阅读说明：本技术 一种基于对称秘钥的离线设备双向认证方法和系统 (Off-line equipment bidirectional authentication method and system based on symmetric key ) 是由 邹飞 李子男 利文浩 于 2021-07-13 设计创作，主要内容包括：本发明涉及一种基于对称秘钥的离线设备双向认证方法和系统,方法包括：设备A生成验证字段,设备B生成验证字段,设备A与设备B交换验证字段,基于两个交换字段和对称密钥得到会话密钥,使用会话密钥加密设备A和设备B的确认消息,进行设备A和设备B的验证,验证通过后设备A和设备B使用会话密钥进行通信。与现有技术相比,本发明基于设备A与设备B的验证字段和预先确定的对称密钥生成会话密钥,身份认证速度快,经过双向的确认信息验证后,设备A与设备B验证成功并通信,每次会话的会话密钥是基于验证字段和对称密钥一起生成的,减少了密钥泄漏的风险,而且设备A与设备B通信时使用的是对称加密算法,加密解密效率高。(The invention relates to a method and a system for bidirectional authentication of offline equipment based on a symmetric key, wherein the method comprises the following steps: the method comprises the steps that equipment A generates a verification field, equipment B generates a verification field, the equipment A and the equipment B exchange the verification field, a session key is obtained based on the two exchange fields and a symmetric key, confirmation messages of the equipment A and the equipment B are encrypted by using the session key, the equipment A and the equipment B are verified, and the equipment A and the equipment B communicate by using the session key after the verification is passed. Compared with the prior art, the method and the device have the advantages that the session key is generated based on the verification fields of the device A and the device B and the predetermined symmetric key, the identity authentication speed is high, the device A and the device B are successfully verified and communicate after the two-way confirmation information verification, the session key of each session is generated based on the verification fields and the symmetric key, the risk of key leakage is reduced, and the symmetric encryption algorithm is used when the device A and the device B communicate, so that the encryption and decryption efficiency is high.)

1. An off-line equipment mutual authentication method based on a symmetric key is used for realizing the secure communication between equipment A and equipment B, and is characterized by comprising the following steps:

s1, device A and device B acquire a symmetric key KeyS;

s2, device A generates verification field R_AAnd sends it to device B;

s3, device B receives verification field R_AAnd generates a verification field R_BThe verification field R is encrypted by using a symmetric encryption algorithm and a symmetric key KeyS_AAnd a verification field R_BObtaining a ciphertext, calculating a Hash value of the obtained ciphertext by using a Hash algorithm, and taking the obtained Hash value as a session key SeKey;

s4, device B encrypts the predefined 'B confirmation message' by using the symmetric encryption algorithm and the session key SeKey to obtain the ciphertext BData, and the device B encrypts the ciphertext BData and the verification field R_BSent to the device togetherA；

S5, device A receives the ciphertext BData and the verification field R sent by device B_BThe verification field R is encrypted by using a symmetric encryption algorithm and a symmetric key KeyS_AAnd a verification field R_BObtaining a ciphertext, and calculating a Hash value of the obtained ciphertext by using a Hash algorithm to obtain a session key SeKey;

s6, the device A decrypts the received ciphertext BData by using a symmetric encryption algorithm and a session key SeKey, if the decryption is successful and a 'B confirmation message' sent by the device B is obtained, the device A verifies the device B successfully, and the step S7 is executed, otherwise, the verification fails, and the session between the device A and the device B is terminated;

s7, encrypting a preset 'A confirmation message' by the equipment A by using a symmetric encryption algorithm and a session key SeKey to obtain a ciphertext ADAta, and sending the ciphertext ADAta to the equipment B by the equipment A;

s8, the device B receives the ciphertext ADAta sent by the device A, decrypts the received ciphertext ADAta by using a symmetric encryption algorithm and a session key SeKey, if the decryption is successful and the 'A confirmation message' sent by the device A is obtained, the device B verifies that the device A is successful, the step S9 is executed, otherwise, the verification is failed, and the session between the device A and the device B is terminated;

and S9, the device A and the device B start normal communication, and the transmitted and received data are encrypted and decrypted by using a symmetric encryption algorithm and a session key SeKey in the communication process until the session is completed.

2. The method for bidirectional authentication of offline devices based on symmetric keys as claimed in claim 1, wherein in step S1, if the session key of the previous session is reserved in device a and device B, the session key of the previous session is used as the symmetric key of the session, and if the session key of the previous session is not reserved in device a and device B, the symmetric key is generated by the key management system and sent to device a and device B.

