to transmit and/or receive 1000 data units. For example, from time 10 at which the second information is transmitted: 00: 00, the temporary ID may be between 10: 00: 00-11: 00: 00 intermediate temporarily marks the identity of the second node. When the time reaches 11: 00: 00, the first node may send a new temporary ID to the second node for marking the identity of the second node within the next hour.

Implementation mode 2: the first node includes, in the second information, a temporary ID of the second node, which is used during a certain communication period. For example, the second node requests to associate with the first node, and the first node sends a temporary ID to the second node, so that during the current association between the first node and the second node, the second node is temporarily marked for its identity during communication, and when the association is broken, the second node is disabled. And the first node resends the new temporary ID when associating next time.

Implementation mode 3: the first node includes in the second information a temporary ID of the second node, the temporary ID being for use by the second node in processing the first traffic. Optionally, for nodes processing multiple services in parallel, the first node may also send multiple temporary IDs. For example, the temporary ID is used for temporarily marking the identity of the second node when the second node performs a video uploading service, and when a software upgrade is performed, the identity of the second node is marked by using other temporary IDs.

Optionally, the first node may assign a temporary ID to the second node, and send the temporary ID to the second node through the second information. Further, it is also possible to store a correspondence between an ID (permanent ID) of the second node and the temporary ID, and delete or clear the correspondence after the temporary ID is invalidated.

Optionally, the first node may determine that the identity of the second node is trusted, and assign (or determine) a temporary ID to the second node. The temporary ID may be assigned by a fixed algorithm or randomly. For example, the first node may predefine, preset, or specify according to the protocol a length and/or format (e.g., including one or more of a number, capital letter, lower case letter, etc.) of the temporary ID, and randomly assign the temporary ID to the second node according to the length and/or format.

Further, the first node may determine that the identity of the second node is trusted in a plurality of ways, for example, at least two ways:

the first method is as follows: the second node and the first node are configured in advance or acquire a pre-shared key PSK between the first node and the second node in advance, the second node can encrypt a piece of information through the PSK (for example, the first information can be encrypted, and then, for example, identity verification information, description information of the second node, or one or more pieces of predefined test information and the like are encrypted), the first node receives the encrypted piece of information, decrypts the encrypted piece of information by using the PSK shared with the second node, and if the encrypted piece of information can be successfully decrypted to acquire the piece of information, the identity of the second node is determined to be credible.

The second method comprises the following steps: the second node generates second identity authentication information according to the first identity authentication information, and the first node authenticates the identity of the second node according to the second identity authentication information (for example, the first node generates check information check1 in the same way, if the check1 is the same as the second identity authentication information, the authentication is successful), and if the authentication is successful, the identity of the second node is determined to be trusted.

In one possible design, the second node and the first node are pre-configured or pre-acquire a PSK between the first node and the second node, and the first node and the second node determine the first key through a key agreement algorithm. The first node generates a second key (or called identity authentication key Kauth) for identity authentication according to the PSK and/or the first key, and correspondingly, the second node generates the second key for identity authentication according to the PSK and/or the first key.

Specifically, the first node may generate first identity authentication information according to the second key, and the first identity authentication information may be sent to the second node, so that the second node verifies the identity of the first node according to the second key and the first identity authentication information. The second node may generate second identity authentication information according to the second key, and the second identity authentication information may be sent to the first node, so that the first node may verify the identity of the second node according to the second key and the second identity authentication information.

In a possible design, the first node may send third information to the second node, where the third information carries first identity authentication information AUTHa, where the first identity authentication information AUTHa is generated according to the second key Kauth and other information, and the other information includes one or more of the first information, a partial parameter in the first information (for example, a first freshness parameter nonce), or a partial parameter in the third information, and the like.

For example: AUTHa ═ KDF (Kauth, first information, nonce, a partial parameter in the third information), where the partial parameter in the first information, nonce, and the third information is an optional parameter. Correspondingly, after receiving the third information, the second node generates a check value check2 in the same manner, for example: check2 ═ KDF (Kauth, first information, nonce, partial parameters in the third information), where partial parameters in the first information, nonce, and the third information are optional parameters (consistent with parameters used when the first node generates). If the check value check2 is associated with the first identity authentication information AUTHa, the second node may determine that the identity of the first node is authentic.

In yet another possible design, the second node may send fourth information to the first node, where the fourth information carries second identity authentication information AUTHe, where the second identity authentication information AUTHe is generated according to the second key Kauth and other information, and the other information includes one or more of the first information, a part of parameters in the first information (e.g., the first freshness parameter nonce), the third information, a part of parameters in the third information (e.g., the second freshness parameter nonce), a part of parameters in the fourth information, and the like. For example: and (4) authf (Kauth, the first information, none, the third information, none, and a part of parameters in the fourth information), wherein the part of parameters in the first information, none, the third information, none, and the fourth information are optional parameters. Accordingly, after receiving the fourth information, the first node generates the check value check1 in the same manner, for example: check1 ═ KDF (Kauth, first information, nonce, third information, nonce, partial parameters in fourth information), where the parameter generating the check value check1 is identical to the parameter used when the second node generates AUTHe). If the check value check1 matches the second authentication information AUTHe, the first node may determine that the identity of the second node is trusted.

In various designs of the second mode, the second key Kauth may be generated by the KDF according to the first key Kdh and/or PSK, and one or more of the first freshness parameter nonce, the second freshness parameter nonce, the ID of the first node, the ID of the second node, and the key identification, etc. The key identifier is a predefined or preconfigured identifier, which indicates the kind of generated key, and may be a character string, a number, or the like.

For example, the formula for generating the second key Kauth satisfies: kauth ═ KDF (Kdh | | PSK, nonce, NOCNEa, IDa, IDe, "authentication"), where "| |" may represent string concatenation (by way of example only, and may or may not be concatenated in a particular implementation, e.g., as two input parameters respectively), IDa indicates the ID of the first node, IDe indicates the ID of the second node, and "authentication" is an optional key identification.

Alternatively, the first key Kdh may be replaced with a key Kgt derived from the first key Kdh, such as: kgt KDF (Kdh, nonocee, nonocea), or Kgt KDF (Kdh, fresh), where fresh is a freshness parameter, may be such that Kgt derived from Kdh each time is different. Further, the formula for generating the second key Kauth satisfies: kauth ═ KDF (Kgt | | PSK, nonoce, NOCNEa, IDa, IDe, "authentication"), where IDa, IDe, "authentication" are optional parameters, specific meanings can be referred to the foregoing description. It should be noted that, in order to illustrate the scheme more clearly how to obtain the key Kgt in two steps, in the actual process, it may be done in one step, and the key Kgt is only an intermediate result, i.e. the way of determining the second key Kauth is satisfied: kauth ═ KDF (Kdh, fresh) | | PSK, NONCEe, NOCNEa, IDa, IDe, "authentication").

Optionally, the second node may further send fifth information to the first node, where the fifth information is used to indicate that the association is completed or includes information used to indicate that the association is completed. Accordingly, the first node may receive fifth information from the second node to determine that the association is complete. Further, the fifth information may be referred to as association completion information (in a specific scenario, also referred to as an association completion message).

Optionally, in a possible design, one or more of the third information, the fourth information, and the fifth information may be encrypted by an encryption key of the sender, and correspondingly, the receiver decrypts by using a corresponding decryption key. Further, integrity protection can be performed through an integrity protection algorithm and an integrity protection key. For example, the fifth information may carry a first message authentication code MAC, where the MAC is obtained by performing integrity protection on data in the fifth information according to an integrity protection algorithm and an integrity protection key Kmac.

Further alternatively, the encryption/decryption key, the integrity protection key, etc. may be derived from the first key. Specifically, the key may be generated by the KDF according to the first key Kdh and/or PSK, and one or more of the first freshness parameter nonce, the second freshness parameter nonce, the ID of the first node, the ID of the second node, and a key identifier, where the key identifier may be a pre-configured or protocol-specified string, number, and the like. For example, the encryption key Kenc is generated in such a manner as to satisfy the following formula: kenc ═ KDF (Kdh | | PSK, nonocee, NOCNEa, IDa, IDe, "encryption key"), where "| |" may represent string connections (for example only, connection may or may not be performed in a specific implementation, for example as two input parameters respectively), IDa indicates the ID of the first node, IDe indicates the ID of the second node, and "encryption key" is an optional key identification. It should be noted that "encryption key" is a key identifier of an encryption key, and here, only "encryption key" is taken as an example, and other character strings, numbers, and the like may also be used in a specific implementation process, which is not limited in the present application.

For another example, the integrity protection key Kmac is generated in a manner that satisfies the following formula: the present invention provides a method for processing a key of an integrity key, which includes that Kmac ═ KDF (Kdh | | PSK, nonccee, NOCNEa, IDa, IDe, and "MACKey"), or that Kmac ═ KDF (Kgt, nonccee, NOCNEa, IDa, IDe, and "MACKey") is satisfied, where "MACKey" is a key identifier of the integrity key, and here, only "MACKey" is taken as an example, and other character strings, numbers, and the like may be used in a specific implementation process, which is not limited in this application.

