阅读说明：本技术 一种基于标识的ecc密钥对生成方法 (ECC key pair generation method based on identification ) 是由 牛毅 魏振华 卢学强 于 2021-07-27 设计创作，主要内容包括：本发明涉及一种基于标识的ECC密钥对生成方法,属于信息安全技术领域。该方法包括以下步骤：S1：主密钥集的生成；S2：终端私钥的生成；S3：终端公钥的生成。本发明将标识密钥的优势应于ECC密钥对的生成,解决了ECC密钥的管理难题,其体系简单,实现了标识即密钥,是轻量化的密钥管理方法,建设与运维成本仅为CA体系的1/4,是物联网领域非常理想的密钥管理体系和方法。(The invention relates to an ECC key pair generation method based on identification, and belongs to the technical field of information security. The method comprises the following steps: s1: generating a master key set; s2: generating a terminal private key; s3: and generating a terminal public key. The invention has the advantages of the identification key corresponding to the generation of the ECC key pair, solves the management problem of the ECC key, has simple system, realizes the identification, namely the key, is a light-weight key management method, has construction and operation and maintenance costs only 1/4 of a CA system, and is a very ideal key management system and method in the field of Internet of things.)

1. An identification-based elliptic curve cryptography ECC key pair generation method is characterized by comprising the following steps: the method comprises the following steps:

s1: generating a master key set;

s2: generating a terminal private key;

s3: and generating a terminal public key.

2. The method of claim 1, wherein the method further comprises: in S1, the key management center sets elliptic curve parameters according to the service requirements, where the elliptic curve parameters include:

finite field F_pThe number p of medium elements;

finite field F_pElements a and b of (1), for defining F_pAn elliptic curve E above;

the order of a base point G of the elliptic curve is prime number;

the order n of the base point G, n being # E (F)_p) A prime factor of (c);

wherein # has no practical meaning, refer to the national standard GB/T32918-;

after the elliptic curve parameters are set, the hardware password device at the center of the key generates m random numbers, wherein m is a power number of 2, and m is 2^qQ is an integer, m is not less than 4 and is marked as msk_iIf the number of the elements in the main private key set is more than 0 and less than m, i represents the ith element in the main private key set; the m random numbers are stored in a key safety area of the password equipment according to linear encryption, the key safety area is a main private key set and is recorded as msks, the storage and the use of the main private key set are limited in the password equipment, and any element of the main private key set prohibits external access.

3. An identification-based ECC key pair generation method according to claim 2, wherein: the main public key set is obtained by calculation according to the main private key set, and the calculation method comprises the following steps:

sequentially taking out the ith element ciphertext in the main private key set in the password equipment and decrypting to obtain msk_iThen, calculating the corresponding public key, i.e. MPK, according to the elliptic curve cryptography multiple point algorithm_i＝msk_i·G，MPK_iMsk being base point G of elliptic curve_iMultiple point, msk_iAnd MPK_iA key pair constituting an elliptic curve; and sequentially outputting the calculated main public key elements and storing the main public key elements in a file according to a linear mode, wherein the file consisting of the m main public key elements is a main public key set and is marked as MPKS, and the main public key set can be published.

4. The method of claim 1, wherein the method further comprises: the hardware password equipment comprises a peripheral element connected with a PCI-E (peripheral component interconnect express) password card or a password machine;

the PCI-E is a high-speed serial computer expansion bus standard, and the PCI-E password card is a hardware password device based on the standard.

5. The method of claim 3, wherein the method further comprises: in S2, the generation of the terminal private key is cooperatively completed by the terminal, the key center, and the hardware cryptographic device storing the master private key set, the terminal private key is owned by the terminal only, and the key center cannot know the terminal private key, which specifically includes the following steps:

s21: the device identification is ID_ATerminal device of (1) generating a random number r₁And obtaining ID through a terminal private key factor generating function_AThe corresponding private key factor sk_A，sk_A＝f_A(r₁，ID_A) mod n, secret key factor sk_AThe encryption is stored in a terminal equipment security area;

f_Arepresents a hash function one, including SM3 and SHA256, and converts the random number r₁And an identification ID_AComputing hash of concatenated strings to obtain sk_A；r₁Is a random number, n is # E (F)_p) A prime factor of (c);

s22: the terminal equipment calculates a terminal private key factor sk according to an elliptic curve password multiple point algorithm_ACorresponding public key factor PK_AWherein PK is_A＝sk_A·G；

