CN106487761A - A kind of method for message transmission and the network equipment - Google Patents
A kind of method for message transmission and the network equipment Download PDFInfo
- Publication number
- CN106487761A CN106487761A CN201510543931.0A CN201510543931A CN106487761A CN 106487761 A CN106487761 A CN 106487761A CN 201510543931 A CN201510543931 A CN 201510543931A CN 106487761 A CN106487761 A CN 106487761A
- Authority
- CN
- China
- Prior art keywords
- terminal
- message
- network equipment
- user group
- encryption key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Mobile Radio Communication Systems (AREA)
- Telephonic Communication Services (AREA)
- Telephone Function (AREA)
Abstract
The present embodiments relate to communication technical field, more particularly, to a kind of method for message transmission and the network equipment, in order to improve the safety of transmission information between each terminal in user's group.In the embodiment of the present invention, the network equipment can draw origination message using the decruption key of the network equipment to first message deciphering, the encryption key of N number of second terminal and each second terminal is determined afterwards first user group belonging to from first terminal for the network equipment, and using the encryption key of each second terminal, origination message is encrypted, it is sent respectively to each second terminal.Due to there are at least two second terminals in this first user group, corresponding encryption key is different respectively.Therefore, even if second terminal has revealed the decruption key of this second terminal, counterfeiter also cannot information based on the other terminals of the deciphering revealed, improve information transmission safety.
Description
Technical field
The present embodiments relate to communication technical field, more particularly, to a kind of method for message transmission and network set
Standby.
Background technology
With the continuous development of communication technology, today's society stepped into information epoch, increasing letter
Breath is transmitted by network and is shared, and information security issue is also following.For this problem, existing
Asymmetric encryption mode is usually used in technology to lift the safety of information transfer.
During point to point link, such as, send note, instant messages etc. between two terminals, send
The public key that end is usually used receiving terminal is encrypted to origination message, and the information after encryption is sent to reception
End, receiving terminal is decrypted using the information that the private key pair of receiving terminal receives, you can obtain origination message.
Should during receiving terminal public key can external disclosure so that other terminal is encrypted using this public key, and private
Key then can uniquely be saved on this receiving terminal, for being solved using the information of public key encryption to receiving
Close, thus improving the safety of message transmitting procedure.
In order to realize the convenience of Information Sharing further, between multiple terminals, also user's group can be set up, one
May include multiple terminals, any terminal in this user's group can be by Information Sharing to this user's group in user's group
All terminals.In order to improve the safety of the information transfer between the terminal of user's group in prior art, it is
All terminals in user's group only arrange a set of public key and private key, transmission information between the terminal in user's group
When, all it is encrypted using this public key, the other terminals in this user's group all can be received using this private key pair
Information be decrypted.
In such scheme, all terminals due to being only in user's group arrange a set of public key and private key, this use
Different terminals in the group of family are all decrypted using the information that identical private key pair receives, therefore, once should
In user's group, the key of certain terminal is revealed, then counterfeiter can be connect with the identity of any terminal in this user's group
Receive and decipher the information in this user's group, information transmission safety is not high.
Content of the invention
The embodiment of the present invention provides a kind of method for message transmission and the network equipment, each in user's group in order to improve
The safety of transmission information between individual terminal.
In a first aspect, providing a kind of method for message transmission, including:
The network equipment receives the first message that first terminal sends, and first message is that first terminal is set using network
Standby encryption key is encrypted to origination message and to obtain afterwards;
The network equipment is decrypted to first message using the decruption key of the network equipment, obtains origination message;
The network equipment determines N number of second terminal of first message to be received, and first terminal and N number of second is eventually
The corresponding encryption of at least two second terminals difference that end belongs in first user group, and N number of second terminal is close
Key is different;
The network equipment obtains N number of second terminal corresponding N number of encryption key of difference in first user group;
The network equipment is encrypted to origination message respectively using the N number of encryption key obtaining, and obtains N number of
Second message;
N number of second message is sent respectively to corresponding N number of second terminal by the network equipment;
N is more than or equal to 2.
In conjunction with a first aspect, in the first possible implementation of first aspect, the network equipment determines to be treated
Receive N number of second terminal of first message, specifically include:
The mark of first user group according to belonging to the first terminal carrying in first message for the network equipment, determines
Go out the first user group belonging to first terminal;
Its in addition to first terminal in all terminals that the first user determined group is included by the network equipment
Its terminal, is defined as N number of second terminal of the first message that first terminal to be received sends.
In conjunction with a first aspect, in the possible implementation of the second of first aspect, the network equipment determines to be treated
Receive N number of second terminal of first message, specifically include:
The mark of first user group according to belonging to the first terminal carrying in first message for the network equipment, determines
Go out the first user group belonging to first terminal;
The network equipment according to N number of terminal iidentification of the first message to be received carrying in first message, from determination
First user group in determine with N number of terminal iidentification distinguish corresponding N number of second terminal.
In conjunction with the possible implementation of the second of first aspect, in the third possible realization of first aspect
In mode, also include:
The network equipment determines the third terminal in first user group;Third terminal is to remove first in first user group
Other terminals outside terminal and N number of second terminal;The network equipment is close using encryption corresponding with third terminal
The different encryption key of key, is encrypted to the origination message obtaining, and obtains the 3rd message, and the 3rd is disappeared
Breath is sent to third terminal.
In conjunction with any one possible realization in the third possible implementation of first aspect to first aspect
Mode, in the 4th kind of possible implementation of first aspect, the network equipment obtains N number of second terminal and exists
The corresponding N number of encryption key of difference in first user group, including:
The network equipment, according to the mark of each second terminal, generates each second terminal and divides in first user group
Not corresponding encryption key;
Before N number of second message is sent respectively to corresponding N number of second terminal by the network equipment, also include:
, according to the mark of each second terminal, corresponding deciphering is close respectively to generate each second terminal for the network equipment
Key, and
The decruption key of generation is sent respectively to corresponding second terminal.
In conjunction with any one possible realization in the 4th kind of possible implementation of first aspect to first aspect
Mode, in the 5th kind of possible implementation of first aspect, the network equipment receives what first terminal sent
Before first message, also include:
The network equipment obtains the encryption key of the network equipment and the decruption key of the network equipment;
The network equipment sends the encryption key of the network equipment to first terminal, for first terminal to origination message
It is encrypted and obtain first message.
Any one possible realization in conjunction with the 5th kind of possible implementation of first aspect to first aspect
In mode, in the 6th kind of possible implementation of first aspect, first user group includes the 4th terminal,
4th terminal still belongs to second user group, encryption key in first user group for the 4th terminal and the 4th terminal
Encryption key in second user group is identical;
Wherein, any terminal in all terminals that the 4th terminal includes for first user group.
Second aspect, provides a kind of network equipment, including:
Receiving unit, for receiving the first message of first terminal transmission, first message is that first terminal uses
The encryption key of the network equipment is encrypted to origination message and to obtain afterwards;
Decryption unit, is decrypted to first message for the decruption key using the network equipment, obtains original
Message;
Determining unit, for determining N number of second terminal of first message to be received;First terminal and N number of
At least two second terminals that second terminal belongs in first user group, and N number of second terminal are corresponding respectively
Encryption key is different;N is more than or equal to 2;
Processing unit, for obtaining the corresponding N number of encryption respectively in first user group of N number of second terminal
Key, is encrypted to origination message respectively using the N number of encryption key obtaining, obtains N number of second and disappear
Breath;
Transmitting element, for being sent respectively to corresponding N number of second terminal by N number of second message.
In conjunction with second aspect, in the first possible implementation of second aspect, determining unit is determining
During N number of second terminal of described first message to be received, specifically for:
The mark of the first user group according to belonging to the first terminal carrying in first message, determines first eventually
First user group belonging to end;
Other terminals in addition to first terminal in all terminals that the first user determined group is included, really
It is set to N number of second terminal of the first message that first terminal to be received sends.
In conjunction with second aspect, in the possible implementation of the second of second aspect, determining unit is determining
During N number of second terminal of described first message to be received, specifically for:
The mark of the first user group according to belonging to the first terminal carrying in first message, determines first eventually
First user group belonging to end;
According to N number of terminal iidentification of the first message to be received carrying in first message, from the first use determining
Determine in the group of family and N number of terminal iidentification corresponding N number of second terminal respectively.
In conjunction with the possible implementation of the second of second aspect, in the third possible realization of second aspect
In mode, determining unit, it is additionally operable to:
Determine the third terminal in first user group;Third terminal is to remove first terminal and N in first user group
Other terminals outside individual second terminal;
Processing unit, is additionally operable to:
Using the encryption key different from the corresponding encryption key of third terminal, the origination message obtaining is carried out
Encryption, obtains the 3rd message;
Transmitting element, is additionally operable to:
3rd message is sent to third terminal.