In one possible design, the ciphering key and/or the integrity protection key may be generated based on the first key or based on a key derived from the first key, where PSK is not used in the derivation. For example, the encryption key Kenc is generated in such a manner as to satisfy the following formula: kenc KDF (Kgt, NONCEe, NOCNEa, IDa, IDe, "encryption key"), where key Kgt is derived from first key Kdh, and key Kgt satisfies the following formula: kgt KDF (Kdh, nonocee, nonocea), other parameters can be referred to the above description and are not repeated herein. For another example, the integrity protection key Kmac is generated in a manner that satisfies the following formula: for each parameter, reference may be made to the foregoing description, and details are not repeated herein.

In the embodiment shown in fig. 3, the second node may protect the ID through the first public key to obtain an ID ciphertext, so that the true ID is not directly transmitted, and the source and integrity of the first public key may be protected through the signature of the first public key. Further, the second node may verify the first public key according to the signature of the first public key, and then transmit the ID by using a "public key encryption, private key decryption" method. Therefore, the first node can acquire the real ID of the second node by decrypting the ID ciphertext, and the temporary ID can be used for marking the identity of the second node in subsequent communication, so that the real ID of the node is protected from being leaked, and the data security is improved.

Referring to fig. 4, fig. 4 is a flowchart illustrating a communication method according to an embodiment of the present application, and further, the method may be implemented based on the architecture shown in fig. 1. The method at least comprises the following steps:

step S401: and the second node encrypts the ID of the second node based on the security parameter to obtain an ID ciphertext.

Specifically, the security parameter is a secret value that can be obtained by both the first node and the second node, for example, the security parameter may be a pre-shared key PSK between the first node and the second node, a first password of the first node, or a default value that is assigned to the first node and the second node by a third-party device, and the like.

The PSK is a secret value pre-configured, predefined, or pre-obtained in the first node and the second node. For example, a Cockpit Domain Controller (CDC) of a vehicle and a microphone in a vehicle cabin domain are two nodes that can communicate within the vehicle, and the CDC and the microphone are already configured with a PSK in advance at a host factory, so the CDC can verify the microphone of the vehicle through the PSK. For another example, the PSK may also be obtained by both communication parties through a key obtaining manner, for example, the CDC and the mobile terminal may be associated with each other through a bluetooth technology, the CDC and the mobile terminal may generate the PSK through pairing when being associated for the first time, the subsequent mobile phone only needs to open the bluetooth, and the CDC and the mobile terminal can authenticate the identity of the other party through the PSK and establish the association without reconfiguration and the like. In addition, the PSK may be transmitted to the first node and the second node by a device (e.g., one or more of a Key Distribution Center (KDC), a vehicle configuration device, a vehicle diagnostic device, etc.).

In one possible implementation, the PSK corresponds to the identity of the first node and/or the identity of the second node. It is to be understood that the node (e.g., the first node, the second node, etc.) may store the correspondence between the PSK and the node in one or more formats of a correspondence set, a data table, a database, etc., or the node may query the PSK and the node through a third-party device (e.g., a server, a network-side device), etc., which is not limited in this application. For example, referring to table 1, table 1 is an information table of PSK in a possible second node provided in this embodiment of the present application, where the information table includes identities of a plurality of nodes, corresponding PSK, IDs of the PSK (referred to as PSKIDs in this embodiment of the present application), and types of the PSK (this is merely an example, and a specific implementation process may not include part of information therein, or may further include other information, such as one or more of configuration time, validity duration, and the like). As can be seen from table 1, the PSK shared between the second node and the node identified by the id "IDa 1" is "PSK 1", the PSKID is "PId 1", and the type of PSK is preconfigured; the PSK shared between the second node and the node identified with the identity "IDa 2" is "PSK 2", the PSKID is "PId 2", and the type of PSK is generated.

Table 1 table of information of PSK in second node

Identity label	PSK	PSKID	Type of acquisition
				IDa1	PSK1	PId1	Pre-configuration
IDa2	PSK2	PId2	Generating
				IDa3	PSK3	PId3	Generating

The first password may be regarded as an access password (password), and may be specifically a password that is pre-configured or predefined for the first node to be accessible by the second node, or a secret value agreed between the first node and the second node. For example, in a scenario where a mobile phone accesses a router supporting a Wireless fidelity (Wi-fi) protocol, the mobile phone terminal may access the router using a "Wi-fi password", which may be understood as a first password of the router. If the access password of the first node is password, the second node can generate access information through password, the second node generates verification information by using the same password and the same generation mode, and if the verification information is the same as the access information, the access password of the second node is correct, so that the second node is allowed to access the first node.

Optionally, the first password may be received by the second node by the user input, or the second node receives a password sent by another node (e.g., at least one of the server, the KDC, and the like) to the second node, or may be pre-configured in the second node (e.g., configuring a corresponding password in factory settings).

The ID of the second node is a permanent ID (also referred to as a real ID, a fixed ID, or the like) of the second node, for example, an International Mobile Equipment Identity (IMEI) of a Mobile phone terminal can be understood as a permanent ID of the Mobile phone terminal, and the Identity of the node can be identified by the permanent ID.

The second node encrypts the ID of the second node based on the security parameter to obtain an ID ciphertext, which may have at least the following possible implementation manners:

the implementation mode is as follows: and the second node encrypts the ID of the second node through an encryption algorithm according to the security parameters to obtain an ID ciphertext. Specifically, taking the security parameter as PSK as an example, the second node generates an ID ciphertext IDc according to the PSK through an encryption algorithm Enc, for example: and the IDc is Enc (PSK, IDe), wherein Enc can be one or more of algorithms such as AES, DES, 3DES, AES-CCM, AES-GCM and the like. For another example, taking the security parameter as the first password PW, the second customer node generates an ID ciphertext IDc according to the first password PW through an encryption algorithm Enc, for example: IDc (PW, IDe).

The implementation mode two is as follows: and the second node determines a first protection key according to the security parameters, and encrypts the ID of the second node according to the first protection key to obtain an ID ciphertext.

Wherein the first protection key is determined based on the security parameter. For example, the first node xors the security parameter with a secret value Kor to obtain the first protection key, where the secret value Kor may be a predefined or preconfigured secret value or may be a obtained secret value negotiated between the first node and the second node. Specifically, taking security parameters as PSK between the first node and the second node, and a predefined or preconfigured secret value as Kor as an example, the first protection key K1 satisfies the following formula: k1 ═ PSK ≦ Kor, where ≦ refers to an exclusive or operation. It should be noted that, in order to indicate that the secret value Kor may be xor-ed with the security parameter, and thus is described as the secret value Kor, the specific implementation process may have other names (for example, may be a certain session key, etc.) or may not be named.

Further optionally, the second node may generate a first protection key based on the security parameter and a hash algorithm, and encrypt the ID of the second node using the first protection key. The first protection key may also be understood as a hash value of the security parameter. For example, the first protection key K1 satisfies: k1 ═ hash (psk), or satisfies: k1 ═ hash (pw). For example, the ID ciphertext IDc is generated in a manner satisfying the following equation: IDc (K1, IDe).

Alternatively, the second node may generate the first protection key based on the security parameters and the KDF. Further optionally, there may be other parameters, such as freshness parameters, when generating the first protection key. Taking security parameter PSK as an example, the second node may generate a first protection key K1 according to PSK, fresh, and KDF, for example: k1 KDF (PSK, fresh), where fresh1 may be a freshness parameter (referred to as a first freshness parameter for convenience of description) determined for the second node, such as a random number nonce. For another example, taking the security parameter as the first password PW as an example, the second node may generate the first protection key K1 according to the first password PW, for example: k1 ═ KDF (PW, fresh). The first node encrypts the ID of the first node using the first protection key K1 to obtain an ID ciphertext IDc, for example: and IDc (K1, IDe), wherein Enc can be one or more of algorithms such as AES, DES, 3DES, AES-CCM, AES-GCM and the like.

It should be noted that, in order to more clearly illustrate how the scheme explains how to obtain the first protection key in a two-step manner, in an actual process, it may also be done in one step, and the first protection key K1 is only an intermediate result, for example, the way of determining the ID ciphertext IDc is satisfied: IDc ═ Enc (KDF (PSK, fresh), IDe) or satisfied IDc ═ Enc (KDF (PW, fresh), IDe).

Step S402: the second node sends the first information to the first node.

Optionally, the first information may further include a first key agreement parameter, where the first key agreement parameter may be generated based on a key agreement algorithm, or obtained according to a pre-configured or pre-defined calculation method.

Further optionally, the first information further includes a first freshness parameter. For example, the first freshness parameter may be a random number nonce determined by the second node.