3. The offline device bidirectional authentication method based on the symmetric key as claimed in claim 2, wherein the key management system stores a permanently valid root key RootKey, and the symmetric key generated by the key management system is uniquely determined based on the root key RootKey and the binding relationship between the device a and the device B.

4. The offline device bidirectional authentication method based on the symmetric key as claimed in claim 3, wherein the key management system uses an encryption algorithm and a system root key RootKey to encrypt "the device number IDA unique to the device A and/or the device number IDB unique to the device B" to obtain a ciphertext, the obtained ciphertext is used to calculate a Hash value by using a Hash algorithm, and the obtained Hash value is used as the symmetric key KeyS.

5. The symmetric-key-based offline device bidirectional authentication method as recited in claim 4, wherein the key management system is disposed in a cloud server.

6. The symmetric-key-based offline device mutual authentication method according to claim 1, wherein the verification field R is_AAnd a verification field R_BIs a randomly generated random number.

7. The method for bidirectional authentication of offline equipment based on the symmetric key as claimed in claim 1, wherein the symmetric encryption algorithms used in the equipment a and the equipment B are the same and are pre-integrated in the equipment a and the equipment B.

8. An off-line equipment mutual authentication system based on a symmetric key is characterized in that the off-line equipment mutual authentication method based on the symmetric key according to any one of claims 1-7 comprises a device A and a device B which are in communication connection;

the device A comprises a transceiving unit, a storage unit, a session key generation unit, an encryption unit and a decryption unit, and the device B comprises a transceiving unit, a storage unit, a session key generation unit, an encryption unit and a decryption unit;

the receiving and sending unit is used for receiving and sending information; the storage unit is used for storing a symmetric key KeyS and a session key SeKey of the session; the session key generation unit is based on a symmetric key KeyS and a verification field R_AAnd a verification field R_BObtaining a session key SeKey; the encryption unit encrypts the sent message by using a symmetric encryption algorithm and a session key SeKey; the decryption unit decrypts the received message by using a symmetric encryption algorithm and a session key SeKey.

9. The system according to claim 8, wherein the session key unit generates the session key specifically as follows: using symmetric encryption algorithm, symmetric Key, KeyS, encryption "authentication field R_AAnd a verification field R_BObtaining a ciphertext, calculating a Hash value of the obtained ciphertext by using a Hash algorithm, and taking the obtained Hash value as a session key SeKey.

10. The system of claim 8, wherein the system further comprises a key management system;

if the session key of the previous session is reserved in the device A and the device B, the symmetric key KeyS of the session is the session key of the previous session, and if the session key of the previous session is not reserved in the device A and the device B, the key management system generates the symmetric key and sends the symmetric key to the device A and the device B;

the key management system stores a permanently effective system root key RootKey, and a symmetric key generated by the key management system is uniquely determined based on the system root key RootKey and the binding relationship between the equipment A and the equipment B.

Technical Field

The invention relates to the technical field of information security of data communication, in particular to a method and a system for bidirectional authentication of offline equipment based on a symmetric key.

Background

A key is a value that is used with an encryption algorithm to encrypt some input (referred to as plaintext), and the output of the plaintext encrypted using the key and the encryption algorithm is referred to as ciphertext. Keys are essentially very large numbers, the size of a key being measured in bits (bits), the number represented by a 1024-bit key being very large. In the public key encryption method, the larger the size of the key, the more secure the ciphertext.

Symmetric key encryption, also called private key encryption, i.e. the sender and receiver of information use the same key to encrypt and decrypt data, its most advantage is fast encryption/decryption speed, suitable for encrypting large data volume. The use of symmetric encryption technology will simplify the encryption and decryption processes, each party in the communication does not have to study and exchange its encryption algorithm with each other, all parties in the communication use the same symmetric key and the same encryption algorithm, and after the information sender encrypts the information using the key, the information receiver decrypts the information using the same key. The confidentiality of information can be guaranteed if both communicating parties can ensure that the key common to both parties has not been compromised during the key exchange phase.