Any one possible realization in conjunction with the third possible implementation of second aspect to second aspect
In mode, in the 4th kind of possible implementation of second aspect, processing unit is obtaining described N number of the
When two terminals distinguish corresponding N number of encryption key in described first user group, specifically for:
According to the mark of each second terminal, generate each second terminal corresponding respectively in first user group
Encryption key;
According to the mark of each second terminal, generate each second terminal corresponding decruption key respectively;
Transmitting element, is additionally operable to:
The decruption key of generation is sent respectively to corresponding second terminal.
Any one possible realization in conjunction with the 4th kind of possible implementation of second aspect to second aspect
In mode, in the 5th kind of possible implementation of second aspect, processing unit, it is additionally operable to:
Before described receiving unit receives the first message that first terminal sends, obtain the encryption of the network equipment
Key and the decruption key of the network equipment;
Transmitting element, is additionally operable to:
Send the encryption key of the network equipment to first terminal, for first terminal, origination message is encrypted
Obtain first message.
Any one possible realization in conjunction with the 5th kind of possible implementation of second aspect to second aspect
In mode, in the 6th kind of possible implementation of second aspect, first user group includes the 4th terminal,
4th terminal still belongs to second user group, encryption key in first user group for the 4th terminal and the 4th terminal
Encryption key in second user group is identical;
Wherein, any terminal in all terminals that the 4th terminal includes for first user group.
The third aspect, provides a kind of network equipment, including:
Receiver, for receiving the first message of first terminal transmission, first message is that first terminal uses net
The encryption key of network equipment is encrypted to origination message and to obtain afterwards;
Processor, is decrypted to first message for the decruption key using the network equipment, obtains original disappearing
Breath, determines N number of second terminal of first message to be received, obtains N number of second terminal in first user group
The corresponding N number of encryption key of middle difference, is carried out to origination message respectively using the N number of encryption key obtaining
Encryption, obtains N number of second message;First terminal and N number of second terminal belong to first user group, and N
Corresponding encryption key is different respectively at least two second terminals in individual second terminal;N is more than or equal to 2;
Transmitter, for being sent respectively to corresponding N number of second terminal by N number of second message.
In conjunction with the third aspect, in the first possible implementation of the third aspect, processor is treated in determination
Receive described first message N number of second terminal when, specifically for:
The mark of the first user group according to belonging to the first terminal carrying in first message, determines first eventually
First user group belonging to end;
Other terminals in addition to first terminal in all terminals that the first user determined group is included, really
It is set to N number of second terminal of the first message that first terminal to be received sends.
In conjunction with the third aspect, in the possible implementation of the second of the third aspect, processor is treated in determination
Receive described first message N number of second terminal when, specifically for:
The mark of the first user group according to belonging to the first terminal carrying in first message, determines first eventually
First user group belonging to end;
According to N number of terminal iidentification of the first message to be received carrying in first message, from the first use determining
Determine in the group of family and N number of terminal iidentification corresponding N number of second terminal respectively.
In conjunction with the possible implementation of the second of the third aspect, in the third possible realization of the third aspect
In mode, processor, it is additionally operable to:
Determine the third terminal in first user group;Third terminal is to remove first terminal and N in first user group
Other terminals outside individual second terminal;
Using the encryption key different from the corresponding encryption key of third terminal, the origination message obtaining is carried out
Encryption, obtains the 3rd message;
Transmitter, is additionally operable to:
3rd message is sent to third terminal.
Any one possible realization in conjunction with the third possible implementation of the third aspect to the third aspect
In mode, in the 4th kind of possible implementation of the third aspect, processor is obtaining described N number of second
When terminal distinguishes corresponding N number of encryption key in described first user group, specifically for:
According to the mark of each second terminal, generate each second terminal corresponding respectively in first user group
Encryption key;
According to the mark of each second terminal, generate each second terminal corresponding decruption key respectively;
Transmitter, is additionally operable to:
The decruption key of generation is sent respectively to corresponding second terminal.
Any one possible realization in conjunction with the 4th kind of possible implementation of the third aspect to the third aspect
In mode, in the 5th kind of possible implementation of the third aspect, processor, it is additionally operable to:
Before described receiver receives the first message that first terminal sends, the encryption obtaining the network equipment is close
Key and the decruption key of the network equipment;
Transmitter, is additionally operable to:
Send the encryption key of the network equipment to first terminal, for first terminal, origination message is encrypted
Obtain first message.
Any one possible realization in conjunction with the 5th kind of possible implementation of the third aspect to the third aspect
In mode, in the 6th kind of possible implementation of the third aspect, first user group includes the 4th terminal,
4th terminal still belongs to second user group, encryption key in first user group for the 4th terminal and the 4th terminal
Encryption key in second user group is identical;Wherein, described 4th terminal includes for described first user group
All terminals in any terminal.
In the embodiment of the present invention, the network equipment can be deciphered to first message using the decruption key of the network equipment
Go out origination message, determine N number of second afterwards first user group belonging to from first terminal for the network equipment eventually
End, and the encryption key of each second terminal, and disappeared to original using the encryption key of each second terminal
Breath is encrypted, and is sent respectively to each second terminal, so can make each second terminal use this second
The decruption key of terminal is decrypted to the information receiving, due to having at least two in this first user group
Corresponding encryption key is different respectively for second terminal, there are at least two second terminals in this first user group
Corresponding decruption key is different respectively.Therefore, even if second terminal has revealed the deciphering of this second terminal
Key, counterfeiter also cannot improve information transmission safety based on the information deciphering other terminals revealed.
Brief description
For the technical scheme being illustrated more clearly that in the embodiment of the present invention, below will be to institute in embodiment description
Need the accompanying drawing using to briefly introduce it should be apparent that, drawings in the following description are only the present invention
Some embodiments, for those of ordinary skill in the art, on the premise of not paying creative work,
Other accompanying drawings can also be obtained according to these accompanying drawings.
Fig. 1 is a kind of system architecture schematic diagram of message transmission provided in an embodiment of the present invention;
Fig. 2 a is that a kind of method of message transmission that network equipment side provided in an embodiment of the present invention is realized is illustrated
Figure;
Fig. 2 b is that the method for another kind of message transmission that network equipment side provided in an embodiment of the present invention is realized is shown
It is intended to;
Fig. 3 is a kind of structural representation of network equipment provided in an embodiment of the present invention;
Fig. 4 is the structural representation of the another kind network equipment provided in an embodiment of the present invention.
Specific embodiment
In order that the purpose of the present invention, technical scheme and beneficial effect become more apparent, below in conjunction with accompanying drawing
And embodiment, the present invention will be described in further detail.It should be appreciated that described herein be embodied as
Example, only in order to explain the present invention, is not intended to limit the present invention.
As shown in figure 1, the system architecture schematic diagram that the embodiment of the present invention is suitable for.This system architecture includes net
Network equipment 101, the network equipment 101 is connected with multiple terminals by network 109.This system architecture also includes
At least one user's group, each user's group may include at least two terminals.Each terminal can belong to multiple not
In same user's group.Such as, shown in Fig. 1, the system architecture that the embodiment of the present invention is suitable for includes first
User's group 102 and second user group 103, first user group 102 includes terminal 104, terminal 105, end
End 106, second user group 103 includes terminal 104, terminal 105, terminal 107, terminal 108.Eventually
End 104 and terminal 105 belong simultaneously to first user group 102 and second user group 103.
The user's group that is stored with the network equipment and the correspondence relationship information of terminal iidentification.That is, network sets
The standby user's group determined according to the corresponding relation of user's group and terminal iidentification belonging to any terminal, also can determine that
Go out all terminals included by arbitrary user's group.Any terminal can by Information Sharing to this terminal belonging to arbitrary
That is to say, that any user group that any terminal can send information to belonging to this terminal is wrapped in user's group
The all other terminal including, or the part terminal in this user's group, improve Information Sharing speed with this.
The establishment mode of user's group can have multiple.The founder of such as user's group can send establishment user's group request
To the network equipment, in request to create, carry the mark of each terminal in user's group, the network equipment can be according to this wound
Build user's group request and create user's group.The maintenance to this user's group for the later stage, and in this user's group terminal increasing
Subtract all genus prior arts, here is not repeating.
The terminals such as terminal 104, terminal 105, terminal 106, terminal 107 and terminal 108 can for mobile phone terminal,
The communication terminals such as PC terminal, tablet terminal.
Based on the system architecture shown in Fig. 1, Fig. 2 a shows network equipment side provided in an embodiment of the present invention
A kind of method for message transmission realized, comprises the following steps:
Step 201, the network equipment receives the first message that first terminal sends, and first message is first terminal
Using the encryption key of the network equipment, origination message is encrypted and to obtain afterwards;Origination message can be first
The message not being encrypted that is that terminal obtains and needing transmission;Specific first is may include in origination message
Dialog context between terminal and other terminal, such as, short message content and instant message content;
Step 202, the network equipment is decrypted to first message using the decruption key of the network equipment, obtains
Origination message;
Step 203, the network equipment determines N number of second terminal, first terminal and the N of first message to be received
At least two second terminals that individual second terminal belongs in first user group, and N number of second terminal correspond to respectively
Encryption key different;N is more than or equal to 2;
Step 204, the network equipment obtain N number of second terminal in first user group respectively corresponding N number of plus
Key;
Step 205, the network equipment is encrypted to origination message respectively using the N number of encryption key obtaining,
Obtain N number of second message;
Step 206, N number of second message is sent respectively to corresponding N number of second terminal by the network equipment.