Optionally, the first information further includes a PSK ID, and the PSKID is an ID corresponding to the PSK shared between the first node and the second node. Further, in the case that the ID ciphertext is encrypted based on PSK, the first node may determine, according to the PSKID in the first information, the PSK that is shared with the second node, and then decrypt the ID ciphertext using the PSK to obtain the ID of the second node.

Optionally, the first information further includes an ID corresponding to the first password. In one possible design, different passwords correspond to different password IDs, and the first password used to decrypt the first ciphertext may be determined by the ID corresponding to the first password. Further, different passwords may correspond to different authority controls, so that the first node may determine the first password according to the ID corresponding to the first password, and further determine authority information corresponding to the second node, and the like.

Optionally, in a specific implementation process, the first information may also be referred to as association request information (in a specific scenario, the first information may also be referred to as association request message).

Step S403: and the first node decrypts the ID ciphertext based on the security parameters to obtain the ID of the second node.

Specifically, since the ID ciphertext corresponds to the security parameter and the ID of the second node, the first node may determine the ID of the second node according to the security parameter and the ID ciphertext.

In one implementation, the second node encrypts the ID ciphertext of the second node in a manner specified by the protocol, and the first node decrypts the ID key using the corresponding manner to obtain the ID of the second node. Specifically, the first node decrypts the ID ciphertext based on the security parameter to obtain the ID of the second node, which may have at least the following possible implementation manners:

the implementation mode is as follows: and the first node decrypts the ID ciphertext through a decryption algorithm (the specific algorithm can be the same as the encryption algorithm) according to the security parameters to obtain the ID of the second node. Specifically, taking the security parameter as PSK as an example, the first node obtains the ID of the second node through a decryption algorithm Dec and a ciphertext IDc according to PSK, for example: de (PSK, IDc), where Dec may be one or more of AES, DES, 3DES, AES-CCM, AES-GCM, and the like. For another example, taking a first password PW with security parameters as a first node as an example, the first node obtains an ID of the second node through a decryption algorithm Dec and a ciphertext IDc according to the first password PW, for example: de (PW, IDc).

The implementation mode two is as follows: and the first node determines a first protection key according to the security parameters, and decrypts the ID ciphertext according to the first protection key to obtain the ID of the second node.

Further optionally, the first node may generate a first protection key based on the security parameter and the hash algorithm, and decrypt the ID ciphertext using the first protection key. The first protection key may also be understood as a hash value of the security parameter. For example, the first protection key K1 satisfies: k1 ═ hash (psk), or satisfies: k1 ═ hash (pw). For example, the manner of decrypting the ID ciphertext IDc to obtain the ID of the second node satisfies the following formula: IDe ═ Dec (K1, IDc).

Alternatively, the second node may generate the first protection key based on the security parameters and the KDF. Further optionally, there may be other parameters, such as freshness parameters, when generating the first protection key. Taking security parameter PSK as an example, the first node may generate a first protection key K1 according to PSK, fresh, and KDF, for example: k1 KDF (PSK, fresh), where fresh1 may be the first freshness parameter nonce in the first information. For another example, taking the security parameter as the first password PW as an example, the first node may generate the first protection key K1 according to the first password PW, for example: k1 ═ KDF (PW, fresh). The first node decrypts the ID ciphertext using the first protection key K1 to obtain the ID of the first node, for example: de (K1, IDc), where Dec may be one or more of AES, DES, 3DES, AES-CCM, AES-GCM, etc. algorithms.

It should be noted that, in order to more clearly illustrate how the scheme explains how to obtain the first protection key in a two-step manner, in an actual process, it may also be done in one step, and the first protection key K1 is only an intermediate result, namely, the manner of determining the ID ciphertext IDc satisfies: IDe ═ Dec (KDF (PSK, fresh), IDc) or IDe ═ Dec (KDF (PW, fresh), IDc).

Step S404: the first node sends the second information to the second node.

For specific implementation, refer to the specific description in step S306, which is not described herein again.

In the embodiment shown in fig. 4, a PSK shared with the first node is predefined, preconfigured, or pre-generated in the second node, and thus the real ID can be encrypted using the PSK. Correspondingly, the ID ciphertext is decrypted according to the PSK, so that the real ID of the second node can be obtained, and the identity of the second node is determined. The temporary ID can be used for marking the identity of the second node during subsequent communication, so that the real ID of the node is protected from being leaked, and the data security is improved.

Alternatively, the second node may encrypt the ID of the second node based on the first password, so that the first node may decrypt the ID ciphertext based on the first password to obtain the ID of the second node. The node which acquires the first password is usually credible, so that the communication security can be ensured, and the temporary ID can be used for marking the identity of the second node during subsequent communication, so that the real ID of the node is protected from being leaked, and the data security is improved.

Many possible implementations are included in the method embodiments shown in fig. 3 and fig. 4, and some implementations are illustrated below with reference to fig. 5, fig. 6, or fig. 7, it should be noted that related concepts or operations or logical relationships that are not explained in fig. 5, fig. 6, or fig. 7 may refer to corresponding descriptions in the embodiments shown in fig. 3 and fig. 4.

Referring to fig. 5, fig. 5 is a schematic diagram of another possible communication method provided in the embodiment of the present application, where the method at least includes the following steps:

optionally, the communication method may include step S501, which is specifically as follows:

step S501: the first node determines a temporary public key and a temporary public key. It should be understood that, in an actual implementation scenario, the temporary public key and the temporary private key may or may not be determined by the first node (for example, determined by other nodes and then sent to the first node), which may depend on an implementation of the first node, a predetermined convention, or a definition of a standard.

Specifically, the first node may periodically or non-periodically generate a temporary key pair (including a temporary public key and a temporary private key). For example, the first node may broadcast the temporary key pair every ten minutes. As another example, the first node may send access information in unicast or multicast form to the second node, and after receiving a response from the second node to the access information, determine that the temporary key pair is used for communication encryption.

Step S502: the first node sends the certificate, the temporary public key, and a signature of the temporary public key.

Specifically, the first node may send the certificate, the temporary public key, and the signature of the temporary public key to the second node in a unicast manner, or may send the certificate, the temporary public key, and the signature of the temporary public key in a broadcast or multicast manner. Accordingly, the second node receives the certificate, the ephemeral public key, and the signature of the ephemeral public key from the first node.

Optionally, the certificate, the temporary public key, and the signature of the temporary public key may be included in the same information, or may be sent to the second node through different information respectively. For convenience of describing writing a sending action, in a specific implementation, the first node may send the certificate, the temporary public key, and the signature of the temporary public key to the second node by sending one or more pieces of information.

The detailed description in step S301 may be referred to for specific implementation.

Step S503: and the second node determines that the temporary public key passes the verification according to the certificate and the signature of the temporary public key.

The detailed description in step S302 may be referred to for specific implementation.

Step S504: and the second node encrypts the ID of the second node by using the temporary public key to obtain an ID ciphertext.

The detailed description in step S303 may be referred to for specific implementation.

Step S505: the second node sends association request information to the first node.

Specifically, the association request information includes an ID ciphertext. The second node sends the association request information to the first node, and correspondingly, the first node receives the association request information from the second node.

Optionally, the association request message may further include a first key agreement parameter KEe, where the first key agreement parameter may be generated based on a key agreement algorithm, or obtained according to a pre-configured or pre-defined calculation method. For example, taking DH algorithm as an example, two larger values are obtained in advance between the first node and the second nodeBased on DH algorithm, the second node generates a random number a and calculates a first key agreement parameter KEe ═ g^amod p, where mod is a modulo operation. The first key agreement parameter KEe is used to send to the first node to generate a first key. It should be noted that, in this embodiment of the present application, only the DH algorithm is taken as an example, and a specific implementation process further includes other key agreement algorithms, and accordingly, key agreement parameters of the specifically used key agreement algorithm are also generated, which is not illustrated here.

Optionally, the association request information further includes a first freshness parameter nonce.

Optionally, the first information further includes a PSK ID, and the PSK ID is an ID corresponding to a PSK shared between the first node and the second node. Further, the PSK ID may be used by the first node to determine the PSK that it shares with the second node.

Step S506: and the first node decrypts the ID ciphertext according to the temporary private key to obtain the ID of the second node.

The detailed description in step S305 may be referred to for specific implementation.

Optionally, the communication method may include steps S505 to S515, specifically as follows:

step S507: the first node determines a first key according to the first key negotiation parameter and the key negotiation algorithm.

Specifically, the first node may determine, through a key agreement algorithm, a private key of the first node in a key agreement process, so as to determine the first key according to KEe and the private key of the first node in the key agreement process.

For example, take DH algorithm as an example, since KEe ═ g^amod p, the first node may determine a random number b based on a key agreement algorithm, the first key Kdh satisfying the following equation: Kdh-KEe^b mod p。

Further, the first key may be used for subsequent communication encryption or for deriving keys used for communication encryption (e.g., one or more of a derived encryption key, an integrity protection key, etc.).