The key management of symmetric key encryption is difficult, and due to the unreliability of the network environment, various attack modes exist, such as identity impersonation, old message replay and the like, and once the key is leaked, the communication is not reliable any more. Therefore, many devices in the prior art rely on asymmetric encryption algorithms for communication. However, the asymmetric encryption algorithm depends on the digital certificate server, the digital certificate server needs to manage a large-scale digital certificate and provide management services such as issuance, inquiry, revocation and the like of the certificate, the digital certificate server is relied on to verify the legality of the certificate in the authentication process, the performance is low, the cost is high, the authentication process needs to use the asymmetric encryption algorithm to sign and verify the signature, the performance of the asymmetric algorithm is slow, the requirement on the calculation performance of the asymmetric encryption algorithm is high, the calculation efficiency can be guaranteed only by needing higher cpu performance, and the cost is higher.

Disclosure of Invention

The invention aims to overcome the defects of the prior art and provide an off-line equipment bidirectional authentication method and system based on a symmetric key, a session key is generated based on the verification fields of the equipment A and the equipment B and a predetermined symmetric key, the authentication speed is high, the equipment A and the equipment B are successfully verified and communicated after bidirectional confirmation information verification, the session key of each session is generated based on the verification fields and the symmetric key, the risk of key leakage is reduced, and a symmetric encryption algorithm is still used when the equipment A and the equipment B are communicated, so that the encryption and decryption efficiency is high.

The purpose of the invention can be realized by the following technical scheme:

an off-line equipment mutual authentication method based on a symmetric key is used for realizing the secure communication between equipment A and equipment B, and comprises the following steps:

s1, the device A and the device B acquire a symmetric key KeyS, the device A and the device B need the same specific symmetric key when communicating, and other devices use different symmetric KeyS when other devices do not have communication binding relations with the device A and the device B;

s2, device A generates verification field R_AAnd sends it to device B;

s3, device B receives verification field R_AAnd generates a verification field R_BThe verification field R is encrypted by using a symmetric encryption algorithm and a symmetric key KeyS_AAnd a verification field R_BObtaining a ciphertext, calculating a Hash value of the obtained ciphertext by using a Hash algorithm, and taking the obtained Hash value as a session key SeKey;

s4, device B encrypts the predefined 'B confirmation message' by using the symmetric encryption algorithm and the session key SeKey to obtain the ciphertext BData, and the device B encrypts the ciphertext BData and the verification field R_BSending the data to the device A together;

s5, device A receives the ciphertext BData and the verification field R sent by device B_BThe verification field R is encrypted by using a symmetric encryption algorithm and a symmetric key KeyS_AAnd a verification field R_BObtaining a cipher text, calculating the Hash value of the obtained cipher text by using a Hash algorithm so as to obtain a session key SeKey,thus, the same session key SeKey is obtained in the equipment A and the equipment B;

s6, the device A decrypts the received ciphertext BData by using a symmetric encryption algorithm and a session key SeKey, if the decryption is successful and a 'B confirmation message' sent by the device B is obtained, the device A verifies the device B successfully, and the step S7 is executed, otherwise, the verification fails, and the session between the device A and the device B is terminated;

s7, encrypting a preset 'A confirmation message' by the equipment A by using a symmetric encryption algorithm and a session key SeKey to obtain a ciphertext ADAta, and sending the ciphertext ADAta to the equipment B by the equipment A;

s8, the device B receives the ciphertext ADAta sent by the device A, decrypts the received ciphertext ADAta by using a symmetric encryption algorithm and a session key SeKey, if the decryption is successful and the 'A confirmation message' sent by the device A is obtained, the device B verifies that the device A is successful, the step S9 is executed, otherwise, the verification is failed, and the session between the device A and the device B is terminated;

and S9, the device A and the device B start normal communication, and the transmitted and received data are encrypted and decrypted by using a symmetric encryption algorithm and a session key SeKey in the communication process until the session is completed.

Preferably, the authentication field R_AAnd a verification field R_BIs a random number.

Preferably, the contents of the B acknowledgement message and the a acknowledgement message are stored in advance in the device a, and the contents of the B acknowledgement message and the a acknowledgement message are stored in advance in the device B, and may be "success", "authentication success", and the like, and the B acknowledgement message and the a acknowledgement message may be the same or different.

Preferably, in step S1, if the session key of the previous session is reserved in the device a and the device B, the session key of the previous session is used as the symmetric key of the session, so that the symmetric key used in each session is the session key of the previous session, and the forward security of communication is ensured; if there is no session key for the last session in device A and device B, a symmetric key is generated by the key management system and sent to device A and device B.