Introduce above-mentioned flow process in order to clearer, Fig. 2 b shows the network equipment provided in an embodiment of the present invention
A kind of schematic flow sheet of method for message transmission that side is realized, as shown in Figure 2 b, first user group 302 is wrapped
Include first terminal 303, and N number of second terminal, respectively second terminal 304, second terminal 305 ...,
Second terminal 306.First terminal 303 obtain origination message, using the network equipment encryption key to original
Message obtains first message after being encrypted, and first terminal 303 sends first message to the network equipment 301.
The network equipment 301 receives the first message that first terminal 303 sends, and carries first eventually in first message
The mark of the first user group belonging to end;The network equipment is entered to first message using the decruption key of the network equipment
Row deciphering, obtains origination message, and determines belonging to first terminal first according to the mark of first user group
User's group.The network equipment 301 determines first message to be received from all terminals that first user group includes
N number of second terminal, first terminal and N number of second terminal belong to first user group, and in this first user group
Corresponding encryption key is different respectively to there are at least two second terminals.As shown in Figure 2 b, second terminal 304,
Second terminal 305 ..., in second terminal 306, the encryption key of second terminal 304 and second terminal 305
Encryption key different.One kind is preferred embodiment, wantonly two in all terminals that first user group includes
The encryption key of individual terminal is all different, thus improving the safety of information transfer.
It is close that the network equipment 301 obtains the corresponding N number of encryption of N number of second terminal difference in first user group
Key, is encrypted to origination message respectively using the N number of encryption key obtaining, obtains N number of second message,
N number of second message is sent respectively to corresponding N number of second terminal.Specifically, the network equipment 301
Obtain the encryption key of second terminal 304 in first user, the encryption key of second terminal 305 ...,
The encryption key of second terminal 306, the encryption key using second terminal 304 is encrypted to origination message,
Obtain the second message 1, and the second message 1 is sent to second terminal 304, second terminal 304 uses
The decruption key of two terminals 304 is decrypted to the second message 1, obtains origination message.Using second terminal
305 encryption key is encrypted to origination message, obtains the second message 2, and the second message 2 is sent
To second terminal 305, second terminal 305 is entered to the second message 2 using the decruption key of second terminal 305
Row deciphering, obtains origination message.Encryption key using second terminal 306 is encrypted to origination message,
Obtain the second message N, and the second message N is sent to second terminal 306, second terminal 306 uses
The decruption key of two terminals 306 is decrypted to the second message N, obtains origination message.
Due to there are at least two second terminals in this first user group, corresponding encryption key is different respectively, that is,
Corresponding decruption key is different respectively to there are at least two second terminals in this first user group.Therefore, even if
One second terminal has revealed the decruption key of this second terminal, counterfeiter also cannot based on reveal deciphering its
The information of its terminal, improves information transmission safety.
First terminal be applied to first user group for the embodiment of the present invention sends a message to first user group
Including one or more second terminals, improve in first user group Information Sharing speed between each terminal.
First terminal in the embodiment of the present invention, second terminal, third terminal are used only for distinguishing first user
Different terminals in group, the first terminal in the embodiment of the present invention can be any terminal in first user group, the
Two terminals are any terminal in addition to first terminal included by first user group belonging to first terminal, the
Arbitrary end in addition to first terminal and second terminal in all terminals that three terminals include for first user group
End.First user group in the embodiment of the present invention includes the 4th terminal, and the 4th terminal includes for first user group
All terminals in any terminal, such as, the 4th terminal can be first terminal, or the 4th terminal can be
Second terminal etc..
Preferably, the 4th terminal in the embodiment of the present invention still belongs to second user group, specifically, the 4th
Terminal can belong to a second user group, or can belong to multiple second user groups.In being embodied as, the 4th
The all corresponding encryption key of each user's group belonging to terminal and a decruption key.4th one, terminal
Encryption key is matched with a decruption key, when encryption key under different user's groups for the 4th terminal not
Meanwhile, decruption key under different user's groups for the 4th terminal is also different.A kind of implementation is, the 4th
Terminal is in the encryption key of affiliated first user group and the 4th terminal in affiliated all second user groups
The corresponding encryption key of any two user's groups all different.In order to improve the manageability of key, simplify key
Complexity, encryption key in first user group for the 4th terminal and the 4th terminal are at least one the second use
Encryption key in the group of family is identical.Or, a kind of preferred implementation is that the 4th terminal is in first user
Encryption key in group and the 4th terminal corresponding encryption key all same in all second user groups.
For example, the 4th terminal belongs simultaneously to user's group A, user's group B, user's group C.4th terminal
Exist in encryption key in user's group B of the encryption key in user's group A, the 4th terminal, the 4th terminal
In encryption key in user's group C, any two encryption keys all differ, and now, the 4th terminal is in user's group
Decruption key in user's group B of decruption key in A, the 4th terminal, the 4th terminal are in user's group C
In decruption key in any two decruption keys all differ.Or, the 4th terminal adding in user's group A
Key and the 4th terminal encryption key in user's group B is identical, and second terminal is in user's group A
Encryption key and the 4th terminal encryption key in user's group C is different, and now, the 4th terminal is in user's group
Decruption key in A and the 4th terminal decruption key in user's group B is identical, and second terminal is in user's group
Decruption key in A and the 4th terminal decruption key in user's group C is different.Or, preferably mode,
4th terminal encryption key in user's group B of the encryption key in user's group A, the 4th terminal,
Encryption key all same in user's group C for four terminals, now, solution in user's group A for the 4th terminal
Key, the 4th terminal are in the decruption key in user's group B, deciphering in user's group C for the 4th terminal
Key all same.
In the embodiment of the present invention key form of the network equipment, first terminal or second terminal can use non-right
Claim key, it is possible to use symmetric key or other key form.
When key form is unsymmetrical key that is to say, that arbitrary end of including of the network equipment and user's group
The encryption key at end is public key, and the decruption key of any terminal that the network equipment and user's group include is private key;
Under this kind of form, even if being intercepted by third party in message transmitting procedure, the risk of information content leakage is also very
Low, this kind of form safety coefficient is higher.
When key form is symmetric key that is to say, that network equipment encryption key is identical with decruption key,
The encryption key of any terminal that user's group includes is identical with decruption key.This kind of form also can reach user's group
The basic demand of interior information transfer privacy, but if being intercepted by third party in message transmitting procedure, information
The risk of leakage of content is higher, and safety coefficient is relatively low.
In above-mentioned steps 201, first terminal is encrypted to origination message using the encryption key of the network equipment
Before, first terminal obtain the network equipment encryption key have various ways, provide in the embodiment of the present invention with
Under " mode a1, mode a2, mode a3, mode a4 " several optional embodiment:
Mode a1, the network equipment and first terminal mode through consultation before session set up adding of the network equipment
Key and decruption key.Now, first terminal stores this network equipment in the storage device of first terminal
Encryption key, when first terminal needs using the encryption key of the network equipment, origination message to be encrypted
When, the encryption key of the network equipment that this prestores can be obtained from the storage device of first terminal.Network
Equipment stores the decruption key of this network equipment in the storage device of this network equipment, when the network equipment receives
During to first message, the decruption key that can obtain the network equipment from the storage device of this network equipment is solved
Close.
Mode a2, the network equipment distributes encryption key and decruption key for this network equipment.The network equipment obtains
After the decruption key of the encryption key of the network equipment and the network equipment, the network equipment depositing in this network equipment
The decruption key of this network equipment is stored on storage equipment, so that the network equipment is carried out to the first message receiving
Deciphering.On the other hand, the encryption key of the network equipment is sent to by way of notifying by the network equipment in advance
First terminal, or the network equipment receive first terminal transmission request message after, trigger network
The encryption key of the network equipment is sent to first terminal by equipment, so that first terminal carries out to origination message adding
Close obtain first message.
Mode a3, key generation device distributes encryption key and decruption key for this network equipment.Key generates
Equipment sends the decruption key of this network equipment to this network equipment, or key generation device is receiving net
The rear decruption key sending this network equipment to this network equipment of the request message that network equipment sends, so that net
The first message that network equipment interconnection receives is decrypted.On the other hand, key generation device passes through the side notifying
The encryption key of the network equipment is sent to first terminal by formula in advance, or key generation device is receiving
After the request message that first terminal sends, the encryption key of the network equipment is sent to the by key generation device
One terminal, so that first terminal is encrypted to origination message obtains first message.