Step S508: the first node generates first identity authentication information.

Specifically, the first node has at least the following implementation modes according to the generation of the first identity authentication information:

the implementation mode is as follows: in the case that a PSK exists between the first node and the second node, the first node generates the first identity authentication information AUTHa according to the PSK and one or more of the association request information, a partial parameter (for example, a first freshness parameter nonce) in the association request information, a second freshness parameter nonce, or security context request information (or specifically, a partial parameter thereof) in which the first identity authentication information is located. Wherein the second freshness parameter is one of a NONCE, a counter value, a sequence number, etc. determined by the first node.

For example, the first authentication information AUTHa satisfies the following formula: AUTHa ═ KDF (PSK, association request information, security context request information).

For another example, the first authentication information AUTHa satisfies the following formula: AUTHa ═ KDF (PSK, nonocee, nonocea).

The implementation mode two is as follows: and under the condition that the PSK between the first node and the second node exists, the first node generates a second key according to the PSK and obtains the first identity authentication information by using the second key.

Optionally, the first node generates the second key according to the PSK and other information, where the other information includes one or more of the first freshness parameter nonce, the second freshness parameter nonce, the ID of the first node, the ID of the second node, and the key identifier. The key identifier is a predefined or preconfigured identifier, which indicates the kind of generated key, and may be a character string, a number, or the like. For example, the second key Kauth satisfies the following equation: kauth KDF (PSK, NONCEe, NOCNEa, IDa, IDe, "authentication"), IDa indicating the ID of the first node, IDe indicating the ID of the second node, "authentication" being an optional key identification.

The first node generates the first identity authentication information AUTHa according to the second key and one or more of the association request information, a part of parameters (for example, a first freshness parameter nonce) in the association request information, a second freshness parameter nonce, or security context request information (or specifically, a part of parameters thereof) in which the first identity authentication information is located.

For example, the first authentication information AUTHa satisfies the following formula: AUTHa ═ KDF (Kauth, association request information, security context request information).

For another example, the first authentication information AUTHa satisfies the following formula: AUTHa ═ KDF (Kauth, nonocee, nonocea).

The implementation mode is three: and under the condition that the PSK between the first node and the second node exists, the first node generates a second key according to the first key and the PSK, and obtains the first identity authentication information by using the second key.

Optionally, the first node generates the second key according to the first key Kdh, PSK and other information, where the other information includes one or more of the first freshness parameter nonce, the second freshness parameter nonce, the ID of the first node, the ID of the second node, and the key identifier. The key identifier is a predefined or preconfigured identifier, which indicates the kind of generated key, and may be a character string, a number, or the like. For example, the second key Kauth satisfies the following equation: kauth ═ KDF (Kdh | | PSK, nonce, NOCNEa, IDa, IDe, "authentication"), where "| |" may represent string concatenation (by way of example only, and may or may not be concatenated in a particular implementation, e.g., as two input parameters respectively), IDa indicates the ID of the first node, IDe indicates the ID of the second node, and "authentication" is an optional key identification.

For example, the first authentication information AUTHa satisfies the following formula: AUTHa ═ KDF (Kauth, association request information, security context request information).

For another example, the first authentication information AUTHa satisfies the following formula: AUTHa ═ KDF (Kauth, nonocee, nonocea).

It should be noted that, in order to illustrate the scheme more clearly, how to obtain the second key Kauth is explained in a two-step manner, in an actual process, the second key Kauth may also be obtained in one step, and the second key Kauth is only an intermediate result.

Alternatively, the first key Kdh may be replaced with a key Kgt derived from the first key Kdh, such as: kgt KDF (Kdh, nonocee, nonocea), or Kgt KDF (Kdh, fresh), where fresh is a freshness parameter, may be such that Kgt derived from Kdh each time is different. Reference may be specifically made to the description related to the embodiment shown in fig. 3, which is not described herein again.

Step S509: the first node sends security context request information to the second node.

Specifically, the security context request message includes second identity authentication information, a second key agreement parameter KEa, and a second freshness parameter. Optionally, the first identity authentication information may be further included.

Optionally, the association request message may further include a first key agreement parameter KEe, where the first key agreement parameter may be generated based on a key agreement algorithm, or obtained according to a pre-configured or pre-defined calculation method. For example, taking DH algorithm as an example, two prime numbers with large numbers are obtained in advance between the first node and the second node, the prime number p and the prime number g are respectively obtained, based on the DH algorithm, the second node generates a random number a, and calculates the first key agreement parameter KEe ═ g^amod p, where mod is a modulo operation. The first key agreement parameter KEe is used to send to the first node to generate a first key. It should be noted that, in this embodiment of the present application, only the DH algorithm is taken as an example, and a specific implementation process further includes other key agreement algorithms, and accordingly, key agreement parameters of the specifically used key agreement algorithm are also generated, which is not illustrated here.

The second key agreement parameter may be generated based on a key agreement algorithm, or may be obtained according to a pre-configured or pre-defined calculation manner. For example, taking DH algorithm as an example, two prime numbers with large numbers are obtained in advance between the first node and the second node, the prime number p and the prime number g are respectively obtained, based on the DH algorithm, the first node generates a random number b, and calculates the second key agreement parameter KEa ═ g^bmod p, where mod is a modulo operation. The second key agreement parameter KEa is used to send to the second node to generate the first key. It should be noted that, in this embodiment of the present application, only the DH algorithm is taken as an example, and a specific implementation process further includes other key agreement algorithms, and accordingly, key agreement parameters of the specifically used key agreement algorithm are also generated, which is not illustrated here.

Step S510: and the second node determines the first key according to the second key negotiation parameter and the key negotiation algorithm.

Specifically, the second node may determine, through a key agreement algorithm, a private key of the second node in a key agreement process, so as to determine the first key according to KEe and the private key of the first node in the key agreement process.

For example, take DH algorithm as an example, since KEa ═g^bmod p, the first key Kdh satisfies the following equation: Kdh-KEa^amod p. Due to KEe^bmod p＝(g^amod p)^bmod p＝g^abmod p＝(g^bmod p)^amod p＝KEa^amod p so the first node is the same as Kdh determined by the second node.

Step S511: and the second node determines that the identity authentication of the first node passes according to the first identity authentication information.

In an alternative, according to the protocol specification, what parameter the first node uses to generate the first authentication information, the second node should also use the same parameter to generate the verification information, and if the verification information is the same as the first authentication information, the verification is considered to be passed. For example, the first authentication information is generated by the KDF, so the second node may generate check information, also referred to as a check value check2, through the KDF and then verify whether the first authentication information is correct through the check information.

The following is illustrated by way of example:

for example, if the first authentication information AUTHa is KDF (Kauth, association request information, security context request information), the second node determines Kauth according to the first key and/or PSK, generates a check value check2 which is KDF (Kauth, association request information, security context request information), and if the check value check2 is the same as AUTHa, determines that the authentication of the first node passes.

Optionally, if the first authentication information fails to be verified, the second node may disconnect the communication connection with the first node.

Step S512: the second node generates second identity authentication information.

Specifically, the implementation of generating the second identity authentication information by the second node may refer to the related description of the first node side in step S508.

For example, in a case where a PSK corresponding to the first node exists in the second node, the second authentication information AUTHe generated by the second node according to the PSK may satisfy the following formula: AUTHe ═ KDF (PSK, security context request information, security context response information).

For another example, in a case where a PSK corresponding to the first node exists in the second node, the second node determines the second key Kauth according to the first key Kdh and/or the PSK, and the second authentication information AUTHe generated using the second key Kauth may satisfy the following formula: AUTHe ═ KDF (Kauth, security context request information, security context response information).

Step S513: the second node sends the security context response information to the first node.

Optionally, the security context request information includes second identity authentication information.

Step S514: and the first node determines that the identity authentication of the second node passes according to the second identity authentication information.

In an alternative, according to the protocol, what parameter the second node uses to generate the second authentication information, the first node should also use the same parameter to generate the verification information, and if the verification information is the same as the second authentication information, the verification is considered to be passed. For example, the second authentication information is generated through the KDF, so the second node may generate check information, also referred to as a check value check1, through the KDF, and then verify whether the first authentication information is correct through the check information. The following is illustrated by way of example:

for example, if the second authentication information AUTHe is KDF (Kauth, security context request information, security context response information), the first node determines Kauth according to the first key and/or PSK, generates a check value check1 which is KDF (Kauth, security context request information, security context response information), and if the check value check1 is the same as AUTHe, determines that the authentication of the second node passes.

Optionally, if the second identity authentication information is not verified, the first node may disconnect the communication connection with the second node.

Step S515: the first node assigns a temporary ID to the second node.

In particular, the temporary ID is used to temporarily mark the identity of the second node. Further, a correspondence relationship between an ID (permanent ID) and a temporary ID may be stored.