Preferably, the key management system stores a permanently valid system root key RootKey, and the symmetric key generated by the key management system is uniquely determined based on the system root key RootKey and the binding relationship between the device a and the device B.

Preferably, the key management system encrypts the unique device number IDA of the device a and/or the unique device number IDB of the device B using an encryption algorithm and a system root key RootKey to obtain a ciphertext, calculates a Hash value of the obtained ciphertext using a Hash algorithm, and uses the obtained Hash value as the symmetric key KeyS.

Preferably, the key management system is arranged in a cloud server.

Preferably, the symmetric encryption algorithms used in the device a and the device B are the same and are pre-integrated into the device a and the device B, such as AES algorithms.

An off-line equipment mutual authentication system based on a symmetric key comprises equipment A and equipment B which are in communication connection;

the device A comprises a transceiving unit, a storage unit, a session key generation unit, an encryption unit and a decryption unit, and the device B comprises a transceiving unit, a storage unit, a session key generation unit, an encryption unit and a decryption unit;

the receiving and sending unit is used for receiving and sending information; the storage unit is used for storing a symmetric key KeyS and a session key SeKey of the session; the session key generation unit is based on a symmetric key KeyS and a verification field R_AAnd a verification field R_BObtaining a session key SeKey; the encryption unit encrypts the sent message by using a symmetric encryption algorithm and a session key SeKey; the decryption unit decrypts the received message by using a symmetric encryption algorithm and a session key SeKey.

Preferably, the generating of the session key by the session key unit is specifically: using symmetric encryption algorithm, symmetric Key, KeyS, encryption "authentication field R_AAnd a verification field R_BObtaining a ciphertext, calculating a Hash value of the obtained ciphertext by using a Hash algorithm, and taking the obtained Hash value as a session key SeKey.

Preferably, the offline device bidirectional authentication system further comprises a key management system;

if the session key of the previous session is reserved in the device A and the device B, the symmetric key KeyS of the session is the session key of the previous session, and if the session key of the previous session is not reserved in the device A and the device B, the key management system generates the symmetric key and sends the symmetric key to the device A and the device B;

the key management system stores a permanently effective system root key RootKey, and a symmetric key generated by the key management system is uniquely determined based on the system root key RootKey and the binding relationship between the equipment A and the equipment B.

Compared with the prior art, the invention has the following beneficial effects:

(1) the session key is generated based on the verification fields of the device A and the device B and the predetermined symmetric key, the identity authentication speed is high, after the two-way confirmation information verification, the device A and the device B are verified successfully and communicated, the session key of each session is generated based on the verification fields and the symmetric key, the risk of key leakage is reduced, and the symmetric encryption algorithm is still used when the device A and the device B are communicated, so that the encryption and decryption efficiency is high.

(2) The system root key is used in the key management system to generate the symmetric key, the information of different devices is encrypted by using the system root key, and then the Hash value is calculated to obtain the symmetric key, so that large-scale key storage and management are not needed, and the key management cost of the cloud is reduced.

(3) Except that the symmetric key is generated by using the key management system during the first session, the symmetric key of each subsequent session is the session key of the previous session, the changed symmetric key further ensures the communication safety, reduces the risk of key leakage, omits the steps of generating and issuing the symmetric key and has higher authentication efficiency.

Drawings

FIG. 1 is a schematic flow chart of a bidirectional authentication method for an offline device;

FIG. 2 is a schematic structural diagram of an offline device mutual authentication system;

FIG. 3 is a schematic diagram of a symmetric key generation and distribution process;

fig. 4 is a schematic diagram of a process of generating and issuing a symmetric key.

Detailed Description

The invention is described in detail below with reference to the figures and specific embodiments. The present embodiment is implemented on the premise of the technical solution of the present invention, and a detailed implementation manner and a specific operation process are given, but the scope of the present invention is not limited to the following embodiments.