Mode a4, the network equipment or other key generation device according to the mark of the network equipment, in conjunction with default
Algorithmic rule, generate the decruption key of the network equipment, the network equipment, other key generation device or the
One terminal, according to the mark of the network equipment, in conjunction with default algorithmic rule, generates the decruption key of the network equipment.
Default algorithmic rule can self-defining, set according to the network that different network device identity correspondences calculate
Standby encryption key all differs, the network equipment decruption key being calculated according to different network device identity
All differ.The network equipment in key generation device or the embodiment of the present invention can be previously according to the network equipment
Mark generate the encryption key of the network equipment and decruption key, and the decruption key of the network equipment is stored in
In the network equipment, the encryption key of the network equipment is sent to this first terminal, so that this first terminal is carried out
Prestore.When first terminal needs using the encryption key of the network equipment, origination message to be encrypted,
The encryption key of the network equipment that this prestores can be obtained from the storage device of first terminal, also can be
When one terminal sends first message, further according to the mark of the network equipment, generating in conjunction with default algorithmic rule should
The encryption key of the network equipment.
In above-mentioned steps 204, the network equipment obtain the corresponding encryption key of second terminal can by various ways,
The embodiment of the present invention provides following " mode b1, mode b2, mode b3, mode b4, mode b5 " several
Optional embodiment:
Mode b1, the network equipment and each second terminal mode through consultation before session set up this second end
The encryption key at end and decruption key.Now, the network equipment can store often in the storage device of the network equipment
The encryption key of individual second terminal, so that the network equipment is entered to origination message using the encryption key of second terminal
Row encryption.On the other hand, second terminal pre-saves the decruption key of this second terminal, so that second terminal
Decruption key using this second terminal is decrypted to the second message receiving.
Mode b2, distributes encryption key and decruption key by the network equipment for each second terminal.Now,
The network equipment can store the encryption key of each second terminal in the storage device of the network equipment, so that network
Equipment is encrypted to origination message using the encryption key of second terminal.On the other hand, the network equipment can lead to
Cross the mode notifying and in advance the decruption key of each second terminal is sent to each second terminal.Or, net
When network equipment is to second terminal transmission the second message, the decruption key of this second terminal is sent to this second end
End.Another kind of implementation is that second terminal disappears before receiving the second message or receiving second
After breath, by way of sending request message to the network equipment, obtain this second terminal from the network equipment
Decruption key so that second terminal is entered to the second message receiving using the decruption key of this second terminal
Row deciphering.
Mode b3, distributes encryption key and decruption key by key generation device for each second terminal.This
When, key generation device can send the encryption of this each second terminal of network equipment by way of notifying in advance
Key, or, the network equipment can be by way of sending request message to this key generation device, from key
Obtain the encryption key of each second terminal in generation equipment, and then store in the storage device of the network equipment
The encryption key of each second terminal, so that the network equipment uses the encryption key of second terminal to origination message
It is encrypted.On the other hand, key generation device can be in advance by each second terminal by way of notifying
Decruption key is sent to each second terminal.Or, second terminal before receiving the second message or
After receiving the second message, by way of sending request message to key generation device, generate from key
The decruption key of this second terminal is obtained, so that second terminal uses the decruption key of this second terminal in equipment
The second message receiving is decrypted.
Mode b4, the network equipment, according to the mark of each second terminal, in conjunction with default algorithmic rule, generates
The encryption key of second terminal, the network equipment or second terminal according to the mark of second terminal, in conjunction with default
Algorithmic rule, generate second terminal decruption key.Default algorithmic rule can self-defining, according to not
With the second terminal mark second terminal encryption key that calculates of correspondence all differ, according to different the
The second terminal decruption key that two terminal iidentifications calculate also all differs.Specifically, the network equipment can be pre-
The first mark according to each second terminal, generates each second terminal corresponding encryption key respectively, and to every
The encryption key of individual second terminal is preserved, or, the network equipment is determining first terminal transmission to be received
N number of second terminal of first message after, further according to the mark of each second terminal, generate each second
Terminal corresponding encryption key respectively, so that the network equipment uses the encryption key of second terminal to origination message
It is encrypted.On the other hand, the network equipment, according to the mark of each second terminal, generates each second terminal
Corresponding decruption key respectively, and the decruption key of generation is sent respectively to corresponding second terminal.Or
Second terminal is before receiving the second message or after receiving the second message, by sending to the network equipment
The mode of request message obtains the solution of the second terminal that the network equipment is generated according to the mark of this second terminal
Key, so that second terminal is solved to the second message receiving using the decruption key of this second terminal
Close.Another kind of implementation is that second terminal or receives the second message before receiving the second message
Afterwards, second terminal generates the decruption key of this second terminal according to the mark of this second terminal, so that second
Terminal is decrypted to the second message receiving using the decruption key of this second terminal.
Mode b5, key generation device, according to the mark of each second terminal, is advised in conjunction with above-mentioned default algorithm
Then, encryption key and the decruption key of second terminal are generated.Specifically, key generation device can root in advance
According to the mark of each second terminal, generate each second terminal respectively corresponding encryption key, and by each the
The encryption key of two terminals by notify by way of be sent to the network equipment so that the network equipment to each second
The encryption key of terminal is preserved, or, the network equipment passes through to send request message to key generation device
Mode obtain each second terminal respectively corresponding encryption key, so that the network equipment uses second terminal
Encryption key is encrypted to origination message.On the other hand, key generation device is according to each second terminal
Mark, generates each second terminal corresponding decruption key respectively, and the decruption key of generation is sent respectively
To corresponding second terminal.Or second terminal before receiving the second message or receive the second message it
Afterwards, obtain the network equipment according to this second terminal by way of sending request message to key generation device
Identify the decruption key of generated second terminal, so that second terminal uses the decruption key of this second terminal
The second message receiving is decrypted.
Further, in the embodiment of the present invention, first terminal is entered to origination message using the encryption key of the network equipment
Row encryption, obtains first message, first message carries encryption indication information, be used for making the network equipment according to
This encryption indication information determines that this information is encryption information, so that the network equipment uses the solution of the network equipment
Key is decrypted to the first message receiving.Similar, the network equipment uses the encryption of second terminal
Key is encrypted to origination message, obtains the second message, and the second message carries encryption indication information, uses
In making second terminal determine that this information is encryption information according to this encryption indication information, so that second terminal
Decruption key using this second terminal is decrypted to the second message receiving.
In another kind of implementation, encryption instruction message also can indicate that the encryption key that the second message is used
Affiliated user's group.For example, when second terminal belongs to first user group, and belong to second user group,
And second terminal is different from the encryption key in second user group in the encryption key in first user group, now
Encryption indication information in second message can also indicate that this network equipment uses the first use of second terminal
Encryption key in the group of family is encrypted to origination message, obtains the second message, so that this second terminal uses
Decruption key in first user group for this second terminal is decrypted.
The form of encryption indication information can be multiple, here is merely exemplary enumerate several, such as, in the information
Add encryption identification head, add encryption information completeness check mark in the information, add encryption in the information
Rear information ciphertext, add other types of mark etc. in the information.
In the embodiment of the present invention, first terminal can by origination message be shared with this first user group all its
Origination message also can be shared with the part terminal in this first user group, specific implementation can by its terminal
Think any one to mode c3 of mode c1 in following content:
Mode c1, first terminal by origination message be shared with this first user group in addition to first terminal
All other terminal that is to say, that in first user group all terminals in addition to first terminal be second eventually
End, each second terminal all can receive the second message, and correctly decrypts origination message from the second message.
Specifically, the mark of the first user group belonging to first terminal, the network equipment are carried in first message
The mark of the first user group according to belonging to the first terminal carrying in first message, determines first terminal institute
The first user group belonging to, removes first eventually in all terminals that the first user determined group is included by the network equipment
Other terminals outside end, are defined as N number of second terminal of the first message that first terminal to be received sends.
That is, in such cases, first user group includes a first terminal and N number of second terminal.Network
Equipment further determines that out each second terminal corresponding second terminal encryption key in this N number of second terminal.
This first message is first deciphered and is obtained origination message by the network equipment, uses this origination message respectively afterwards
Each second terminal corresponding second terminal encryption key is encrypted, and respectively by the origination message after encryption
It is sent to corresponding second terminal, so that each second terminal uses respective second terminal decruption key pair
This information is decrypted to obtain origination message.Because each second terminal can individually preserve this second terminal solution
Corresponding encryption key is different respectively to there are at least two second terminals in key, and this first user group.
Therefore, even if second terminal has revealed the decruption key of this second terminal, counterfeiter also cannot be based on letting out
The information of the other terminal of deciphering of dew, improves information transmission safety.
A kind of optional implementation is that in all terminals that first user group includes, any two terminal-pair should
Encryption key different.Skilled person will appreciate that, when the encryption key of different second terminals is different,
The decruption key of this different second terminal is also different.
Mode c2, the second information is sent to the part second terminal in this first user group by first terminal.The
The mark of the first user group belonging to the first terminal carrying in one message, and the N of first message to be received
Individual terminal iidentification.Now, first user according to belonging to the first terminal carrying in first message for the network equipment
The mark of group, determines the first user group belonging to first terminal;The network equipment carries according in first message
First message to be received N number of terminal iidentification, from determine first user group determine with N number of terminal
Mark corresponding N number of second terminal respectively.
Specifically, first user group includes a first terminal and M second terminal, and M is more than N
Positive integer.The network equipment according to N number of terminal iidentification of the first message to be received carrying in first message,
Determine corresponding respectively with N number of terminal iidentification from the M second terminal that the first user group determining includes
N number of second terminal.First message is first deciphered and is obtained origination message by the network equipment, afterwards this original disappears
Breath is encrypted using the corresponding second terminal encryption key of this N number of second terminal respectively, obtains second and disappears
Breath, and respectively the second message is sent to corresponding N number of second terminal, so that N number of second terminal makes
With this second terminal decruption key, this information is decrypted to obtain origination message.So, can achieve first
Terminal is only to the purpose of the part terminals share origination message of this first user group.
Mode c3, in aforesaid way c2, first user group includes M second terminal, takes in first message
Carry N number of terminal iidentification, the network equipment determines this N from the M second terminal that first user group includes
The corresponding N number of second terminal of individual terminal iidentification, then remove first terminal, N number of second terminal in first user group
Outside, also include (M-N) individual third terminal, that is, third terminal be in first user group except first terminal and
Other terminals outside N number of second terminal.The network equipment determines the third terminal in first user group;Network
Equipment, using the encryption key different from the corresponding encryption key of third terminal, is carried out to the origination message obtaining
Encryption, obtains the 3rd message, and the 3rd message is sent to third terminal.3rd message is used for making the 3rd
Terminal cannot obtain origination message using this third terminal decruption key successful decryption.That is, when the
One terminal is to the part terminal in first user group, when that is, second terminal shares origination message, this first user
Third terminal in group can receive a piece of news, but third terminal cannot correctly decipher this message, i.e.
Third terminal cannot obtain origination message.Specifically, the encryption different from this third terminal encryption key is close
Key can be the encryption key of remaining terminal in addition to this third terminal, such as, can be arbitrary second terminal
Encryption key, alternatively other unassigned, special encryption keys of being not used by.
Name a specific example the above is described in detail:
First user group be designated 003, this first user group includes four terminals, respectively terminal A,
Terminal B, terminal C, terminal D.
Scene one
As first terminal, terminal A needs for an origination message to share to this first user group terminal A
Interior all other terminal, that is, terminal A need for origination message to share to terminal B, terminal C and terminal D,
Terminal B, terminal C and terminal D are as multiple second terminals.Terminal A uses the encryption of the network equipment close
Key is encrypted to origination message, obtains first message, and sends first message to the network equipment, and first disappears
Breath includes first user group mark 003, and the network equipment receives this first message, using network equipment solution
Key is decrypted to first message, and obtains origination message.The network equipment determines first user group mark
Know 003 corresponding other terminals B, the mark of terminal C and terminal D, and terminal B encryption key,
The encryption key of terminal C, the encryption key of terminal D.The encryption key pair of network equipment using terminal B
Origination message obtains the second message B after being encrypted, and this second message B is sent to terminal B, eventually
The decruption key of end B using terminal B is decrypted to the second message B receiving, and terminal B obtains former
Beginning message;The encryption key of network equipment using terminal C obtains second after origination message is encrypted and disappears
Breath C, and this second message C is sent to terminal C, the decruption key docking of terminal C using terminal C
The second message C receiving is decrypted, and terminal C obtains origination message;Network equipment using terminal D
Encryption key obtains the second message D after origination message is encrypted, and this second message D is sent to
Terminal D, the decruption key of terminal D using terminal D is decrypted to the second message D receiving, eventually
End D obtains origination message.
Scene two
As first terminal, terminal A needs for an origination message to share to this first user group terminal A
Interior second terminal terminal B and second terminal terminal C.Terminal A uses the encryption key of the network equipment to former
Beginning message is encrypted, and obtains first message, and sends first message to the network equipment, wraps in first message
Include first user group mark 003, and the mark of terminal B and the mark of terminal C.The network equipment receives
This first message, is decrypted to first message using network equipment decruption key, and obtains origination message.
The network equipment determines first user group mark 003, and from corresponding first use of first user group mark 003
Terminal B and terminal C is determined in the group of family, and the encryption key of terminal B, the encryption key of terminal C,
Terminal B and terminal C are second terminal.The encryption key of network equipment using terminal B enters to origination message
Obtain the second message B after row encryption, and the second message B is sent to terminal B, terminal B using terminal
The decruption key of B is decrypted to the second message B receiving, and terminal B obtains origination message;Network sets
The encryption key of standby using terminal C obtains the second message C after origination message is encrypted, and by second
Message C is sent to terminal C, and the decruption key of terminal C using terminal C is to the second message C receiving
It is decrypted, terminal C obtains origination message;The network equipment does not send any message to terminal D.
Scene three
As first terminal, terminal A needs for an origination message to share to this first user group terminal A
Interior second terminal terminal B and second terminal terminal C.Terminal A uses the encryption key of the network equipment to former
Beginning message is encrypted, and obtains first message, and sends first message to the network equipment, wraps in first message
Include first user group mark 003, and the mark of terminal B and the mark of terminal C.The network equipment receives
This first message, is decrypted to first message using network equipment decruption key, and obtains origination message.
The network equipment determines first user group mark 003, and from corresponding first use of first user group mark 003
Terminal B and terminal C is determined in the group of family, and the encryption key of terminal B, the encryption key of terminal C,
Terminal B and terminal C are second terminal.The encryption key of network equipment using terminal B enters to origination message
Obtain the second message B after row encryption, and the second message B is sent to terminal B, terminal B using terminal
The decruption key of B is decrypted to the second message B receiving, and terminal B obtains origination message;Network sets
The encryption key of standby using terminal C obtains the second message C after origination message is encrypted, and by second
Message C is sent to terminal C, and the decruption key of terminal C using terminal C is to the second message C receiving
It is decrypted, terminal C obtains origination message.
The network equipment is determined except terminal A further from the corresponding first user group of first user group mark 003
With the terminal D outside terminal B, terminal C, terminal D is third terminal, and the network equipment obtains terminal D
Encryption key, and using encryption keys different from the encryption key of terminal D, origination message is encrypted
Obtain the 3rd message afterwards, and the 3rd message is sent to terminal D, terminal D is docked using decruption key
When the 3rd message receiving is decrypted, terminal D correctly cannot decrypt origination message, so that terminal
Although terminal D also have received a piece of news, the content of this message cannot be parsed, final realization is only
Present information to terminal B and terminal C.
It can be seen from the above:The network equipment can use the decruption key of the network equipment to first message solution
Close draw origination message, determine N number of second first user group belonging to from first terminal for the network equipment afterwards
Terminal, and the encryption key of each second terminal, and use the encryption key of each second terminal to original
Message is encrypted, and is sent respectively to each second terminal, so can make each second terminal use this
The decruption key of two terminals is decrypted to the information receiving, and has at least two due in this first user group
Corresponding encryption key is different respectively for individual second terminal, has at least two second in this first user group eventually
Corresponding decruption key is different respectively at end.Therefore, even if second terminal has revealed the solution of this second terminal
Key, counterfeiter also cannot improve information transmission security based on the information deciphering other terminals revealed
Property.
Fig. 3 illustrates a kind of network equipment infrastructure schematic diagram.
Based on same idea, the embodiment of the present invention provides a kind of network equipment infrastructure schematic diagram, for execution
State flow process, as shown in figure 3, the network equipment includes receiving unit 401, decryption unit 402, determining unit
403rd, processing unit 404, transmitting element 405:
Receiving unit 401, for receiving the first message of first terminal transmission, first message is first terminal
Using the encryption key of the network equipment, origination message is encrypted and to obtain afterwards;
Decryption unit 402, is decrypted to first message for the decruption key using the network equipment, obtains
Origination message;
Determining unit 403, for determining N number of second terminal of first message to be received;First terminal and N
At least two second terminals that individual second terminal belongs in first user group, and N number of second terminal correspond to respectively
Encryption key different;N is more than or equal to 2;
Processing unit 404, for obtain N number of second terminal in first user group respectively corresponding N number of plus
Key, is encrypted to origination message respectively using the N number of encryption key obtaining, obtains N number of second
Message;
Transmitting element 405, for being sent respectively to corresponding N number of second terminal by N number of second message.
Preferably, determining unit 403, when determining N number of second terminal of described first message to be received, has
Body is used for:
The mark of the first user group according to belonging to the first terminal carrying in first message, determines first eventually
First user group belonging to end;
Other terminals in addition to first terminal in all terminals that the first user determined group is included, really
It is set to N number of second terminal of the first message that first terminal to be received sends.