The temporary ID may be assigned by a fixed algorithm or randomly. For example, the first node may predefine, preset, or specify according to the protocol a length and/or format (e.g., including one or more of a number, capital letter, lower case letter, etc.) of the temporary ID, and randomly assign the temporary ID to the second node according to the length and/or format.

Optionally, the first node determines that the identity of the second node is trusted, and allocates a temporary ID to the second node. For example, it may be determined that the identity of the second node is trusted in the manner described in steps S507-S514.

Step S516: the first node sends association establishment information to the second node.

The specific implementation can be referred to the related description of step S305.

Optionally, the communication method may include step S517, specifically as follows:

step S517: and the second node sends association completion information to the first node.

Specifically, the association completion information is used to indicate that the association is completed or includes information used to indicate that the association is completed.

In the embodiment shown in fig. 5, the second node may protect the ID through the temporary public key to obtain the ID ciphertext, so that the real ID is not directly transmitted, and the source and integrity of the temporary public key may be protected through the signature of the temporary public key. Further, the second node may verify the temporary public key according to the signature of the temporary public key, and then transmit the ID by using a "public key encryption, private key decryption" manner. Therefore, the first node can acquire the real ID of the second node by decrypting the ID ciphertext, and the temporary ID can be used for marking the identity of the second node in subsequent communication, so that the real ID of the node is protected from being leaked, and the data security is improved.

Referring to fig. 6, fig. 6 is a schematic diagram of another possible communication method provided in the embodiment of the present application, where the method at least includes the following steps:

step S601: and the second node encrypts the ID of the second node based on the PSK to obtain an ID ciphertext.

Specifically, the second node encrypts the ID of the second node based on PSK to obtain an ID ciphertext, which may include at least the following possible implementation manners:

the implementation mode is as follows: and the second node encrypts the ID of the second node through an encryption algorithm according to the PSK to obtain an ID ciphertext. Specifically, the second node generates an ID ciphertext IDc according to the PSK through an encryption algorithm Enc, for example: and the IDc is Enc (PSK, IDe), wherein Enc can be one or more of algorithms such as AES, DES, 3DES, AES-CCM, AES-GCM and the like.

The implementation mode two is as follows: and the second node generates a first protection key according to the PSK, and encrypts the ID of the second node according to the first protection key to obtain an ID ciphertext.

Further optionally, the second node may generate a first protection key using PSK and a hash algorithm, and encrypt the ID of the second node using the first protection key. The first protection key may also be understood as a hash value of the PSK. For example, the first protection key K1 satisfies: k1 ═ hash (psk). Further, the ID ciphertext IDc is generated in a manner satisfying the following formula: IDc (K1, IDe).

Alternatively, the second node may generate the first protection key based on the PSK and the KDF. Further optionally, there may be other parameters, such as freshness parameters, when generating the first protection key. For example: k1 ═ KDF (PSK, fresh).

Step S602: the second node sends association request information to the first node.

Optionally, the association request message may further include a first key agreement parameter, where the first key agreement parameter may be generated based on a key agreement algorithm, or obtained according to a pre-configured or pre-defined calculation method.

Further optionally, the association request information further includes a first freshness parameter. For example, the first freshness parameter may be a random number nonce determined by the second node.

Optionally, the association request information further includes first indication information, where the first indication information is used to indicate that the association request information includes the ID ciphertext. Alternatively, the first indication information may be a first field included in the first information. For example, a value of "0" in the first field indicates that the first information includes the ID ciphertext. In this way, the first node may determine whether to perform the step of decrypting the ID ciphertext by parsing the first information. Further, when the value of the first field is "1", it is indicated that the first information includes the temporary ID. For another example, the first information may include an ID type, and the ID type may be one or more of an ID ciphertext, a temporary ID, and the like.

Optionally, the association request information further includes a PSK ID, where the PSK ID is an ID corresponding to a PSK shared between the first node and the second node. Further, in the case where the ID ciphertext is encrypted based on PSK, the first node may determine, according to the PSK ID in the association request information, the PSK that is shared with the second node, and then decrypt the ID ciphertext using the PSK to obtain the ID of the second node.

Step S603: and the first node decrypts the ID ciphertext based on the PSK to obtain the ID of the second node.

Specifically, since the ID ciphertext corresponds to the PSK and the ID of the second node, the first node may determine the ID of the second node from the PSK and the ID ciphertext.

In one implementation, the second node encrypts the ID ciphertext of the second node in a manner specified by the protocol, and the first node decrypts the ID key using the corresponding manner to obtain the ID of the second node. Specifically, the first node decrypts the ID ciphertext based on PSK to obtain the ID of the second node, which may include at least the following possible implementation manners:

the implementation mode is as follows: and the first node decrypts the ID ciphertext through a decryption algorithm (the specific algorithm can be the same as the encryption algorithm) according to the PSK to obtain the ID of the second node. For example: de (PSK, IDc), where Dec may be one or more of AES, DES, 3DES, AES-CCM, AES-GCM, and the like.

The implementation mode two is as follows: and the first node generates a first protection key according to the PSK, and decrypts the ID ciphertext according to the first protection key to obtain the ID of the second node.

Further optionally, the first node may generate a first protection key based on the PSK and a hash algorithm, and decrypt the ID ciphertext using the first protection key. The first protection key may also be understood as a hash value of the PSK. For example, the first protection key K1 satisfies: k1 ═ hash (psk). For example, the manner of decrypting the ID ciphertext IDc to obtain the ID of the second node satisfies the following formula: IDe ═ Dec (K1, IDc).

The specific implementation can be referred to the specific description in step S403.

Optionally, the communication method may include steps S604 to S613, and specific implementation in steps S604 to S613 may refer to descriptions of corresponding steps in steps S505 to S515, which are not described herein again. S604-step S613 specifically includes:

step S604: the first node determines a first key according to the first key negotiation parameter and the key negotiation algorithm.

Step S605: the first node generates first identity authentication information according to the first key.

Step S606: the first node sends security context request information to the second node.

Step S607: and the second node determines the first key according to the second key negotiation parameter and the key negotiation algorithm.

Step S608: and the second node determines that the identity authentication of the first node passes according to the first identity authentication information.

Step S609: the second node generates second identity authentication information.

Step S610: the second node sends the security context response information to the first node.

Step S611: and the first node determines that the identity authentication of the second node passes according to the second identity authentication information.

Step S612: the first node assigns a temporary ID to the second node.

Step S613: the first node sends association establishment information to the second node.

The specific implementation can be referred to the related description of step S404.

Step S614: and the second node sends association completion information to the first node.

Specifically, the association completion information is used to indicate that the association is completed or includes information used to indicate that the association is completed. The second node sends the association completion information to the first node, and correspondingly, the first node receives the association completion information from the second node.

In the embodiment shown in fig. 6, a PSK shared with the first node is predefined, preconfigured, or pre-generated in the second node, and thus the real ID can be encrypted using the PSK. Correspondingly, the ID ciphertext is decrypted according to the PSK, so that the real ID of the second node can be obtained, and the identity of the second node is determined. The temporary ID can be used for marking the identity of the second node during subsequent communication, so that the real ID of the node is protected from being leaked, and the data security is improved.

Referring to fig. 7, fig. 7 is a schematic diagram of another possible communication method provided in the embodiment of the present application, where the method at least includes the following steps:

step S701: and the second node encrypts the ID of the second node based on the first password to obtain an ID ciphertext.

Specifically, the second node encrypts the ID of the second node based on the first password to obtain an ID ciphertext, which may have at least the following possible implementation manners:

the implementation mode is as follows: and the second node encrypts the ID of the second node through an encryption algorithm according to the first password to obtain an ID ciphertext. Specifically, the second node generates an ID ciphertext IDc according to the first password PW and through an encryption algorithm Enc, for example: and the IDc is Enc (PW, IDe), wherein the Enc can be one or more of algorithms of AES, DES, 3DES, AES-CCM, AES-GCM and the like.

The implementation mode two is as follows: and the second node generates a first protection key according to the first password, and encrypts the ID of the second node according to the first protection key to obtain an ID ciphertext.

Further optionally, the second node may generate a first protection key using the first password and a hash algorithm, and encrypt the ID of the second node using the first protection key. Wherein the first protection key may also be understood as a hash value of the first password. For example, the first protection key K1 satisfies: k1 ═ hash (pw). Further, the ID ciphertext IDc is generated in a manner satisfying the following formula: IDc (K1, IDe).

Alternatively, the second node may generate the first protection key based on the first password and the KDF. Further optionally, there may be other parameters, such as freshness parameters, when generating the first protection key. For example: k1 ═ KDF (PW, fresh).

Step S702: the second node sends association request information to the first node.