Example 1:

an off-line device mutual authentication method based on a symmetric key is used for realizing secure communication between a device a and a device B, and as shown in fig. 1, the method includes the following steps:

s1, the device A and the device B acquire a symmetric key KeyS, the device A and the device B need the same specific symmetric key when communicating, and other devices use different symmetric KeyS when other devices do not have communication binding relations with the device A and the device B;

s2, device A generates verification field R_AAnd sends it to device B;

s3, device B receives verification field R_AAnd generates a verification field R_BThe verification field R is encrypted by using a symmetric encryption algorithm and a symmetric key KeyS_AAnd a verification field R_BObtaining a ciphertext, calculating a Hash value of the obtained ciphertext by using a Hash algorithm, and taking the obtained Hash value as a session key SeKey;

s4, device B encrypts the predefined 'B confirmation message' by using the symmetric encryption algorithm and the session key SeKey to obtain the ciphertext BData, and the device B encrypts the ciphertext BData and the verification field R_BSending the data to the device A together;

s5, device A receives the ciphertext BData and the verification field R sent by device B_BThe verification field R is encrypted by using a symmetric encryption algorithm and a symmetric key KeyS_AAnd a verification field R_BObtaining a ciphertext, calculating a Hash value of the obtained ciphertext by using a Hash algorithm to obtain a session key SeKey, so that the equipment A and the equipment B both obtain the same sessionA key SeKey;

s6, the device A decrypts the received ciphertext BData by using a symmetric encryption algorithm and a session key SeKey, if the decryption is successful and a 'B confirmation message' sent by the device B is obtained, the device A verifies the device B successfully, and the step S7 is executed, otherwise, the verification fails, and the session between the device A and the device B is terminated;

s7, encrypting a preset 'A confirmation message' by the equipment A by using a symmetric encryption algorithm and a session key SeKey to obtain a ciphertext ADAta, and sending the ciphertext ADAta to the equipment B by the equipment A;

s8, the device B receives the ciphertext ADAta sent by the device A, decrypts the received ciphertext ADAta by using a symmetric encryption algorithm and a session key SeKey, if the decryption is successful and the 'A confirmation message' sent by the device A is obtained, the device B verifies that the device A is successful, the step S9 is executed, otherwise, the verification is failed, and the session between the device A and the device B is terminated;

and S9, the device A and the device B start normal communication, and the transmitted and received data are encrypted and decrypted by using a symmetric encryption algorithm and a session key SeKey in the communication process until the session is completed.

In this embodiment, the verification field R_AIs a random number, the authentication field R_BIs a random number, in other embodiments, other ways of generating information may be used as the verification field, such as generating a character, using the current universal time, etc.

In step S1, if the session key of the previous session is reserved in the device a and the device B, the session key of the previous session is used as the symmetric key of the session, so that the symmetric key used in each session is the session key of the previous session, and the forward security of communication is ensured; if there is no session key for the last session in device A and device B, a symmetric key is generated by the key management system and sent to device A and device B.

The key management system stores a permanently effective system root key RootKey, and a symmetric key generated by the key management system is uniquely determined based on the system root key RootKey and the binding relationship between the equipment A and the equipment B.

An off-line equipment mutual authentication system based on a symmetric key is shown in fig. 2 and comprises an equipment A and an equipment B which are in communication connection;

the device A comprises a transceiving unit, a storage unit, a session key generation unit, an encryption unit and a decryption unit, and the device B comprises a transceiving unit, a storage unit, a session key generation unit, an encryption unit and a decryption unit;

the receiving and transmitting unit is used for receiving and transmitting information; the storage unit is used for storing a symmetric key KeyS and a session key SeKey of the session; the session key generation unit is based on the symmetric key KeyS and the verification field R_AAnd a verification field R_BObtaining a session key SeKey; the encryption unit encrypts the sent message by using a symmetric encryption algorithm and a session key SeKey; the decryption unit decrypts the received message by using a symmetric encryption algorithm and a session key SeKey.

The generation of the session key by the session key unit specifically includes: using symmetric encryption algorithm, symmetric Key, KeyS, encryption "authentication field R_AAnd a verification field R_BObtaining a ciphertext, calculating a Hash value of the obtained ciphertext by using a Hash algorithm, and taking the obtained Hash value as a session key SeKey.

The off-line equipment bidirectional authentication system also comprises a key management system; if the session key of the previous session is reserved in the device a and the device B, the symmetric key KeyS of the session is the session key of the previous session, and if the session key of the previous session is not reserved in the device a and the device B, the key management system 3 generates the symmetric key and sends the symmetric key to the device a and the device B; the key management system stores a permanently effective system root key RootKey, and a symmetric key generated by the key management system is uniquely determined based on the system root key RootKey and the binding relationship between the equipment A and the equipment B.

In this embodiment, the device a stores the verification field R in advance_AAnd a verification field R_BThe device B has a pre-stored verification field R_AAnd a verification field R_BVerification field R_AAnd a verification field R_BMay be the sameIt may also be designed separately, such as "success", "successful authentication", etc.