Preferably, determining unit 403, when determining N number of second terminal of described first message to be received, has
Body is used for:
The mark of the first user group according to belonging to the first terminal carrying in first message, determines first eventually
First user group belonging to end;
According to N number of terminal iidentification of the first message to be received carrying in first message, from the first use determining
Determine in the group of family and N number of terminal iidentification corresponding N number of second terminal respectively.
Preferably, determining unit 403, are additionally operable to:
Determine the third terminal in first user group;Third terminal is to remove first terminal and N in first user group
Other terminals outside individual second terminal;
Processing unit 404, is additionally operable to:
Using the encryption key different from the corresponding encryption key of third terminal, the origination message obtaining is carried out
Encryption, obtains the 3rd message;
Transmitting element 405, is additionally operable to:
3rd message is sent to third terminal.
Preferably, processing unit 404 is obtaining described N number of second terminal difference in described first user group
During corresponding N number of encryption key, specifically for:
According to the mark of each second terminal, generate each second terminal corresponding respectively in first user group
Encryption key;
According to the mark of each second terminal, generate each second terminal corresponding decruption key respectively;
Transmitting element 405, is additionally operable to:
The decruption key of generation is sent respectively to corresponding second terminal.
Preferably, processing unit 404, are additionally operable to:
Before described receiving unit receives the first message that first terminal sends, obtain the encryption of the network equipment
Key and the decruption key of the network equipment;
Transmitting element 405, is additionally operable to:
Send the encryption key of the network equipment to first terminal, for first terminal, origination message is encrypted
Obtain first message.
Preferably, first user group includes the 4th terminal, and the 4th terminal still belongs to second user group, and the 4th eventually
Encryption key in second user group for the encryption key and the 4th terminal in first user group for the end is identical;
Wherein, any terminal in all terminals that the 4th terminal includes for first user group.
It can be seen from the above:The network equipment can use the decruption key of the network equipment to first message solution
Close draw origination message, determine N number of second first user group belonging to from first terminal for the network equipment afterwards
Terminal, and the encryption key of each second terminal, and use the encryption key of each second terminal to original
Message is encrypted, and is sent respectively to each second terminal, so can make each second terminal use this
The decruption key of two terminals is decrypted to the information receiving, and has at least two due in this first user group
Corresponding encryption key is different respectively for individual second terminal, has at least two second in this first user group eventually
Corresponding decruption key is different respectively at end.Therefore, even if second terminal has revealed the solution of this second terminal
Key, counterfeiter also cannot improve information transmission security based on the information deciphering other terminals revealed
Property.
Fig. 4 illustrates another kind of network equipment infrastructure schematic diagram.
Based on same idea, the embodiment of the present invention provides another kind of network equipment infrastructure schematic diagram, for executing
Said method flow process, as shown in figure 4, include:
Receiver 501, for receiving, under the control of processor 504, the first message that first terminal sends,
First message is to obtain after first terminal is encrypted to origination message using the encryption key of the network equipment
's;
Processor 504, is decrypted to first message for the decruption key using the network equipment, obtains former
Beginning message, determines N number of second terminal of first message to be received, obtains N number of second terminal in the first use
The corresponding N number of encryption key of difference in the group of family, using the N number of encryption key obtaining respectively to origination message
It is encrypted, obtain N number of second message;First terminal and N number of second terminal belong to first user group,
And at least two second terminals in N number of second terminal corresponding encryption key is different respectively;N is more than or waits
In 2;
Transmitter 506, for being sent respectively to correspond to by N number of second message under the control of processor 504
N number of second terminal;
Memorizer 505, for storage information data.
Preferably, processor 504 determine described first message to be received N number of second terminal when, specifically
For:
The mark of the first user group according to belonging to the first terminal carrying in first message, determines first eventually
First user group belonging to end;
Other terminals in addition to first terminal in all terminals that the first user determined group is included, really
It is set to N number of second terminal of the first message that first terminal to be received sends.
Preferably, processor 504 determine described first message to be received N number of second terminal when, specifically
For:
The mark of the first user group according to belonging to the first terminal carrying in first message, determines first eventually
First user group belonging to end;
According to N number of terminal iidentification of the first message to be received carrying in first message, from the first use determining
Determine in the group of family and N number of terminal iidentification corresponding N number of second terminal respectively.
Preferably, processor 504, are additionally operable to:
Determine the third terminal in first user group;Third terminal is to remove first terminal and N in first user group
Other terminals outside individual second terminal;
Using the encryption key different from the corresponding encryption key of third terminal, the origination message obtaining is carried out
Encryption, obtains the 3rd message;
Described transmitter 506, is additionally operable to:
3rd message is sent to third terminal.
Preferably, processor 504 is right respectively in described first user group in the described N number of second terminal of acquisition
During the N number of encryption key answered, specifically for:
According to the mark of each second terminal, generate each second terminal corresponding respectively in first user group
Encryption key;
According to the mark of each second terminal, generate each second terminal corresponding decruption key respectively;
Described transmitter 506, is additionally operable to:
The decruption key of generation is sent respectively to corresponding second terminal.
Preferably, processor 504, are additionally operable to:
Before described receiver receives the first message that first terminal sends, the encryption obtaining the network equipment is close
Key and the decruption key of the network equipment;
Transmitter 506, is additionally operable to:
Send the encryption key of the network equipment to first terminal, for first terminal, origination message is encrypted
Obtain first message.
Preferably, first user group includes the 4th terminal, and the 4th terminal still belongs to second user group, and the 4th eventually
Encryption key in second user group for the encryption key and the 4th terminal in first user group for the end is identical;
Wherein, any terminal in all terminals that the 4th terminal includes for first user group.
In the diagram, bus architecture (being represented with bus 500), bus 500 can include any amount
The bus of interconnection and bridge, bus 500 by the one or more processors including being represented by processor 504 and
The various circuit of the memorizer that memorizer 505 represents link together.Bus 500 can also be by such as periphery
Various other circuit of equipment, manostat and management circuit or the like link together, and these are all these
Well known to field, therefore, no longer it is described further herein.EBI 503 is in bus 500
Interface is provided and receiver 501 and transmitter 506 between.Receiver 501 and transmitter 506 can be one
Individual element or multiple element, such as multiple receptors and transmitter, are provided in transmission medium
The upper unit communicating with various other devices.The data that treated device 504 is processed passes through antenna 502 wireless
It is transmitted on medium, further, antenna 502 also receiving data simultaneously transfers data to processor 504.
Processor 504 is responsible for bus 500 and common process, may also provide various functions, including
Regularly, peripheral interface, voltage-regulation, power management and other control functions.And memorizer 505 is permissible
It is used for storing the data that processor 504 is used in execution operation.
Optionally, processor 504 can be CPU (centre buries device), ASIC (Application Specific
Integrated Circuit, special IC), FPGA (Field-Programmable Gate Array,
Field programmable gate array) or CPLD (Complex Programmable Logic Device, complexity can be compiled
Journey logical device).
It can be seen from the above:The network equipment can use the decruption key of the network equipment to first message solution
Close draw origination message, determine N number of second first user group belonging to from first terminal for the network equipment afterwards
Terminal, and the encryption key of each second terminal, and use the encryption key of each second terminal to original
Message is encrypted, and is sent respectively to each second terminal, so can make each second terminal use this
The decruption key of two terminals is decrypted to the information receiving, and has at least two due in this first user group
Corresponding encryption key is different respectively for individual second terminal, has at least two second in this first user group eventually
Corresponding decruption key is different respectively at end.Therefore, even if second terminal has revealed the solution of this second terminal
Key, counterfeiter also cannot improve information transmission security based on the information deciphering other terminals revealed
Property.
Those skilled in the art are it should be appreciated that embodiments of the invention can be provided as method or computer journey
Sequence product.Therefore, the present invention using complete hardware embodiment, complete software embodiment or can combine software
Form with the embodiment of hardware aspect.And, the present invention can adopt and wherein include meter one or more
Calculation machine usable program code computer-usable storage medium (including but not limited to disk memory,
CD-ROM, optical memory etc.) the upper computer program implemented form.
The present invention is to produce with reference to method according to embodiments of the present invention, equipment (system) and computer program
The flow chart of product and/or block diagram are describing.It should be understood that can by computer program instructions flowchart and
/ or block diagram in each flow process and/or the flow process in square frame and flow chart and/or block diagram and/
Or the combination of square frame.These computer program instructions can be provided to general purpose computer, special-purpose computer, embed
The processor of formula datatron or other programmable data processing device is to produce a machine so that passing through to calculate
The instruction of the computing device of machine or other programmable data processing device produces for realizing in flow chart one
The device of the function of specifying in individual flow process or multiple flow process and/or one square frame of block diagram or multiple square frame.
These computer program instructions may be alternatively stored in and computer or other programmable data can be guided to process and set
So that being stored in this computer-readable memory in the standby computer-readable memory working in a specific way
Instruction produce and include the manufacture of command device, the realization of this command device is in one flow process or multiple of flow chart
The function of specifying in flow process and/or one square frame of block diagram or multiple square frame.