Optionally, the association request information further includes an ID corresponding to the first password. In one possible design, different passwords correspond to different password IDs, and the first password used to decrypt the first ciphertext may be determined by the ID corresponding to the first password. Further, different passwords may correspond to different authority controls, so that the first node may determine the first password according to the ID corresponding to the first password, and further determine authority information corresponding to the second node, and the like.

Step S703: and the first node decrypts the ID ciphertext based on the first password to obtain the ID of the second node.

Specifically, since the ID ciphertext corresponds to the first password and the ID of the second node, the first node may determine the ID of the second node according to the first password and the ID ciphertext.

In one implementation, the second node encrypts the ID ciphertext of the second node in a manner specified by the protocol, and the first node decrypts the ID key using the corresponding manner to obtain the ID of the second node. Specifically, the first node decrypts the ID ciphertext to obtain the ID of the second node based on the first password, and at least several possible implementation manners are as follows:

the implementation mode is as follows: and the first node decrypts the ID ciphertext through a decryption algorithm (the specific algorithm can be the same as the encryption algorithm) according to the first password PW to obtain the ID of the second node. For example: dec may be one or more of AES, DES, 3DES, AES-CCM, AES-GCM, etc.

The implementation mode two is as follows: and the first node generates a first protection key according to the first password, and decrypts the ID ciphertext according to the first protection key to obtain the ID of the second node.

Further optionally, the first node may generate a first protection key based on the first password and a hash algorithm, and decrypt the ID ciphertext using the first protection key. The first protection key may also be understood as a hash value of the PSK. For example, the first protection key K1 satisfies: k1 ═ hash (pw). For example, the manner of decrypting the ID ciphertext IDc to obtain the ID of the second node satisfies the following formula: IDe ═ Dec (K1, IDc).

The specific implementation can be referred to the specific description in step S403.

Optionally, the communication method may include step S704 to step S713, and specific implementation in step S704 to step S713 may refer to descriptions of corresponding steps in step S505 to step S515, which is not described herein again. S704-step S713 specifically follows:

step S704: the first node determines a first key according to the first key negotiation parameter and the key negotiation algorithm.

Step S705: the first node generates first identity authentication information according to the first key.

Step S706: the first node sends security context request information to the second node.

Step S707: and the second node determines the first key according to the second key negotiation parameter and the key negotiation algorithm.

Step S708: and the second node determines that the identity authentication of the first node passes according to the first identity authentication information.

Step S709: the second node generates second identity authentication information.

Step S710: the second node sends the security context response information to the first node.

Step S711: and the first node determines that the identity authentication of the second node passes according to the second identity authentication information.

Step S712: the first node assigns a temporary ID to the second node.

Step S713: the first node sends association establishment information to the second node.

The specific implementation can be referred to the related description of step S404.

Step S714: and the second node sends association completion information to the first node.

In the embodiment shown in fig. 7, the second node may encrypt the ID of the second node based on the first password, so that the first node may decrypt the ID ciphertext based on the first password to obtain the ID of the second node. The node which acquires the first password is usually credible, so that the communication security can be ensured, and the temporary ID can be used for marking the identity of the second node during subsequent communication, so that the real ID of the node is protected from being leaked, and the data security is improved.

The method of the embodiments of the present application is set forth above in detail and the apparatus of the embodiments of the present application is provided below.

Referring to fig. 8, fig. 8 is a schematic structural diagram of a communication apparatus 80 according to an embodiment of the present disclosure, where the apparatus 80 may be a node, or may be a device in the node, such as a chip or an integrated circuit, and the apparatus 80 may include a sending unit 801, a receiving unit 802, and a processing unit 803. The communication device 80 is used to implement the aforementioned communication method, such as the communication method of the embodiment shown in fig. 3 or fig. 5.

In a possible implementation, the sending unit 801 is configured to send a first public key and a signature of the first public key;

a receiving unit 802, configured to receive first information (association request information) from a second node (T node), where the first information includes an ID ciphertext corresponding to the first public key and an ID of the second node;

the processing unit 803 is configured to decrypt the ID ciphertext according to a first private key corresponding to the first public key to obtain an ID of the second node;

the sending unit 801 is further configured to send second information (association establishment information) to the second node, where the second information includes a temporary ID corresponding to the second node, and the temporary ID is used to temporarily mark an identity of the second node.

In the embodiment of the application, the second node can protect the ID through the first public key to obtain the ID ciphertext, so that the real ID is not directly transmitted, and the source and the integrity of the first public key can be protected through the signature of the first public key. Further, the second node may verify the first public key according to the signature of the first public key, and then transmit the ID by using a "public key encryption, private key decryption" method. Therefore, the communication device 80 can obtain the real ID of the second node by decrypting the ID ciphertext, and can mark the identity of the second node by using the temporary ID during subsequent communication, so as to protect the real ID of the node from being leaked, and improve data security.

In yet another possible implementation, the first public key is a temporary public key, and the first private key is a temporary private key.

It can be seen that because the existence duration of the temporary key is usually short, compared with the long-term key, the temporary key is not easy to be cracked, so that the privacy of the real ID can be improved by encrypting the real ID by using the temporary public key. In addition, since the long-term key is usually used for a long time, when the long-term key is cracked, all data of communication using the key is affected, and the long-term key does not have forward security. The existing time of the temporary key is usually short, so that the safety of communication data before the temporary key is used is not influenced even if the temporary key is cracked, and the data safety is improved.

In yet another possible embodiment, the first public key is a one-time public key and the first private key is a one-time private key.

In yet another possible implementation, the processing unit 803 is further configured to sign the first public key based on a private key corresponding to a Digital Certificate (DC), so as to obtain a signature of the first public key;

the transmitting unit 801 is further configured to transmit the DC to the second node.

In yet another possible implementation manner, the first information further includes first indication information, and the first indication information is used to indicate that the association request information includes the ID ciphertext.

In yet another possible implementation, the processing unit 803 is further configured to:

determining that the identity authentication of the second node passes;

assigning the temporary ID to the second node.

In yet another possible implementation, the first information further includes a first key agreement parameter; the processing unit is further configured to determine a first key according to the first key agreement parameter and a key agreement algorithm;

the sending unit 801 is further configured to send third information to the second node, where the third information includes first identity authentication information and a second key agreement parameter, and the first identity authentication information is used for identity authentication of the first node;

the receiving unit 802 is further configured to receive fourth information from the second node, where the fourth information includes second identity authentication information;

the processing unit 803 is further configured to confirm that the identity authentication of the second node passes according to the first key and the second identity authentication information.

In yet another possible implementation manner, the receiving unit 802 is further configured to receive fifth information from the second node, where the fifth information is used to indicate that the association is completed. Further, the fifth information may be referred to as association completion information (in a specific scenario, also referred to as an association completion message).

It should be noted that the implementation of each unit may also correspond to the corresponding description of the embodiments shown in fig. 3 and fig. 5. The communication device 80 may be the first node in the embodiments shown in fig. 3 and 5.

It should be understood that, in the embodiments of the apparatus of the present application, the division of a plurality of units or modules is only a logical division according to functions, and is not a limitation to the specific structure of the apparatus. In a specific implementation, some of the functional modules may be subdivided into more tiny functional modules, and some of the functional modules may be combined into one functional module, but the general flow performed by the apparatus 80 during the data transmission process is the same regardless of whether the functional modules are subdivided or combined. For example, the receiving unit 802 and the transmitting unit 801 in the apparatus 80 described above may also be integrated into a communication unit that can realize the functions realized by the receiving unit 802 and the transmitting unit 801. Generally, each unit corresponds to a respective program code (or program instruction), and when the respective program code of the units runs on a processor, the units are controlled by a processing unit to execute a corresponding flow so as to realize a corresponding function.

Referring to fig. 9, fig. 9 is a schematic structural diagram of a communication apparatus 90 according to an embodiment of the present disclosure, where the apparatus 90 may be a node, or may be a device in the node, such as a chip or an integrated circuit, and the apparatus 90 may include a receiving unit 901, a processing unit 902, and a sending unit 903. The communication device 90 is used to implement the aforementioned communication method, such as the communication method of the embodiment shown in fig. 4, fig. 6 or fig. 7.

In a possible implementation manner, the receiving unit 901 is configured to receive first information from a second node, where the first information includes an ID ciphertext, and the ID ciphertext corresponds to a first protection key and an ID of the second node;

a processing unit 902, configured to determine the first protection key based on a security parameter, where the security parameter is a pre-shared key PSK between a first node and the second node or a first password of the first node;

the processing unit 902 is further configured to decrypt the ID ciphertext according to the first protection key to obtain the ID of the second node;

a sending unit 903, configured to send second information to the second node, where the second information includes a temporary ID corresponding to the second node, and the temporary ID is used to temporarily mark an identity of the second node.

It can be seen that the second node has a PSK predefined, pre-configured or pre-generated therein that is shared with the first node, so that the true ID can be encrypted using the PSK. Accordingly, the communication apparatus 90 may decrypt the ID ciphertext according to the PSK, thereby obtaining the true ID of the second node and determining the identity of the second node. The temporary ID can be used for marking the identity of the second node during subsequent communication, so that the real ID of the node is protected from being leaked, and the data security is improved.