The application scenario of this embodiment is that two devices (device a and device B) use the present application for the first time to communicate:

symmetric key generation and distribution

The key management system is arranged on the cloud server, and a permanent and effective system root key RootKey is stored in the key management system. Device a has a unique device number IDA.

The device A uploads the unique device number IDA of the device A to a key management system, the key management system encrypts the device number IDA by using an encryption algorithm and a system root key RootKey to obtain a ciphertext, the obtained ciphertext calculates a Hash value by using a Hash algorithm, and the obtained Hash value is used as a symmetric key KeyS.

As shown in fig. 3, since the device a and the device B are connected for the first time, the key management system does not store the binding relationship between the devices, and in order to ensure that the symmetric KeyS between the device a and the device B are the same, the device a is connected to the key management system, and the key management system issues the symmetric key KeyS to the device a; the device A is bound and connected with the device B, the device B can obtain the unique device number IDA of the device A, the device B uploads the unique device number IDA of the device A to the key management system, and the key management system issues the symmetric key KeyS to the device B.

As shown in fig. 4, in other embodiments, the device number IDA and the device number IDB or other information may be combined to obtain the symmetric key, and then the symmetric key is issued to the device a and the device B.

(II) two-way identity authentication

Device A generates a random number R_AAnd sends it to device B;

device B receives a random number R_AAnd generates a random number R_BThe symmetric encryption algorithm and symmetric key KeyS are used for encrypting the random number R_AAnd a random number R_BObtaining a ciphertext, calculating a Hash value of the obtained ciphertext by using a Hash algorithm, and taking the obtained Hash value as a session key SeKey;

the device B uses a symmetric encryption algorithm and a session key SeKey pairThe 'B confirmation message' specified in advance is encrypted to obtain a ciphertext BData, and the device B encrypts the ciphertext BData and the random number R_BSending the data to the device A together;

device A receives ciphertext BData and random number R transmitted by device B_BThe symmetric encryption algorithm and symmetric key KeyS are used for encrypting the random number R_AAnd a random number R_BObtaining a ciphertext, and calculating a Hash value of the obtained ciphertext by using a Hash algorithm to obtain a session key SeKey, so that the same session key SeKey is obtained in the equipment A and the equipment B;

the device A decrypts the received ciphertext BData by using a symmetric encryption algorithm and a session key SeKey, and if the decryption is successful and a 'B confirmation message' sent by the device B is obtained, the device A verifies that the device B is successful;

the device A encrypts a preset 'A confirmation message' by using a symmetric encryption algorithm and a session key SeKey to obtain a ciphertext ADAta, and the device A sends the ciphertext ADAta to the device B;

the device B receives the ciphertext ADAta sent by the device A, decrypts the received ciphertext ADAta by using a symmetric encryption algorithm and a session key SeKey, and if the decryption is successful and an 'A confirmation message' sent by the device A is obtained, the device B verifies that the device A is successful;

and the equipment A and the equipment B start normal communication, and the sent and received data are encrypted and decrypted by using a symmetric encryption algorithm and a session key SeKey in the communication process until the session is completed.

Example 2:

the application scenario of this embodiment is that two devices (device a and device B) use the present application again for communication, where the generation and issue of the symmetric key are different.

The device A and the device B use the session key to encrypt and decrypt in the last session, after the session is finished, the session key is stored in the device A and the device B, the key management system is not used in the session, the session key of the last session in the device A and the device B is used as the symmetric key of the session, the symmetric key is not required to be issued, and the device A and the device B directly perform bidirectional identity authentication.

Therefore, each new session takes the session key of the previous session as the symmetric key of the session, the symmetric key of each session is updated, the risk of key leakage is further reduced, the communication is safer, the forward security is realized, the session key of each session is stored in the equipment A and the equipment B, the processes of generating and issuing the symmetric key are not needed, and the security authentication process is simplified.

The symmetric encryption algorithms used in the device a and the device B are the same and are pre-integrated in the device a and the device B, such as AES and the like.

The foregoing detailed description of the preferred embodiments of the invention has been presented. It should be understood that numerous modifications and variations could be devised by those skilled in the art in light of the present teachings without departing from the inventive concepts. Therefore, the technical solutions available to those skilled in the art through logic analysis, reasoning and limited experiments based on the prior art according to the concept of the present invention should be within the scope of protection defined by the claims.