S23: the terminal device will identify ID_AAnd PK_ASending the key to a key management center;

s24: the key management center acts as a cooperative participant and also generates a key center for ID_AAnd the corresponding public key factor, i.e. the key center generates a random number r₂And then obtaining ID according to the central private key factor generation function_AThe corresponding private key factor sk_sNamely sk_s＝f_s(r₂，ID_A，T_s)mod n，f_sIs a hash function of two, where T_SIs the current time of the key center;

s25: the key center calculates the public key factor PK corresponding to the central private key factor according to the elliptic curve cryptography multiple point algorithm_SWherein PK is_S＝sk_S·G；

S26: key center calculates self-defined public key SPK_A，SPK_A＝PK_S+PK_A(ii) a Then according to the identification ID_AAnd calculating the mapping sequence based on the identification by the self-defined public key, wherein the calculation formula is alpha-f_K(ID_A，SPK_A) Wherein f is_kIs a message authentication code HMAC function, SPK, based on a hash algorithm_AIs a secret key, ID_AIs a message; then grouping alpha, the grouping is marked as delta_xX is more than 0 and less than g, wherein x is an integer, and g is the number of groups; g is set when a key center is initialized; determining an offset O by a mapping transformation function_xIn which O is_x＝f_o(δ_x) mod m; determining an offset O by a mapping transformation function_xIn which O is_x＝f_o(δ_x)mod m，f_oIs an offset solving function, i.e. calculates per packet O_xThe corresponding value;

s27: selecting g elements from the master private key set respectively by the obtained g offsets in the hardware password equipment, and recording the g elements as msk₀，msk₁，...，msk_g-1And modulo-adding the data to obtain the device identification ID_AThe corresponding identification private key, i.e.

S28: hardware cipherThe code equipment outputs the identification private key to a key center, the key center and a defined private key factor sk_SCompounding results in a central composite private key, csk_A＝(isk_A+sk_S)mod n；

S29: key center with center composite private key csk_AAnd a custom public key SPK_AReturning to the terminal equipment through the secure channel, and compounding the terminal equipment and the equipment private key factor to obtain a final terminal private key, namely tsk_A＝(sk_A+csk_A) mod n and secret the terminal key tsk_AEncrypting and storing the data in a device security key area, and simultaneously customizing a public key SPK_AStored in the device data area.

6. An identification-based ECC key pair generation method according to claim 5, wherein: in the step S3, the terminal public key is corresponding to the terminal private key stored in the terminal device, and the identification public key is obtained by calculating the terminal identification and the master public key set, and then is obtained by combining the identification public key with the user-defined public key; the safety certification between the terminals is that the terminal A signs the challenge data given by the terminal B and sends the signed data to the terminal B for signature verification, and the signed data comprises the identification ID of the terminal A_ASignature value sig and self-defined public key SPK of terminal A_A(ii) a The public key of the terminal A is generated before the terminal B verifies the signature, and the method for generating the public key of the terminal A specifically comprises the following steps:

s31: according to the identification ID_AAnd a custom public key SPK_ACalculating a mapping sequence based on the identity, i.e. α ═ f_K(ID_A，SPK_A) Then grouping alpha, the grouping is denoted as delta_xX is more than 0 and less than g (wherein x is an integer, g is the number of groups, g is set when initializing the key center, and the offset O is determined by mapping transformation function_xIn which O is_x＝f_o(δ_x) mod m; determining an offset O by a mapping transformation function_xIn which O is_x＝f_o(δ_x)mod m，f_oIs an offset solving function, i.e. calculates per packet O_xThe corresponding value;

s32: g obtained offsets O_xG elements are selected from the master public key set, and are recorded as MPK₀，MPK₁，...，MPK_g-1Adding the obtained g elements to obtain the identification ID of the terminal A_AThe corresponding identification public key, i.e.

S33: will identify the public key IPK_AAnd a custom public key SPK_ACompounding to obtain the public key corresponding to the terminal A, namely the TPK_A＝IPK_A+SPK_A。

7. A computer apparatus comprising a memory, a processor, and a computer program stored on the memory and capable of running on the processor, wherein: the processor, when executing the computer program, implements the method of any of claims 1-6.