It can be seen that the second node may encrypt the ID of the second node based on the first password, so that the communication device 90 may decrypt the ID ciphertext based on the first password to obtain the ID of the second node. The node which acquires the first password is usually credible, so that the communication security can be ensured, and the temporary ID can be used for marking the identity of the second node during subsequent communication, so that the real ID of the node is protected from being leaked, and the data security is improved.

In another possible implementation manner, the processing unit 902 is specifically configured to:

and determining the first protection key according to the security parameter and the first freshness parameter.

In another possible implementation manner, the processing unit 902 is specifically configured to:

and determining the first protection key according to the security parameters and a cryptographic algorithm.

In yet another possible implementation, the cryptographic algorithm includes at least a hashing algorithm and/or a Key Derivation Function (KDF). For example, according to the password PW of the first node, the first protection key K1 is obtained by hashing algorithm hash, specifically for example: k1 ═ hash (pw). For another example, according to the hash value of the password PW of the first node and the first freshness parameter fresh1, the first protection key K1 is obtained through the KDF, specifically for example: k1 ═ KDF (hash (PW, fresh 1)).

In a further possible embodiment, the first freshness parameter is a first random number.

In yet another possible implementation, the security parameter is a pre-shared key PSK between the first node and the second node; the PSK corresponds to a first PSK ID; the first information further includes the first PSKID.

In yet another possible implementation, the processing unit 902 is further configured to:

determining that the identity authentication of the second node passes;

assigning the temporary ID to the second node.

In yet another possible implementation, the first information further includes a first key agreement parameter; the processing unit 902 is further configured to determine a first key according to the first key agreement parameter and the key agreement algorithm;

the receiving unit 901 is further configured to receive fourth information from the second node, where the fourth information includes second identity authentication information;

the processing unit 902 is further configured to confirm that the identity authentication of the second node passes according to the first key and the second identity authentication information.

It can be seen that the communication device 90 may generate a first key through key agreement, and generate first authentication information using the first key, where the first authentication information is used for the second node to verify identity. Furthermore, the communication device 90 may also verify the identity of the second node through the second identity authentication information, and if an attacker wants to impersonate the identity of the second node, the attacker cannot forge the first key and cannot pass the identity verification, thereby avoiding communication with an untrusted node and improving the data security of the node.

In yet another possible implementation, the receiving unit 901 is further configured to receive fifth information from the second node, where the fifth information is used to indicate that the association is completed. Further, the fifth information may be referred to as association completion information (in a specific scenario, also referred to as an association completion message).

It should be noted that the implementation of each unit may also correspond to the corresponding description of the embodiments shown in fig. 4, fig. 6, or fig. 7. The communication device 90 may be the first node in the embodiments shown in fig. 4, 6 or 7.

Referring to fig. 10, fig. 10 is a schematic structural diagram of a communication device 100 according to an embodiment of the present application, where the device 100 may be a node, or may be a device in the node, such as a chip or an integrated circuit, and the device 100 may include a receiving unit 1001, a processing unit 1002, and a transmitting unit 1003. The communication device 100 is used to implement the aforementioned communication method, such as the communication method of the embodiment shown in fig. 3 or fig. 5.

In a possible implementation, the receiving unit 1001 is configured to receive a first public key from a first node and a signature of the first public key;

the processing unit 1002 is configured to determine that the integrity of the first public key passes verification according to the signature of the first public key;

a sending unit 1003, configured to send first information to the first node, where the first information includes an ID ciphertext obtained by encrypting an ID of a second node with the first protection key;

the receiving unit 1001 is further configured to receive second information (association establishment information) from the first node, where the second information includes a temporary ID corresponding to an ID of the second node, and the temporary ID is used to temporarily mark an identity of the second node.

In this embodiment of the application, the communication device 100 may protect the ID through the first public key to obtain the ID ciphertext, so that the real ID is not directly transmitted, and the source and integrity of the first public key may be protected through the signature of the first public key. Further, the communication device 100 may verify the first public key according to the signature of the first public key, and then transmit the ID using "public key encryption, private key decryption". Therefore, the first node can acquire the real ID of the second node by decrypting the ID ciphertext, and the temporary ID can be used for marking the identity of the second node in subsequent communication, so that the real ID of the node is protected from being leaked, and the data security is improved.

In one possible embodiment, the first public key is a temporary public key.

In yet another possible embodiment, the first public key is a one-time public key.

In yet another possible implementation, the receiving unit 1001 is further configured to receive a digital certificate DC from the first node;

the processing unit 1002 is further configured to determine that the first public key passes verification according to the public key corresponding to the DC and the signature of the first public key.

In yet another possible implementation, the receiving unit 1001 is further configured to receive third information from the first node, where the third information includes the first identity authentication information and the second key agreement algorithm parameter;

the processing unit 1002 is further configured to determine a first key according to the second key agreement algorithm parameter and the key agreement algorithm;

the processing unit 1002 is further configured to confirm that the identity authentication of the first node passes according to the first key and the first identity authentication information;

the sending unit 1003 is further configured to send fourth information to the first node, where the fourth information includes second identity authentication information; the second identity authentication information is used for authenticating the identity of the second node.

In another possible implementation manner, the sending unit 1003 is further configured to send fifth information to the first node, where the fifth information is used to indicate that association is completed. Further, the fifth information may be referred to as association completion information (in a specific scenario, also referred to as an association completion message).

It should be noted that the implementation of each unit may also correspond to the corresponding description of the embodiment shown in fig. 3 or fig. 5. The communication device 100 may be the second node in the embodiment shown in fig. 3 or fig. 5.

Referring to fig. 11, fig. 11 is a schematic structural diagram of a communication device 110 according to an embodiment of the present disclosure, where the device 110 may be a node, or may be a device in the node, such as a chip or an integrated circuit, and the device 110 may include a processing unit 1101, a sending unit 1102, and a receiving unit 1103. The communication device 110 is configured to implement the aforementioned communication method, such as the communication method of the embodiment shown in fig. 4, fig. 6, or fig. 7.

In a possible implementation, the processing unit 1101 is configured to determine a first protection key based on a security parameter, where the security parameter is a pre-shared key PSK between a first node and a second node or a first password of the first node;

the processing unit 1101 is further configured to encrypt an identity ID of the second node according to the first protection key to obtain an ID ciphertext;

a sending unit 1102, configured to send first information to the first node, where the first information includes an ID ciphertext, and the ID ciphertext is obtained by encrypting an ID of a second node through the first protection key;

a receiving unit 1103, configured to receive second information from the first node, where the second information includes a temporary ID corresponding to the second node, and the temporary ID temporarily marks an identity of the second node.

In a possible implementation, the processing unit 1101 is specifically configured to:

and determining the first protection key according to the security parameter and the first freshness parameter.

In another possible implementation, the processing unit 1101 is specifically configured to:

and determining the first protection key according to the security parameters and a cryptographic algorithm.

In a further possible embodiment, the first freshness parameter is a first random number.

In yet another possible implementation, the receiving unit 1103 is further configured to receive third information from the first node, where the third information includes the first identity authentication information and the second key agreement algorithm parameter;

the processing unit 1101 is further configured to determine a first key according to the second key agreement algorithm parameter and the key agreement algorithm;

the processing unit 1101 is further configured to confirm that the identity authentication of the first node passes according to the first key and the first identity authentication information;

the sending unit 1102 is further configured to send fourth information to the first node, where the fourth information includes second identity authentication information; the second identity authentication information is used for authenticating the identity of the second node.

In yet another possible implementation manner, the sending unit 1102 is further configured to send fifth information to the first node, where the fifth information is used to indicate that association is completed. Further, the fifth information may be referred to as association completion information (in a specific scenario, also referred to as an association completion message).

It should be noted that the implementation of each unit may also correspond to the corresponding description of the embodiments shown in fig. 4, fig. 6, or fig. 7. The communication device 110 may be the second node in the embodiments shown in fig. 4, fig. 6 or fig. 7.

Referring to fig. 12, fig. 12 is a schematic structural diagram of a communication device 120 according to an embodiment of the present disclosure, where the communication device 120 may be a node, or may be a device in the node, such as a chip or an integrated circuit. The apparatus 120 may include at least one processor 1202 and a communication interface 1204. Further optionally, the communication device may further comprise at least one memory 1201. Still further optionally, a bus 1203 may be included, wherein the memory 1201, the processor 1202, and the communication interface 1204 are coupled via the bus 1203.

The memory 1201 is used to provide a storage space in which data such as an operating system and a computer program may be stored. The memory 1201 may be one or a combination of Random Access Memory (RAM), read-only memory (ROM), erasable programmable read-only memory (EPROM), or portable read-only memory (CD-ROM), among others.

