Method, system, and device for obtaining keys

摘要

A communication system that obtains a key includes: a server that confirms support of Identity Based Encryption (IBE) authentication; the server obtains public parameters and a private key for IBE; and the server receives a PreMasterSecret key encrypted through the IBE, and obtains a plain text of the PreMasterSecret key according to the public parameters and the private key. The system includes a client and a server. The client includes an IBE negotiating module, a public parameter obtaining module, a server identifier obtaining module, and a processing module. The server includes an IBE negotiating module, a public parameter obtaining module, a private key obtaining module, and a processing module. Through combination of the IBE technology and the SSL/TLS technology, the modes of encrypting a PreMasterSecret key in the existing SSL/TLS protocol are diversified, and the use scope of the existing SSL/TLS protocol is extended substantially.

主权项

1. A method for obtaining a key, comprising:
receiving, by a server, a Secure Socket layer (SSL)/Transport Layer Security (TLS) protocol client request message from a client, for confirming that the server supports Identity Based Encryption (IBE) authentication; obtaining, by the server, public parameters and a private key for IBE; receiving, by the server, another SSL/TLS protocol client message having a PreMasterSecret key encrypted via IBE; and obtaining, by the server, a plain text of the PreMasterSecret key according to the public parameters and the private key, wherein when the client and the server pre-share at least one package of public parameters, the obtaining of the public parameters for the IBE comprises: notifying, by the server, the client to use the pre-shared at least one public parameter; receiving, by the server, a response from the client according to a notification of the server; and obtaining, by the server, a package of public parameters for the IBE according to the response of the client, and wherein if the client and the server pre-share multiple packages of public parameters, the notifying the client to use the pre-shared public parameters comprises: notifying, by the server, an identifier associated with at least one package of public parameters of the multiple pre-shared packages of public parameters to the client; accordingly, the response of the client is generated in the following way: selecting, by the client, a package of public parameters among the multiple packages of public parameters, and responding to the server, with an identifier associated with the selected package of public parameters.