These computer program instructions also can be loaded in computer or other programmable data processing device, makes
Obtain and execute series of operation steps to produce computer implemented place on computer or other programmable device
Reason, thus the instruction of execution is provided for realizing in flow chart one on computer or other programmable device
The step of the function of specifying in flow process or multiple flow process and/or one square frame of block diagram or multiple square frame.
Although preferred embodiments of the present invention have been described, but those skilled in the art once know base
This creative concept, then can make other change and modification to these embodiments.So, appended right will
Ask and be intended to be construed to including preferred embodiment and fall into being had altered and changing of the scope of the invention.
Obviously, those skilled in the art can carry out various changes and modification without deviating from this to the present invention
Bright spirit and scope.So, if the present invention these modification and modification belong to the claims in the present invention and
Within the scope of its equivalent technologies, then the present invention is also intended to comprise these changes and modification.
Claims (21)
1. a kind of method for message transmission is it is characterised in that include:
The network equipment receives the first message that first terminal sends, and described first message is that described first terminal makes
With the encryption key of the described network equipment, origination message is encrypted and to obtain afterwards;
The described network equipment is decrypted to described first message using the decruption key of the described network equipment, obtains
To described origination message;
The described network equipment determines N number of second terminal of described first message to be received, described first terminal and
Described N number of second terminal belongs to described in first user group, and described N number of second terminal at least two
Corresponding encryption key is different respectively for second terminal;
The described network equipment obtains described N number of second terminal corresponding N of difference in described first user group
Individual encryption key;
The described network equipment carries out to described origination message adding using the described N number of encryption key obtaining respectively
Close, obtain N number of second message;
Described N number of second message is sent respectively to corresponding described N number of second terminal by the described network equipment;
Described N is more than or equal to 2.
2. the method for claim 1 is it is characterised in that the described network equipment determines institute to be received
State N number of second terminal of first message, specifically include:
The described network equipment according to belonging to the described first terminal carrying in described first message described first
The mark of user's group, determines the described first user group belonging to described first terminal;
Described first is removed in all terminals that the described first user group determined is included by the described network equipment
Other terminals outside terminal, are defined as the described of the described first message that described first terminal to be received sends
N number of second terminal.
3. the method for claim 1 is it is characterised in that the described network equipment determines institute to be received
State N number of second terminal of first message, specifically include:
The described network equipment according to belonging to the described first terminal carrying in described first message described first
The mark of user's group, determines the described first user group belonging to described first terminal;
The described network equipment is according to N number of end of the to be received described first message carrying in described first message
End mark, determines corresponding described respectively with described N number of terminal iidentification from the described first user group determining
N number of second terminal.
4. method as claimed in claim 3 is it is characterised in that also include:
The described network equipment determines the third terminal in described first user group;Described third terminal is described the
Other terminals in addition to described first terminal and described N number of second terminal in one user's group;Described network sets
Standby using the encryption keys different from the corresponding encryption key of described third terminal, described original disappear to obtain
Breath is encrypted, and obtains the 3rd message, and described 3rd message is sent to described third terminal.
5. the method as described in Claims 1-4 any claim is it is characterised in that described network
Equipment obtains described N number of second terminal corresponding N number of encryption key of difference in described first user group,
Including:
The described network equipment, according to the mark of each described second terminal, generates each described second terminal in institute
State the corresponding encryption key of difference in first user group;
Described N number of second message is sent respectively to corresponding described N number of second terminal by the described network equipment
Before, also include:
The described network equipment, according to the mark of each described second terminal, generates each described second terminal respectively
Corresponding decruption key, and
The described decruption key generating is sent respectively to corresponding described second terminal.
6. the method as described in claim 1 to 5 any claim is it is characterised in that described network
Before equipment receives the first message that first terminal sends, also include:
The described network equipment obtains the encryption key of the described network equipment and the decruption key of the described network equipment;
The described network equipment sends the encryption key of the described network equipment to described first terminal, for described the
Origination message described in one terminal-pair is encrypted and obtains described first message.
7. the method as described in claim 1 to 6 any claim is it is characterised in that described first
User's group includes the 4th terminal, and described 4th terminal still belongs to second user group, and described 4th terminal is described
Encryption key phase in described second user group for the encryption key and described 4th terminal in first user group
With;
Wherein, described 4th terminal is any terminal in all terminals that described first user group includes.
8. a kind of network equipment is it is characterised in that include:
Receiving unit, for receiving the first message of first terminal transmission, described first message is described first
Terminal is encrypted to origination message using the encryption key of the described network equipment and to obtain afterwards;
Decryption unit, is decrypted to described first message for the decruption key using the described network equipment,
Obtain described origination message;
Determining unit, for determining N number of second terminal of described first message to be received;Described first terminal
Belong at least two in described first user group, and described N number of second terminal with described N number of second terminal
Corresponding encryption key is different respectively for individual described second terminal;Described N is more than or equal to 2;
Processing unit, corresponding N number of respectively in first user group for obtaining described N number of second terminal
Encryption key, is encrypted to described origination message respectively using the described N number of encryption key obtaining, obtains
N number of second message;
Transmitting element, for being sent respectively to corresponding described N number of second eventually by described N number of second message
End.
9. the network equipment as claimed in claim 8 is it is characterised in that described determining unit is treated in determination
Receive described first message N number of second terminal when, specifically for:
The mark of the described first user group according to belonging to the described first terminal carrying in described first message,
Determine the described first user group belonging to described first terminal;
Its in addition to described first terminal in all terminals that the described first user group determined is included
Its terminal, be defined as the described first message that described first terminal to be received sends described N number of second is whole
End.
10. the network equipment as claimed in claim 8 is it is characterised in that described determining unit is treated in determination
Receive described first message N number of second terminal when, specifically for:
The mark of the described first user group according to belonging to the described first terminal carrying in described first message,
Determine the described first user group belonging to described first terminal;
According to N number of terminal iidentification of the to be received described first message carrying in described first message, from determination
Described first user group in determine and distinguish corresponding described N number of second terminal with described N number of terminal iidentification.
11. network equipments as claimed in claim 10, it is characterised in that described determining unit, are also used
In:
Determine the third terminal in described first user group;Described third terminal is to remove in described first user group
Other terminals outside described first terminal and described N number of second terminal;
Described processing unit, is additionally operable to:Using the encryption different from the corresponding encryption key of described third terminal
Key, is encrypted to the described origination message obtaining, obtains the 3rd message;
Described transmitting element, is additionally operable to:Described 3rd message is sent to described third terminal.
12. network equipments as described in claim 8 to 11 any claim it is characterised in that
Described processing unit is corresponding respectively in described first user group in the described N number of second terminal of acquisition
During N number of encryption key, specifically for:According to the mark of each described second terminal, generate each described
Two terminals corresponding encryption key of difference in described first user group;Mark according to each described second terminal
Know, generate each described second terminal corresponding decruption key respectively;
Described transmitting element, is additionally operable to:The described decruption key generating is sent respectively to corresponding described the
Two terminals.
13. network equipments as described in claim 8 to 12 any claim it is characterised in that
Described processing unit, is additionally operable to:Described receiving unit receive first terminal send first message it
Before, obtain the encryption key of the described network equipment and the decruption key of the described network equipment;
Described transmitting element, is additionally operable to:Send the encryption key of the described network equipment to described first terminal,
For described first terminal, described origination message is encrypted and obtains described first message.
14. network equipments as described in claim 8 to 13 any claim are it is characterised in that institute
State first user group and include the 4th terminal, described 4th terminal still belongs to second user group, described 4th terminal
Encryption in described second user group for the encryption key and described 4th terminal in described first user group
Key is identical;
Wherein, described 4th terminal is any terminal in all terminals that described first user group includes.
A kind of 15. network equipments are it is characterised in that include:
Receiver, for receiving the first message of first terminal transmission, described first message is described first end
End is encrypted to origination message using the encryption key of the described network equipment and to obtain afterwards;
Processor, is decrypted to described first message for the decruption key using the described network equipment, obtains
To described origination message, determine N number of second terminal of described first message to be received, obtain described N number of
Second terminal corresponding N number of encryption key of difference in first user group, described N number of using acquisition adds
Key is encrypted to described origination message respectively, obtains N number of second message;Described first terminal and institute
State N number of second terminal and belong at least two institutes in described first user group, and described N number of second terminal
Corresponding encryption key is different respectively to state second terminal;Described N is more than or equal to 2;
Transmitter, for being sent respectively to corresponding described N number of second terminal by described N number of second message.
16. network equipments as claimed in claim 15 are it is characterised in that described processor is treated in determination
Receive described first message N number of second terminal when, specifically for:
The mark of the described first user group according to belonging to the described first terminal carrying in described first message,
Determine the described first user group belonging to described first terminal;
Its in addition to described first terminal in all terminals that the described first user group determined is included
Its terminal, be defined as the described first message that described first terminal to be received sends described N number of second is whole
End.
17. network equipments as claimed in claim 15 are it is characterised in that described processor is treated in determination
Receive described first message N number of second terminal when, specifically for:
The mark of the described first user group according to belonging to the described first terminal carrying in described first message,
Determine the described first user group belonging to described first terminal;
According to N number of terminal iidentification of the to be received described first message carrying in described first message, from determination
Described first user group in determine and distinguish corresponding described N number of second terminal with described N number of terminal iidentification.
18. network equipments as claimed in claim 17 it is characterised in that
Described processor, is additionally operable to:Determine the third terminal in described first user group;Described third terminal
For the other terminals in addition to described first terminal and described N number of second terminal in described first user group;Make
With the encryption key different from the corresponding encryption key of described third terminal, the described origination message obtaining is entered
Row encryption, obtains the 3rd message;
Described transmitter, is additionally operable to:Described 3rd message is sent to described third terminal.
19. network equipments as described in claim 15 to 18 any claim it is characterised in that
Described processor is obtaining described N number of second terminal corresponding N of difference in described first user group
During individual encryption key, specifically for:According to the mark of each described second terminal, generate each described second
Terminal corresponding encryption key of difference in described first user group;Mark according to each described second terminal
Know, generate each described second terminal corresponding decruption key respectively;
Described transmitter, is additionally operable to:The described decruption key generating is sent respectively to corresponding described second
Terminal.
20. network equipments as described in claim 15 to 19 any claim it is characterised in that
Described processor, is additionally operable to:Before described receiver receives the first message that first terminal sends,
Obtain the encryption key of the described network equipment and the decruption key of the described network equipment;
Described transmitter, is additionally operable to:Send the encryption key of the described network equipment to described first terminal, use
In described first terminal, described origination message is encrypted and obtains described first message.
21. network equipments as described in claim 15 to 20 any claim are it is characterised in that institute
State first user group and include the 4th terminal, described 4th terminal still belongs to second user group, described 4th terminal
Encryption in described second user group for the encryption key and described 4th terminal in described first user group
Key is identical;
Wherein, described 4th terminal is any terminal in all terminals that described first user group includes.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510543931.0A CN106487761B (en) | 2015-08-28 | 2015-08-28 | Message transmission method and network equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510543931.0A CN106487761B (en) | 2015-08-28 | 2015-08-28 | Message transmission method and network equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN106487761A true CN106487761A (en) | 2017-03-08 |
| CN106487761B CN106487761B (en) | 2020-03-10 |
Family
ID=58235350
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510543931.0A Active CN106487761B (en) | 2015-08-28 | 2015-08-28 | Message transmission method and network equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106487761B (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109525612A (en) * | 2019-01-15 | 2019-03-26 | 北京云中融信网络科技有限公司 | Multiterminal news enciphering transmission method and system |
| CN110198523A (en) * | 2019-07-18 | 2019-09-03 | 中国联合网络通信集团有限公司 | The distribution method and system of Message Encryption key in group |
| CN112235331A (en) * | 2019-07-15 | 2021-01-15 | 中国移动通信有限公司研究院 | Data transmission processing method and equipment |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2001033361A1 (en) * | 1999-11-01 | 2001-05-10 | Mangosoft Corporation | Internet-based shared file service with native pc client access and semantics |
| CN1596521A (en) * | 2001-11-30 | 2005-03-16 | 国际商业机器公司 | Information content distribution based on privacy and/or personal information |
| US6978367B1 (en) * | 1999-10-21 | 2005-12-20 | International Business Machines Corporation | Selective data encryption using style sheet processing for decryption by a client proxy |
| CN101022333A (en) * | 2007-02-01 | 2007-08-22 | 华为技术有限公司 | Distributing system, method and device for group key control message |
| CN101938481A (en) * | 2010-09-06 | 2011-01-05 | 华南理工大学 | File encryption and distribution method based on digital certificate |
| CN102420821A (en) * | 2011-11-28 | 2012-04-18 | 飞天诚信科技股份有限公司 | Method and system for improving transmission security of file |
| CN104168320A (en) * | 2014-08-19 | 2014-11-26 | 三星电子(中国)研发中心 | User data sharing method and system |
-
2015
- 2015-08-28 CN CN201510543931.0A patent/CN106487761B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6978367B1 (en) * | 1999-10-21 | 2005-12-20 | International Business Machines Corporation | Selective data encryption using style sheet processing for decryption by a client proxy |
| WO2001033361A1 (en) * | 1999-11-01 | 2001-05-10 | Mangosoft Corporation | Internet-based shared file service with native pc client access and semantics |
| CN1596521A (en) * | 2001-11-30 | 2005-03-16 | 国际商业机器公司 | Information content distribution based on privacy and/or personal information |
| CN101022333A (en) * | 2007-02-01 | 2007-08-22 | 华为技术有限公司 | Distributing system, method and device for group key control message |
| CN101938481A (en) * | 2010-09-06 | 2011-01-05 | 华南理工大学 | File encryption and distribution method based on digital certificate |
| CN102420821A (en) * | 2011-11-28 | 2012-04-18 | 飞天诚信科技股份有限公司 | Method and system for improving transmission security of file |
| CN104168320A (en) * | 2014-08-19 | 2014-11-26 | 三星电子(中国)研发中心 | User data sharing method and system |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109525612A (en) * | 2019-01-15 | 2019-03-26 | 北京云中融信网络科技有限公司 | Multiterminal news enciphering transmission method and system |
| CN109525612B (en) * | 2019-01-15 | 2021-06-04 | 北京云中融信网络科技有限公司 | Multi-terminal message encryption transmission method and system |
| CN112235331A (en) * | 2019-07-15 | 2021-01-15 | 中国移动通信有限公司研究院 | Data transmission processing method and equipment |
| CN112235331B (en) * | 2019-07-15 | 2023-05-09 | 中国移动通信有限公司研究院 | Data transmission processing method and device |
| CN110198523A (en) * | 2019-07-18 | 2019-09-03 | 中国联合网络通信集团有限公司 | The distribution method and system of Message Encryption key in group |
| CN110198523B (en) * | 2019-07-18 | 2022-04-15 | 中国联合网络通信集团有限公司 | Method and system for distributing message encryption keys in group |
Also Published As
| Publication number | Publication date |
|---|---|
| CN106487761B (en) | 2020-03-10 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105684344B (en) | A kind of cipher key configuration method and apparatus | |
| CN106788977A (en) | Low-power consumption bluetooth device talk encryption method and system | |
| CN108599925A (en) | A kind of modified AKA identity authorization systems and method based on quantum communication network | |
| CN109309569A (en) | The method, apparatus and storage medium of collaboration signature based on SM2 algorithm | |
| CN103986583A (en) | Dynamic encryption method and encryption communication system thereof | |
| CN103986723B (en) | A kind of secret communication control, secret communication method and device | |
| CN103458400A (en) | Key management method for voice encryption communication system | |
| CN108989309A (en) | Encryption communication method and its encrypted communication device based on narrowband Internet of Things | |
| CN102420642B (en) | Bluetooth device and communication method thereof | |
| CN104901803A (en) | Data interaction safety protection method based on CPK identity authentication technology | |
| CN109600725A (en) | A kind of message encryption method based on SM9 algorithm | |
| CN103297230B (en) | Information encipher-decipher method, Apparatus and system | |
| CN105306212B (en) | A kind of label decryption method that identity is hiding and safe by force | |
| CN112087302A (en) | Device for encrypting and decrypting algorithm of asymmetric dynamic token | |
| CN105099671B (en) | A kind of identity hides and non-extensible safe authentication key agreement method | |
| CN103458401B (en) | A kind of voice encryption communication system and communication means | |
| CN106487761A (en) | A kind of method for message transmission and the network equipment | |
| CN106161224A (en) | Method for interchanging data, device and equipment | |
| CN104065669B (en) | A kind of spatial network encryption method | |
| CN101515853B (en) | Information terminal and information safety device thereof | |
| CN103916851A (en) | Safety certification method, device and system | |
| CN106899545B (en) | A kind of system and method for terminal security communication | |
| CN105262759A (en) | Method and system for encrypted communication | |
| CN110166410A (en) | A kind of method of safety-oriented data transfer, terminal and multi-mode communication terminal | |
| CN110278077B (en) | Method, device, equipment and storage medium for acquiring data information of electric energy meter |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information | ||
| CB02 | Change of applicant information |
Address after: 523808 Southern Factory Building (Phase I) Project B2 Production Plant-5, New Town Avenue, Songshan Lake High-tech Industrial Development Zone, Dongguan City, Guangdong Province Applicant after: Huawei Device Co., Ltd. Address before: 523808 Southern Factory Building (Phase I) Project B2 Production Plant-5, New Town Avenue, Songshan Lake High-tech Industrial Development Zone, Dongguan City, Guangdong Province Applicant before: HUAWEI terminal (Dongguan) Co., Ltd. |
|
| GR01 | Patent grant | ||
| GR01 | Patent grant |