8. A computer-readable storage medium having stored thereon a computer program, characterized in that: the computer program, when executed by a processor, implements the method of any one of claims 1-6.

Technical Field

The invention belongs to the technical field of information security, and relates to an ECC key pair generation method based on identification.

Background

In the public Key system of cryptography, there are two major systems, one is the pki (public Key infrastructure) CA system that has matured at present, that is, the certificate system that we often say. Through development for more than 10 years, the PKI certificate authentication system has very good security guarantee for network application based on human behaviors, and has been applied to various Internet electronic service applications.

The communication between things of the internet of things has the requirements of narrow-band communication, low power consumption and the like, and meanwhile, the communication has the characteristics of large quantity, wide-area distribution and the like, and the requirements of diversity and particularity of the application of the internet of things are different from the traditional internet application mainly based on people, and the deficiency of the application of the internet of things in the PKI certificate authentication technology is gradually shown. Therefore, an identification public key algorithm based on the device identification (for example, SM9 is a typical identification public key algorithm) is generated and applied to the security application of the internet of things, so as to protect the safety of the application of the internet of things. The SM9 overcomes some defects of PKI CA in the application of the Internet of things, realizes end-to-end decentralized authentication, and can better adapt to the requirements of the Internet of things; however, the required computing resources are undoubtedly a popularization difficulty for the internet of things of the weak terminal, and the internet of things platform is basically built according to the PKI CA system, and how to realize the compatibility of the sensing layer internet of things terminal and the security system of the platform is the key for the development of the internet of things. The sensing layer network adopting SM9 and the Internet of things platform based on PKICA are difficult to interconnect and intercommunicate, different security systems are adopted between different layers and are incompatible, and higher difficulty and cost of construction, operation and maintenance are brought to application.

The performance of an ECC (ECC) cryptographic algorithm is about 12 times higher than that of an SM9 cryptographic algorithm, and the required computing resources are less, so that the ECC cryptographic algorithm adopted in the field of the Internet of things is superior to the SM9 cryptographic algorithm. However, the ECC key is usually managed by PKI CA, which is complex in system, high in management cost, highly dependent on the center, and not suitable for application in the aspect of internet of things.

Disclosure of Invention

In view of the above, the present invention provides an ECC key pair generation method based on identification. The ECC key pair generation method based on the identification simplifies the generation and distribution of the ECC key, and solves the authenticity proving problem of the public key in application through the relevance of the identification and the key. Meanwhile, the invention adopts the terminal and the center to cooperatively finish the key generation, solves the problem that the identification key can only be produced by the center and does not meet the requirement of an electronic signature method, ensures that the application range of the light identification key system is the same as that of PKI CA, and widens the application field of the identification code.

In order to achieve the purpose, the invention provides the following technical scheme:

an identification-based Elliptic Curve Cryptography (ECC) key pair generation method comprises the following steps:

s1: generating a master key set;

s2: generating a terminal private key;

s3: and generating a terminal public key.

Optionally, in S1, the key management center sets an elliptic curve parameter according to the service requirement, where the elliptic curve parameter includes:

finite field F_pThe number p of medium elements;

finite field F_pElements a and b of (1), for defining F_pAn elliptic curve E above;

the order of a base point G of the elliptic curve is prime number;

the order n of the base point G, n being # E (F)_p) A prime factor of (c);

wherein # has no practical meaning, refer to the national standard GB/T32918-;

after the elliptic curve parameters are set, the hardware password device at the center of the key generates m random numbers, wherein m is a power number of 2, and m is 2^qQ is an integer, m is not less than 4 and is marked as msk_iIf the number of the elements in the main private key set is more than 0 and less than m, i represents the ith element in the main private key set; the m random numbers are stored in a key safety area of the password equipment according to linear encryption, the key safety area is a main private key set and is recorded as msks, the storage and the use of the main private key set are limited in the password equipment, and any element of the main private key set prohibits external access.

Optionally, the master public key set is obtained by calculation according to the master private key set, and the calculation method includes:

sequentially taking out the ith element ciphertext in the main private key set in the password equipment and decrypting to obtain msk_iThen, calculating the corresponding public key, i.e. MPK, according to the elliptic curve cryptography multiple point algorithm_i＝msk_i·G，MPK_iMsk being base point G of elliptic curve_iMultiple point, msk_iAnd MPK_iA key pair constituting an elliptic curve; the calculated main public key elements are sequentially output and linearly stored in a file, and the file is composed of m main public key elementsA piece is a master public key set, denoted as MPKS, which is public.

Optionally, the hardware cryptographic device includes a peripheral component connected to a PCI express-E cryptographic card or a cryptographic engine;

the PCI-E is a high-speed serial computer expansion bus standard, and the PCI-E password card is a hardware password device based on the standard.

Optionally, in S2, the generation of the terminal private key is cooperatively completed by the terminal, the key center, and the hardware cryptographic device storing the master private key set, where the terminal private key is owned by the terminal only, and the key center cannot know the terminal private key, and the method specifically includes the following steps:

s21: the device identification is ID_ATerminal device of (1) generating a random number r₁And obtaining ID through a terminal private key factor generating function_AThe corresponding private key factor sk_A，sk_A＝f_A(r₁，ID_A) mod n, secret key factor sk_AThe encryption is stored in a terminal equipment security area;

f_Arepresents a hash function one, including SM3 and SHA256, and converts the random number r₁And an identification ID_AComputing hash of concatenated strings to obtain sk_A；r₁Is a random number, n is # E (F)_p) A prime factor of (c);

s22: the terminal equipment calculates a terminal private key factor sk according to an elliptic curve password multiple point algorithm_ACorresponding public key factor PK_AWherein PK is_A＝sk_A·G；

S23: the terminal device will identify ID_AAnd PK_ASending the key to a key management center;

s24: the key management center acts as a cooperative participant and also generates a key center for ID_AAnd the corresponding public key factor, i.e. the key center generates a random number r₂And then obtaining ID according to the central private key factor generation function_AThe corresponding private key factor sk_SNamely sk_S＝f_S(r₂，ID_A，T_s)mod n，f_sIs a hash function of two, where T_SAs a key centerThe current time of day;

s25: the key center calculates the public key factor PK corresponding to the central private key factor according to the elliptic curve cryptography multiple point algorithm_SWherein PK is_S＝sk_S·G；

S26: key center calculates self-defined public key SPK_A，SPK_A＝PK_S+PK_A(ii) a Then according to the identification ID_AAnd calculating the mapping sequence based on the identification by the self-defined public key, wherein the calculation formula is alpha-f_K(ID_A，SPK_A) Wherein f is_kIs a message authentication code HMAC function, SPK, based on a hash algorithm_AIs a secret key, ID_AIs a message; then grouping alpha, the grouping is marked as delta_xX is more than 0 and less than g, wherein x is an integer, and g is the number of groups; g is set when a key center is initialized; determining an offset O by a mapping transformation function_xIn which O is_x＝f_o(δ_x) mod m; determining an offset O by a mapping transformation function_xIn which O is_x＝f_o(δ_x)mod m，f_oIs an offset solving function, i.e. calculates per packet O_xThe corresponding value;

s27: selecting g elements from the master private key set respectively by the obtained g offsets in the hardware password equipment, and recording the g elements as msk₀，msk₁，...，msk_g-1And modulo-adding the data to obtain the device identification ID_AThe corresponding identification private key, i.e.

S28: the hardware password equipment outputs an identification private key to a key center, the key center and a defined private key factor sk_SCompounding results in a central composite private key, csk_A＝(isk_A+sk_S)mod n；

S29: key center with center composite private key csk_AAnd a custom public key SPK_AReturning to the terminal equipment through the secure channel, and compounding the terminal equipment and the equipment private key factor to obtain a final terminal private key, namely tsk_A＝(sk_A+csk_A) mod n, and will end upEnd private key tsk_AEncrypting and storing the data in a device security key area, and simultaneously customizing a public key SPK_AStored in the device data area.

Optionally, in S3, the terminal public key corresponds to the terminal private key stored in the terminal device, and is obtained by calculating the terminal identifier and the master public key set to obtain an identifier public key and then combining the identifier public key with the user-defined public key; the safety certification between the terminals is that the terminal A signs the challenge data given by the terminal B and sends the signed data to the terminal B for signature verification, and the signed data comprises the identification ID of the terminal A_ASignature value sig and self-defined public key SPK of terminal A_A(ii) a The public key of the terminal A is generated before the terminal B verifies the signature, and the method for generating the public key of the terminal A specifically comprises the following steps:

s31: according to the identification ID_AAnd a custom public key SPK_ACalculating a mapping sequence based on the identity, i.e. α ═ f_K(ID_A，SPK_A) Then grouping alpha, the grouping is denoted as delta_xX is more than 0 and less than g (wherein x is an integer, g is the number of groups, g is set when initializing the key center, and the offset O is determined by mapping transformation function_xIn which O is_x＝f_o(δ_x) mod m; determining an offset O by a mapping transformation function_xIn which O is_x＝f_o(δ_x)mod m，f_oIs an offset solving function, i.e. calculates per packet O_xThe corresponding value;

s32: g obtained offsets O_xG elements are selected from the master public key set, and are recorded as MPK₀，MPK₁，...，MPK_g-1Adding the obtained g elements to obtain the identification ID of the terminal A_AThe corresponding identification public key, i.e.

S33: will identify the public key IPK_AAnd a custom public key SPK_ACompounding to obtain the public key corresponding to the terminal A, namely the TPK_A＝IPK_A+SPK_A。

A computer arrangement comprising a memory, a processor and a computer program stored on the memory and being executable on the processor, the processor implementing the method as described when executing the computer program.

A computer-readable storage medium, on which a computer program is stored which, when being executed by a processor, carries out the method as set forth.

The invention has the beneficial effects that: the invention has the advantages of the identification key corresponding to the generation of the ECC key pair, solves the management problem of the ECC key, has simple system, realizes the identification, namely the key, is a light-weight key management method, has construction and operation and maintenance costs only 1/4 of a CA system, and is a very ideal key management system and method in the field of Internet of things.

Additional advantages, objects, and features of the invention will be set forth in part in the description which follows and in part will become apparent to those having ordinary skill in the art upon examination of the following or may be learned from practice of the invention. The objectives and other advantages of the invention may be realized and attained by the means of the instrumentalities and combinations particularly pointed out hereinafter.

Drawings

For the purposes of promoting a better understanding of the objects, aspects and advantages of the invention, reference will now be made to the following detailed description taken in conjunction with the accompanying drawings in which:

FIG. 1 is a master key set composition diagram of the present invention;

FIG. 2 is a flow chart of the terminal private key generation of the present invention;

fig. 3 is a flowchart of the terminal public key generation of the present invention.

Detailed Description

The embodiments of the present invention are described below with reference to specific embodiments, and other advantages and effects of the present invention will be easily understood by those skilled in the art from the disclosure of the present specification. The invention is capable of other and different embodiments and of being practiced or of being carried out in various ways, and its several details are capable of modification in various respects, all without departing from the spirit and scope of the present invention. It should be noted that the drawings provided in the following embodiments are only for illustrating the basic idea of the present invention in a schematic way, and the features in the following embodiments and examples may be combined with each other without conflict.

Wherein the showings are for the purpose of illustrating the invention only and not for the purpose of limiting the same, and in which there is shown by way of illustration only and not in the drawings in which there is no intention to limit the invention thereto; to better illustrate the embodiments of the present invention, some parts of the drawings may be omitted, enlarged or reduced, and do not represent the size of an actual product; it will be understood by those skilled in the art that certain well-known structures in the drawings and descriptions thereof may be omitted.

The same or similar reference numerals in the drawings of the embodiments of the present invention correspond to the same or similar components; in the description of the present invention, it should be understood that if there is an orientation or positional relationship indicated by terms such as "upper", "lower", "left", "right", "front", "rear", etc., based on the orientation or positional relationship shown in the drawings, it is only for convenience of description and simplification of description, but it is not an indication or suggestion that the referred device or element must have a specific orientation, be constructed in a specific orientation, and be operated, and therefore, the terms describing the positional relationship in the drawings are only used for illustrative purposes, and are not to be construed as limiting the present invention, and the specific meaning of the terms may be understood by those skilled in the art according to specific situations.

Please refer to fig. 1 to 3.

Generation of a master key set

The key management center sets elliptic curve parameters according to service requirements, and the method comprises the following steps:

(1) p: finite field F_pP is a finite field F_pThe number of middle elements;

(2) a, b: finite field F_pThe elements of (1), which define F_pAn elliptic curve E above;

(3) g: a base point of the elliptic curve, the order of which is prime number;

(4) n: order of base point G (n is # E (F)_p) Prime factor of).

After the elliptic curve parameters are set, the hardware password equipment (such as a PCI-E password card or a password machine) at the center of the secret key) Generating m random numbers (where m is a power of 2, i.e., m is 2)^qQ is an integer, m is not less than 4 and is marked as msk_iIf the condition that i is more than 0 and less than m is met, the m random numbers are stored in a key safety area of the password equipment according to linear encryption, namely a main private key set (marked as msks) of the invention, the storage and the use of the main private key set are limited in the password equipment, and any element of the main private key set forbids external access.

The generation method of the main public key set is obtained by calculation according to the main private key set, and the calculation method is to sequentially take out the ith element ciphertext in the main private key set in the password equipment and decrypt the ith element ciphertext to obtain msk_iThen, the corresponding public key, i.e. MPK, is calculated according to the elliptic curve cryptography algorithm_i＝msk_iG, sequentially outputting the calculated main public key elements and storing the main public key elements in a file in a linear mode, wherein the file formed by the m main public key elements is a main public key set which is recorded as MPKS and can be published.

Second, generation of terminal private key

The generation of the terminal private key is completed by the cooperation of the terminal, the key center and the hardware password device storing the main private key set, so that the terminal private key is only owned by the terminal, the key center cannot know the private key of the terminal, and the problem that the identification key can only be generated by the center and does not conform to an electronic signature method is solved. The method for the terminal private key comprises the following steps:

(1) terminal equipment (equipment identification is ID)_A) Generating a random number r₁And obtaining ID through a terminal private key factor generating function_AThe corresponding private key factor sk_ANamely sk_A＝f_A(r₁，ID_A) mod n, secret key factor sk_AThe encryption is stored in the terminal equipment security area.

(2) The terminal equipment calculates the terminal private key factor sk according to the elliptic curve cryptographic algorithm_ACorresponding public key factor PK_AWherein PK is_A＝sk_A·G。

(3) The terminal device will identify ID_AAnd PK_AAnd sending the information to a key management center.

(4) The key management center acts as a co-party,key center pair ID is also generated_AAnd the corresponding public key factor, i.e. the key center generates a random number r₂And then obtaining ID according to the central private key factor generation function_AThe corresponding private key factor sk_SNamely sk_S＝f_S(r₂，ID_A，T_s) mod n, where T_SThe current time of the key center.

(5) The key center calculates the public key factor PK corresponding to the central private key factor according to the elliptic curve cryptographic algorithm_SWherein PK is_S＝sk_S·G。

(6) The Key center calculates a Self-defined Public Key (SPK)_A＝PK_S+PK_AThen according to the ID_AAnd custom public key computation identifier-based mapping sequences, i.e. α ═ f_K(ID_A，SPK_A) Then grouping alpha, the grouping is denoted as delta_xX is more than 0 and less than g, wherein x is an integer, and g is the number of groups; g is set when a key center is initialized; determining an offset O by a mapping transformation function_xIn which O is_x＝f_o(δ_x) mod m; determining an offset O by a mapping transformation function_xIn which O is_x＝f_o(δ_x)mod m，f_oIs an offset solving function, i.e. calculates per packet O_xThe corresponding value;

s27: selecting g elements from the master private key set respectively by the obtained g offsets in the hardware password equipment, and recording the g elements as msk₀，msk₁，...，msk_g-1And modulo-adding the data to obtain the device identification ID_AThe corresponding identification private key, i.e.

(7) Selecting g elements from the master private key set respectively by the obtained g offsets in the hardware password equipment, and recording the g elements as msk₀，msk₁，...，msk_g-1And modulo-adding the data to obtain the device identification ID_AThe corresponding identification private key, i.e.

(8) The hardware password equipment outputs an identification private key to a key center, the key center and a defined private key factor sk_SCompounding to obtain a Central compound private Key (Central Secret Key), namely csk_A＝(isk_A+sk_S)mod n。

(9) Key center with center composite private key csk_AAnd a custom public key SPK_AReturning to the Terminal equipment through the secure channel, and obtaining a final Terminal private Key (tsk) by compounding the Terminal equipment and the equipment private Key factor_A＝(sk_A+csk_A) mod n and secret the terminal key tsk_AEncrypting and storing the data in a device security key area, and simultaneously customizing a public key SPK_AStored in the device data area.

Third, generation of terminal public key

The terminal public key in the invention is corresponding to the terminal private key stored in the terminal equipment, and is obtained by calculating the terminal identifier and the main public key set to obtain the identifier public key and then compounding the identifier public key with the user-defined public key. The safety certification between the terminals is that the terminal A signs the challenge data given by the terminal B and sends the signed data to the terminal B for signature verification, and the signed data comprises the identification ID of the terminal A_ASignature value sig and self-defined public key SPK of terminal A_A. Before the terminal B verifies the signature, the public key of the terminal A needs to be generated, and the generation method comprises the following steps:

(1) according to the identification ID_AAnd a custom public key SPK_ACalculating a mapping sequence based on the identity, i.e. α ═ f_K(ID_A，SPK_A) Then grouping alpha, the grouping is denoted as delta_xX is more than 0 and less than g (wherein x is an integer, g is the number of groups, g is set when initializing the key center, and the offset O is determined by mapping transformation function_xIn which O is_x＝f_o(δ_x) mod m; determining an offset O by a mapping transformation function_xIn which O is_x＝f_o(δ_x)mod m，f_oIs an offset solving function, i.e. calculates per packet O_xThe corresponding value;

(2) g obtained offsets O_xG elements are selected from the master public key set, and are recorded as MPK₀，MPK₁，...，MPK_g-1Adding the obtained g elements to obtain the identification ID of the terminal A_AThe corresponding identification public key, i.e.

(3) Will identify the public key IPK_AAnd a custom public key SPK_ACompounding to obtain the corresponding public key of terminal A, i.e. TPK_A＝IPK_A+SPK_A。

It should be recognized that embodiments of the present invention can be realized and implemented by computer hardware, a combination of hardware and software, or by computer instructions stored in a non-transitory computer readable memory. The methods may be implemented in a computer program using standard programming techniques, including a non-transitory computer-readable storage medium configured with the computer program, where the storage medium so configured causes a computer to operate in a specific and predefined manner, according to the methods and figures described in the detailed description. Each program may be implemented in a high level procedural or object oriented programming language to communicate with a computer system. However, the program(s) can be implemented in assembly or machine language, if desired. In any case, the language may be a compiled or interpreted language. Furthermore, the program can be run on a programmed application specific integrated circuit for this purpose.

Further, the operations of processes described herein can be performed in any suitable order unless otherwise indicated herein or otherwise clearly contradicted by context. The processes described herein (or variations and/or combinations thereof) may be performed under the control of one or more computer systems configured with executable instructions, and may be implemented as code (e.g., executable instructions, one or more computer programs, or one or more applications) collectively executed on one or more processors, by hardware, or combinations thereof. The computer program includes a plurality of instructions executable by one or more processors.

Further, the method may be implemented in any type of computing platform operatively connected to a suitable interface, including but not limited to a personal computer, mini computer, mainframe, workstation, networked or distributed computing environment, separate or integrated computer platform, or in communication with a charged particle tool or other imaging device, and the like. Aspects of the invention may be embodied in machine-readable code stored on a non-transitory storage medium or device, whether removable or integrated into a computing platform, such as a hard disk, optically read and/or write storage medium, RAM, ROM, or the like, such that it may be read by a programmable computer, which when read by the storage medium or device, is operative to configure and operate the computer to perform the procedures described herein. Further, the machine-readable code, or portions thereof, may be transmitted over a wired or wireless network. The invention described herein includes these and other different types of non-transitory computer-readable storage media when such media include instructions or programs that implement the steps described above in conjunction with a microprocessor or other data processor. The present invention also includes the computer itself when programmed with the identification-based ECC key pair generation methods and techniques described herein.

A computer program can be applied to input data to perform the functions described herein to transform the input data to generate output data that is stored to non-volatile memory. The output information may also be applied to one or more output devices, such as a display. In a preferred embodiment of the invention, the transformed data represents physical and tangible objects, including particular visual depictions of physical and tangible objects produced on a display.

Finally, the above embodiments are only intended to illustrate the technical solutions of the present invention and not to limit the present invention, and although the present invention has been described in detail with reference to the preferred embodiments, it will be understood by those skilled in the art that modifications or equivalent substitutions may be made on the technical solutions of the present invention without departing from the spirit and scope of the technical solutions, and all of them should be covered by the claims of the present invention.