The processor 1202 is a module for performing arithmetic operation and/or logical operation, and may specifically be one or a combination of multiple processing modules, such as a Central Processing Unit (CPU), a picture processing Unit (GPU), a Microprocessor (MPU), an Application Specific Integrated Circuit (ASIC), a Field Programmable Gate Array (FPGA), a Complex Programmable Logic Device (CPLD), a coprocessor (which assists the central processing Unit to complete corresponding processing and Application), and a Micro Control Unit (MCU).

Communication interface 1204 may be used to provide information input or output to the at least one processor. And/or the communication interface may be used for receiving and/or transmitting data from/to the outside, and may be a wired link interface including, for example, an ethernet cable, and may also be a wireless link (Wi-Fi, bluetooth, general wireless transmission, vehicle-mounted short-range communication technology, etc.) interface. Optionally, the communication interface 1204 may also include a transmitter (e.g., a radio frequency transmitter, an antenna, etc.) or a receiver, etc. coupled to the interface.

The processor 1202 in the apparatus 120 is configured to read the computer program stored in the memory 1201, and is configured to execute the foregoing communication method, for example, the communication method described in the embodiments shown in fig. 3, fig. 4, fig. 5, fig. 6, and fig. 7.

In one design, the communication device 120 may be the first node in the embodiment shown in fig. 3 or fig. 5. The processor 1202 in the apparatus 120 is configured to read the computer program stored in the memory 1201, and is configured to perform the following operations:

sending a first public key and a signature of the first public key through a communication interface 1204;

receiving first information (association request information) from a second node (T node) through a communication interface 1204, the first information including an identification ID ciphertext corresponding to the first public key and an ID of the second node;

decrypting the ID ciphertext according to a first private key corresponding to the first public key to obtain the ID of the second node;

and sending second information (association establishment information) to the second node, wherein the second information comprises a temporary ID corresponding to the second node, and the temporary ID is used for temporarily marking the identity of the second node.

In the embodiment of the application, the second node can protect the ID through the first public key to obtain the ID ciphertext, so that the real ID is not directly transmitted, and the source and the integrity of the first public key can be protected through the signature of the first public key. Further, the second node may verify the first public key according to the signature of the first public key, and then transmit the ID by using a "public key encryption, private key decryption" method. Therefore, the communication device 120 may obtain the real ID of the second node by decrypting the ID ciphertext, and may use the temporary ID to mark the identity of the second node in subsequent communication, so as to protect the real ID of the node from being leaked, and improve data security.

In yet another possible implementation, the first public key is a temporary public key, and the first private key is a temporary private key.

It can be seen that because the existence duration of the temporary key is usually short, compared with the long-term key, the temporary key is not easy to be cracked, so that the privacy of the real ID can be improved by encrypting the real ID by using the temporary public key. In addition, since the long-term key is usually used for a long time, when the long-term key is cracked, all data of communication using the key is affected, and the long-term key does not have forward security. The existing time of the temporary key is usually short, so that the safety of communication data before the temporary key is used is not influenced even if the temporary key is cracked, and the data safety is improved.

In yet another possible embodiment, the first public key is a one-time public key and the first private key is a one-time private key.

In yet another possible implementation, the processor 1202 is further configured to:

signing the first public key based on a private key corresponding to a Digital Certificate (DC) to obtain a signature of the first public key;

the DC is transmitted to the second node over a communication interface 1204.

In yet another possible implementation, the processor 1202 is further configured to:

determining that the identity authentication of the second node passes;

assigning the temporary ID to the second node.

In yet another possible implementation, the first information further includes a first key agreement parameter; the processor element is further configured to:

determining a first key according to the first key negotiation parameter and a key negotiation algorithm;

sending third information to the second node through a communication interface 1204, where the third information includes first identity authentication information and second key agreement parameters, and the first identity authentication information is used for identity authentication of the first node;

receiving fourth information from the second node through a communication interface 1204, where the fourth information includes second identity authentication information;

and confirming that the identity authentication of the second node passes according to the first secret key and the second identity authentication information.

In yet another possible implementation, the processor 1202 is further configured to:

fifth information is received from the second node via the communication interface 1204, the fifth information indicating that the association is complete. Further, the fifth information may be referred to as association completion information (in a specific scenario, also referred to as an association completion message).

For specific implementation, reference may also be made to detailed description in the embodiment shown in fig. 3 or fig. 5, which is not described herein again.

In one design, the communication device 120 may be the first node in the embodiments shown in fig. 4, 6, or 7. The processor 1202 in the apparatus 120 is configured to read the computer program stored in the memory 1201, and is configured to perform the following operations:

receiving first information from a second node through a communication interface 1204, where the first information includes an Identification (ID) ciphertext, and the ID ciphertext corresponds to a first protection key and an ID of the second node;

decrypting the ID ciphertext according to the first protection key to obtain the ID of the second node;

and sending second information to the second node through a communication interface 1204, where the second information includes a temporary ID corresponding to the second node, and the temporary ID is used to temporarily mark the identity of the second node.

In another possible implementation, the processor 1202 is specifically configured to:

and determining the first protection key according to the security parameter and the first freshness parameter.

In another possible implementation, the processor 1202 is specifically configured to:

and determining the first protection key according to the security parameters and a cryptographic algorithm.

In a further possible embodiment, the first freshness parameter is a first random number.

In yet another possible implementation, the processor 1202 is further configured to:

determining that the identity authentication of the second node passes;

assigning the temporary ID to the second node.

In yet another possible implementation, the first information further includes a first key agreement parameter; the processor 1202 is further configured to:

determining a first key according to the first key negotiation parameter and a key negotiation algorithm;

receiving fourth information from the second node through a communication interface 1204, where the fourth information includes second identity authentication information;

and confirming that the identity authentication of the second node passes according to the first secret key and the second identity authentication information.

In yet another possible implementation, the processor is further configured to:

For specific implementation, reference may also be made to detailed descriptions in the embodiments shown in fig. 4, fig. 6, or fig. 7, which are not described herein again.

In one design, the communication device 120 may be the second node in the embodiment shown in fig. 3 or fig. 5. The processor 1202 in the apparatus 120 is configured to read the computer program stored in the memory 1201, and is configured to perform the following operations:

receiving a first public key from a first node and a signature of the first public key through a communication interface 1204;

determining that the integrity of the first public key passes verification according to the signature of the first public key;

sending first information to the first node through a communication interface 1204, where the first information includes an ID ciphertext obtained by encrypting an ID of a second node with the first protection key;

In this embodiment of the application, the communication device 120 may protect the ID through the first public key to obtain the ID ciphertext, so that the real ID is not directly transmitted, and the source and integrity of the first public key may be protected through the signature of the first public key. Further, the communication device 120 may verify the first public key according to the signature of the first public key, and then transmit the ID by using "public key encryption, private key decryption". Therefore, the first node can acquire the real ID of the second node by decrypting the ID ciphertext, and the temporary ID can be used for marking the identity of the second node in subsequent communication, so that the real ID of the node is protected from being leaked, and the data security is improved.

In one possible embodiment, the first public key is a temporary public key.

In yet another possible embodiment, the first public key is a one-time public key.

In yet another possible implementation, the processor is further configured to:

receiving a digital certificate DC from the first node through a communication interface 1204;

the processing unit is further configured to determine that the first public key passes verification according to the public key corresponding to the DC and the signature of the first public key.

In yet another possible implementation, the processor 1202 is further configured to:

receiving third information from the first node through the communication interface 1204, the third information including first identity authentication information and second key agreement algorithm parameters;

determining a first key according to the second key negotiation algorithm parameter and the key negotiation algorithm;

confirming that the identity authentication of the first node passes according to the first key and the first identity authentication information;

sending fourth information to the first node through a communication interface 1204, where the fourth information includes second identity authentication information; the second identity authentication information is used for authenticating the identity of the second node.

In yet another possible implementation, the processor 1202 is further configured to:

sending fifth information to the first node through the communication interface 1204, the fifth information being used to indicate that the association is complete. Further, the fifth information may be referred to as association completion information (in a specific scenario, also referred to as an association completion message).

For specific implementation, reference may also be made to detailed description in the embodiment shown in fig. 3 or fig. 5, which is not described herein again.

In one design, the communication device 120 may be the second node in the embodiment shown in fig. 4, 6, or 7. The processor 1202 in the apparatus 120 is configured to read the computer program stored in the memory 1201, and is configured to perform the following operations:

determining a first protection key based on a security parameter, wherein the security parameter is a pre-shared key PSK between a first node and a second node or a first password of the first node;

encrypting the ID of the second node according to the first protection key to obtain an ID ciphertext;

receiving second information from the first node through a communication interface 1204, where the second information includes a temporary ID corresponding to the second node, and the temporary ID temporarily marks an identity of the second node.

In a possible implementation, the processor 1202 is specifically configured to: