CN108964893A - A kind of cipher key processing method, device, equipment and medium - Google Patents
A kind of cipher key processing method, device, equipment and medium Download PDFInfo
- Publication number
- CN108964893A CN108964893A CN201810669692.7A CN201810669692A CN108964893A CN 108964893 A CN108964893 A CN 108964893A CN 201810669692 A CN201810669692 A CN 201810669692A CN 108964893 A CN108964893 A CN 108964893A
- Authority
- CN
- China
- Prior art keywords
- key
- transmission
- mark
- transmission key
- request
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0822—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0838—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
Abstract
The embodiment of the invention discloses a kind of cipher key processing method, device, equipment and media, are related to data encryption technology field.This method comprises: encrypting using second end mark to first end key and first end mark, the first encryption data is obtained;The first transmission key including first encryption data, which is sent, to second end generates request;Transmission key between first end and second end is determined according to responding first transmission key using the obtained second end of first end mark decryption and generating the feedback information of request.The embodiment of the present invention provides a kind of cipher key processing method, device, equipment and medium, realizes the negotiation confirmation of key, solves the problems, such as that cipher key index plaintext version is sent to recipient's bring key to be easy to be cracked, improve the safety of data transmission.
Description
Technical field
The present embodiments relate to data encryption technology field more particularly to a kind of cipher key processing method, device, equipment and
Medium.
Background technique
P2P (peer to peer, point-to-point) technology, also referred to as reciprocity internet technique.In network using P2P technology
There is no the concept of client or server, the only brother of node of equality.Communication mode in the network be node and node it
Between direct communication.Compared to the side that communication in traditional client-sever network model needs to commute a central server
Formula.The communication mode can save flow and bandwidth.
In the Dropbox of application P2P technology, the mode of data encryption is usual are as follows: utilizes what is randomly selected based on cipher key sets
Key pair data to be transmitted carries out Partial encryption.By data receiver, cipher key index determination from cipher key sets is close based on the received
Key, and be decrypted using the key pair encryption data, wherein cipher key index is index of the key in cipher key sets.
However, in above-mentioned ciphering process, because cipher key sets are well known to each node of present networks, and the index of key is
Plaintext version.Therefore, malicious attack nodes are easy to by the way that the network is added, and decrypt transmission after intercepting and capturing transmission data
The encryption part of data.So as to cause the low problem of data transmission security.
Summary of the invention
It is true that the embodiment of the present invention provides a kind of cipher key processing method, device, equipment and medium, the negotiation for realizing key
Recognize, solves the problems, such as that cipher key index plaintext version is sent to recipient's bring key to be easy to be cracked, to improve
The safety of data transmission.
In a first aspect, the embodiment of the invention provides a kind of cipher key processing methods, this method comprises:
First end key and first end mark are encrypted using second end mark, obtain the first encryption data;
The first transmission key including first encryption data is sent to second end and generates request, wherein described first passes
Defeated key generation request is used to indicate second end and the first encryption data is decrypted according to second end mark, according to decryption
Obtained first end key, which generates, responds the feedback information that first transmission key generates request, and obtained according to decryption
First end mark encrypts the feedback information;
The feedback that first transmission key generates request is responded according to the second end obtained using first end mark decryption
Information determines the transmission key between first end and second end.
Second aspect, the embodiment of the invention also provides a kind of key handling device, which includes:
Encrypting module obtains first for encrypting using second end mark to first end key and first end mark
Encryption data;
Sending module generates request for sending the first transmission key including first encryption data to second end,
Wherein first transmission key generate request be used to indicate second end according to second end mark to the first encryption data into
Row decryption, the first end key obtained according to decryption generate the feedback information for responding first transmission key and generating request, with
And the first end mark obtained according to decryption encrypts the feedback information;
Transmission key determining module, for being passed according to the second end response described first obtained using first end mark decryption
The feedback information that defeated key generates request determines the transmission key between first end and second end.
The third aspect, the embodiment of the invention also provides a kind of equipment, the equipment includes:
One or more processors;
Storage device, for storing one or more programs,
When one or more of programs are executed by one or more of processors, so that one or more of processing
Device realizes the cipher key processing method as described in any in the embodiment of the present invention.
Fourth aspect, the embodiment of the invention also provides a kind of computer readable storage mediums, are stored thereon with computer
Program realizes the cipher key processing method as described in any in the embodiment of the present invention when program is executed by processor.
The embodiment of the present invention carries out encryption to determining transmission key by the unique identification information based on communicating pair and leads to
Letter realizes the negotiation confirmation of key.It solves and holds another party's bring key that cipher key index plaintext version is sent to communication
The problem of being easily cracked, and then the safety of improve data transfer.
Detailed description of the invention
Fig. 1 is a kind of flow chart for cipher key processing method that the embodiment of the present invention one provides;
Fig. 2 is a kind of signaling diagram of data transmission provided by Embodiment 2 of the present invention;
Fig. 3 is a kind of flow chart for cipher key processing method that the embodiment of the present invention three provides;
Fig. 4 is a kind of flow chart for cipher key processing method that the embodiment of the present invention four provides;
Fig. 5 is a kind of structural schematic diagram for key handling device that the embodiment of the present invention five provides;
Fig. 6 is a kind of structural schematic diagram for equipment that the embodiment of the present invention six provides.
Specific embodiment
The present invention is described in further detail with reference to the accompanying drawings and examples.It is understood that this place is retouched
The specific embodiment stated is used only for explaining the present invention rather than limiting the invention.It also should be noted that in order to just
Only the parts related to the present invention are shown in description, attached drawing rather than entire infrastructure.
Embodiment one
Fig. 1 is a kind of flow chart for cipher key processing method that the embodiment of the present invention one provides.The present embodiment is applicable to
Before being encrypted using key pair transmission data, the case where being determined to key.This method can be by a kind of key handling
Device executes, which can be realized by the mode of software and/or hardware.Referring to Fig. 1, key handling provided in this embodiment
Method includes:
S110, first end key and first end mark are encrypted using second end mark, obtains the first encryption data.
Specifically, first end identifies unique identification first end, can be generated by the information of first end.Second end mark is unique
Second end is identified, can be generated by the information of second end.Wherein, first end and second end is the both sides of communication.In the present embodiment
Using first end as executing subject, for sending request of data to second end, and the data fed back from second end are received.
It is raw according to the static information, multidate information and random number of the first end for the safety for improving first end mark
It is identified at dynamic first end.Wherein, the static information includes: in mac address of nic, CPU sequence number and hard disk serial number
At least one, the multidate information includes: network IP and/or current Unix timestamp.
Typically, the information after network is added in first end according to first end generates first end mark, and by first end mark
Knowledge is sent to server.Equally, the information after network is added in second end according to second end generates second end mark, and by second
End mark is also sent to server.First end sends request of data to server, if requested data are deposited in the request of data
Storage is in second end, then the mark of second end and the network port are sent to first end based on the request of data by server.
First end key can be generated by first end according to the information of first end, can also be obtained at random from cryptographic libraries.
S120, the first transmission key generation request including first encryption data is sent to second end.
Wherein, first transmission key generates request and is used to indicate second end and identifies according to the second end and adds to first
Ciphertext data is decrypted.After to the decryption of the first encryption data, second end generates response according to the first end key that decryption obtains
First transmission key generates the feedback information of request, and the first end mark obtained according to decryption to the feedback information into
Row encryption generates the second encryption data.It is identified by second end using first end and second end is encrypted, and by encrypted data
It is sent to first end, to improve the transmission security of feedback information.
Specifically, feedback information can be confirmation message, it is also possible to the first end key by confirmation.
S130, the first transmission key generation request is responded according to the second end obtained using first end mark decryption
Feedback information determines the transmission key between first end and second end.
Specifically, first end key is determined as first end and second if above-mentioned feedback information is confirmation key information
Transmission key between end.
If above-mentioned feedback information is refusal key information, first end key is redefined, and return suitable since S110
Sequence executes.
The technical solution of the embodiment of the present invention carries out determining transmission key by the identification information based on communicating pair
The encrypted negotiation confirmation of key is realized in coded communication.Solve by cipher key index plaintext version be sent to another party of communication with
The key come is easy the problem of being cracked, and then the safety of improve data transfer.
For the safety for further increasing data transmission, the generation of first end key includes:
It is random to generate first end key.
Specifically, first end key can be generated at random according to ownship information.It is obtained by way of generating key at random
First end key, to increase the difficulty that malicious attack network node obtains first end key.And then it improves close based on first end
Key carries out the safety of the data of encrypted transmission.
To solve the problems, such as that private data cannot be transmitted in the existing network disk data transmission using P-2-P technology.In foundation
First is determined using the feedback information that the second end that first end mark decryption obtains responds the first transmission key generation request
After transmission key between end and second end, further includes:
Based on the transmission key, whole encryptions are carried out to transmission data.
Embodiment two
Fig. 2 is a kind of signaling diagram of data transmission provided by Embodiment 2 of the present invention.The present embodiment is in above-described embodiment
On the basis of a kind of data transmission scheme for proposing.Referring to fig. 2, data provided in this embodiment, which are transmitted, includes:
Request of data is sent to server.
The second end mark and the network port of second end where receiving the request data that server returns.
Wherein, second end identifies unique identification second end, by the static information of second end, multidate information and random number structure
At.
Specifically, server based on data requests to determine that request data feeds back second in second end, and based on request of data
End mark and the second end network port.Wherein, second end can be by the data and second end that are possessed mark hair after accessing network
Give server.
It is random to generate first end key, the first end key and first end mark are identified using the second end and carried out
Encryption generates the first encryption data.
Based on the network port, first encryption data is sent to second end.
Wherein, second end utilizes the first end key and first end mark in second end mark the first encryption data of decryption.
First end key is recorded, and after confirming to first end key, is encrypted using first end key pair feedback message, and
It is sent to first end.
The feedback message of decryption second end is identified using first end, if it is that transmission is close that feedback message, which is confirmation first end key,
First end key confirmation is then transmission key by the message of key.
It is requested based on above-mentioned transmission key encryption data, encrypted request of data is sent to second end.
Wherein, second end receives encrypted request of data, and is decrypted using transmission key, obtains request of data.
Second end determines data to be sent according to request of data, and carries out whole encryptions, hair to sent data using transmission key
Give first end.
After receiving the encryption data that second end is sent based on above-mentioned request of data, this is added using above-mentioned transmission key
Ciphertext data is decrypted, acquisition request data.
It is logical to carry out encryption to transmission key by the unique identification using communicating pair for the technical solution of the embodiment of the present invention
Letter realizes the negotiation to transmission key.To improve the safety of transmission key, and then improve the number transmitted based on transmission key
According to safety.
In addition, can be further improved the safety of key by generating key at random compared to key is obtained from cipher key store
Property and crack difficulty.Transmission, greatly improves the difficulty closed and cracked.
By way of all being encrypted to transmission data, the transmission to private data may be implemented.Meanwhile it is point-to-point
The application of technology is so that the data transmission based on Dropbox has the characteristics that save flow and bandwidth.
Embodiment three
Fig. 3 is a kind of flow chart for cipher key processing method that the embodiment of the present invention three provides.The present embodiment is in above-mentioned reality
Apply a kind of optinal plan proposed on the basis of example.Referring to Fig. 3, cipher key processing method provided in this embodiment includes:
S310, first end key and first end mark are encrypted using second end mark, obtains the first encryption data.
S320, the first transmission key generation request including first encryption data is sent to second end.
If S330, reception obtain second end using first end mark decryption and respond the first transmission key generation request hair
The second end key sent then generates the transmission key between first end and second end according to first end key and second end key.
Specifically, first end key and second end key can be combined, after combination according to setting rule of combination
Key be determined as transmission key.
For the determination safety for further increasing transmission key, first end key and second end key can also be set
The calculating for determining algorithm determines transmission key according to calculated result.
The technical solution of the embodiment of the present invention passes through the first end key and second provided based on first end in communicating pair
The second key that end provides determines transmission key.Because transmission key needs both sides to participate in providing, to further increase transmission
Key cracks difficulty.
Example IV
Fig. 4 is a kind of flow chart for cipher key processing method that the embodiment of the present invention four provides.The present embodiment is in above-mentioned reality
Apply a kind of optinal plan on the basis of example.Different from above-described embodiment, first end and second end is constituted logical in the present embodiment
Believe both sides, the request of data that wherein first end is used to send based on second end sends data to second end.Referring to fig. 4, this implementation
Example provide a kind of cipher key processing method include:
S410, the second transmission key generation request including the second encryption data is received from second end.
Wherein, second encryption data be second end using first end mark to second end key and second end identify into
Row encryption obtains.
S420, second encryption data is decrypted using first end mark, the second end obtained according to decryption is close
Key, which generates, responds the feedback information that second transmission key generates request.
Specifically, the generation of feedback information can determine that rule generates based on setting key.For example, if decryption obtain the
Two transmission keys meet above-mentioned setting key and determine rule, then the feedback that feedback acknowledgment second end key is transmission key disappear
Breath.
Optionally, the generation of feedback message is also possible to: generating first end key;Disappear first end key as feedback
Breath.
S430, the second end mark obtained according to decryption carry out encryption generation third encryption data to the feedback information.
S440, the third encryption data is sent to the second end, the second end is made to determine the according to feedback information
Transmission key between one end and second end.
The technical solution of the embodiment of the present invention generates response described second by the second end key obtained according to decryption and passes
Defeated key generates the feedback information of request, and the second end mark obtained according to decryption carries out encryption transmission to the feedback information
To second end.To realize the determination to the second end key determined by second end, and then realize the negotiation to encryption key.Solution
It has determined and another party's bring key that cipher key index plaintext version is sent to communication is easy the problem of being cracked, and then improved number
According to the safety of transmission.
It should be noted that by the technical teaching of the present embodiment, those skilled in the art have motivation by above-described embodiment
Described in any embodiment carry out the combination of scheme, to realize the determination to key.
Embodiment five
Fig. 5 is a kind of structural schematic diagram for key handling device that the embodiment of the present invention five provides.Referring to Fig. 5, this implementation
The key handling device that example provides includes: encrypting module 10, sending module 20 and transmission key determining module 30.
Wherein, encrypting module 10 are obtained for being encrypted using second end mark to first end key and first end mark
To the first encryption data;
Sending module 20 is asked for sending the first transmission key generation including first encryption data to second end
It asks, wherein first transmission key, which generates request, is used to indicate second end according to second end mark to the first encryption data
It being decrypted, the first end key obtained according to decryption generates the feedback information for responding first transmission key and generating request,
And the first end mark obtained according to decryption encrypts the feedback information;
Transmission key determining module 30, for according to the second end response described first obtained using first end mark decryption
The feedback information that transmission key generates request determines the transmission key between first end and second end.
The technical solution of the embodiment of the present invention carries out determining transmission key by the identification information based on communicating pair
The negotiation confirmation of key is realized in coded communication.Solves another party's bring that cipher key index plaintext version is sent to communication
Key is easy the problem of being cracked, and then the safety of improve data transfer.
Further, the transmission key determining module, comprising: the first transmission key determination unit.
Wherein, the first transmission key determination unit, for being obtained described in second end response according to first end mark decryption
First transmission key generates the transmission key confirmation message that request is sent, then using the first end key as first end and second
Transmission key between end.
Further, the transmission key determining module, comprising: the second transmission key determination unit.
Wherein, the second transmission key determination unit, if obtaining second end response using first end mark decryption for receiving
First transmission key generates the second end key that request is sent, then generates first according to first end key and second end key
Transmission key between end and second end.
Further, the key determining device further include: request receiving module, feedback information generation module and encryption number
According to sending module.
Wherein, request receiving module is generated for receiving the second transmission key including the second encryption data from second end
Request, wherein second encryption data is that second end adds second end key and second end mark using first end mark
It is close to obtain;
Feedback information generation module, for second encryption data to be decrypted using first end mark, according to solution
Close obtained second end key generates the feedback information for responding the second transmission key generation request, and obtains according to decryption
Second end mark to the feedback information carry out encryption generate third encryption data;
Encryption data sending module, for sending the third encryption data to the second end, make the second end according to
The transmission key between first end and second end is determined according to feedback information.
Further, the generation of first end mark includes:
According to the static information, multidate information and random number of the first end, the dynamic first end mark is generated,
In, first end described in the first end mark unique identification.
Further, the generation of first end key includes:
Generate first end key at random according to ownship information.
Further, the key determining module, for being rung according to the second end obtained using first end mark decryption
After answering first transmission key to generate the transmission key that the feedback information requested determines between first end and second end, it is based on
The transmission key carries out whole encryptions to transmission data.
Embodiment six
Fig. 6 is a kind of structural schematic diagram for equipment that the embodiment of the present invention six provides.Fig. 6, which is shown, to be suitable for being used to realizing this
The block diagram of the example devices 12 of invention embodiment.The equipment 12 that Fig. 6 is shown is only an example, should not be to of the invention real
The function and use scope for applying example bring any restrictions.
As shown in fig. 6, equipment 12 is showed in the form of universal computing device.The component of equipment 12 may include but unlimited
In one or more processor or processing unit 16, system storage 28, connecting different system components, (including system is deposited
Reservoir 28 and processing unit 16) bus 18.
Bus 18 indicates one of a few class bus structures or a variety of, including memory bus or Memory Controller,
Peripheral bus, graphics acceleration port, processor or the local bus using any bus structures in a variety of bus structures.It lifts
For example, these architectures include but is not limited to industry standard architecture (ISA) bus, microchannel architecture (MAC)
Bus, enhanced isa bus, Video Electronics Standards Association (VESA) local bus and peripheral component interconnection (PCI) bus.
Equipment 12 typically comprises a variety of computer system readable media.These media can be it is any can be by equipment 12
The usable medium of access, including volatile and non-volatile media, moveable and immovable medium.
System storage 28 may include the computer system readable media of form of volatile memory, such as arbitrary access
Memory (RAM) 30 and/or cache memory 32.Equipment 12 may further include it is other it is removable/nonremovable,
Volatile/non-volatile computer system storage medium.Only as an example, storage system 34 can be used for reading and writing irremovable
, non-volatile magnetic media (Fig. 6 do not show, commonly referred to as " hard disk drive ").Although being not shown in Fig. 6, use can be provided
In the disc driver read and write to removable non-volatile magnetic disk (such as " floppy disk "), and to removable anonvolatile optical disk
The CD drive of (such as CD-ROM, DVD-ROM or other optical mediums) read-write.In these cases, each driver can
To be connected by one or more data media interfaces with bus 18.Memory 28 may include at least one program product,
The program product has one group of (for example, at least one) program module, these program modules are configured to perform each implementation of the invention
The function of example.
Program/utility 40 with one group of (at least one) program module 42 can store in such as memory 28
In, such program module 42 include but is not limited to operating system, one or more application program, other program modules and
It may include the realization of network environment in program data, each of these examples or certain combination.Program module 42 is usual
Execute the function and/or method in embodiment described in the invention.
Equipment 12 can also be communicated with one or more external equipments 14 (such as keyboard, sensing equipment, display 24 etc.),
Can also be enabled a user to one or more equipment interacted with the equipment 12 communication, and/or with enable the equipment 12 with
One or more of the other any equipment (such as network interface card, modem etc.) communication for calculating equipment and being communicated.It is this logical
Letter can be carried out by input/output (I/O) interface 22.Also, equipment 12 can also by network adapter 20 and one or
The multiple networks of person (such as local area network (LAN), wide area network (WAN) and/or public network, such as internet) communication.As shown,
Network adapter 20 is communicated by bus 18 with other modules of equipment 12.It should be understood that although not shown in the drawings, can combine
Equipment 12 use other hardware and/or software module, including but not limited to: microcode, device driver, redundant processing unit,
External disk drive array, RAID system, tape drive and data backup storage system etc..
Processing unit 16 by the program that is stored in system storage 28 of operation, thereby executing various function application and
Data processing, such as realize cipher key processing method provided by the embodiment of the present invention.
Embodiment seven
The embodiment of the present invention seven additionally provides a kind of computer readable storage medium, is stored thereon with computer program, should
The cipher key processing method as described in any in the embodiment of the present invention is realized when program is executed by processor, this method comprises:
First end key and first end mark are encrypted using second end mark, obtain the first encryption data;
The first transmission key including first encryption data is sent to second end and generates request, wherein described first passes
Defeated key generation request is used to indicate second end and the first encryption data is decrypted according to second end mark, according to decryption
Obtained first end key, which generates, responds the feedback information that first transmission key generates request, and obtained according to decryption
First end mark encrypts the feedback information;
The feedback that first transmission key generates request is responded according to the second end obtained using first end mark decryption
Information determines the transmission key between first end and second end.
The computer storage medium of the embodiment of the present invention, can be using any of one or more computer-readable media
Combination.Computer-readable medium can be computer-readable signal media or computer readable storage medium.It is computer-readable
Storage medium for example may be-but not limited to-the system of electricity, magnetic, optical, electromagnetic, infrared ray or semiconductor, device or
Device, or any above combination.The more specific example (non exhaustive list) of computer readable storage medium includes: tool
There are electrical connection, the portable computer diskette, hard disk, random access memory (RAM), read-only memory of one or more conducting wires
(ROM), erasable programmable read only memory (EPROM or flash memory), optical fiber, portable compact disc read-only memory (CD-
ROM), light storage device, magnetic memory device or above-mentioned any appropriate combination.In this document, computer-readable storage
Medium can be any tangible medium for including or store program, which can be commanded execution system, device or device
Using or it is in connection.
Computer-readable signal media may include in a base band or as carrier wave a part propagate data-signal,
Wherein carry computer-readable program code.The data-signal of this propagation can take various forms, including but unlimited
In electromagnetic signal, optical signal or above-mentioned any appropriate combination.Computer-readable signal media can also be that computer can
Any computer-readable medium other than storage medium is read, which can send, propagates or transmit and be used for
By the use of instruction execution system, device or device or program in connection.
The program code for including on computer-readable medium can transmit with any suitable medium, including --- but it is unlimited
In wireless, electric wire, optical cable, RF etc. or above-mentioned any appropriate combination.
The computer for executing operation of the present invention can be write with one or more programming languages or combinations thereof
Program code, described program design language include object oriented program language-such as Java, Smalltalk, C++,
Further include conventional procedural programming language-such as " C " language or similar programming language.Program code can be with
It fully executes, partly execute on the user computer on the user computer, being executed as an independent software package, portion
Divide and partially executes or executed on a remote computer or server completely on the remote computer on the user computer.?
Be related in the situation of remote computer, remote computer can pass through the network of any kind --- including local area network (LAN) or
Wide area network (WAN)-be connected to subscriber computer, or, it may be connected to outer computer (such as mentioned using Internet service
It is connected for quotient by internet).
Note that the above is only a better embodiment of the present invention and the applied technical principle.It will be appreciated by those skilled in the art that
The invention is not limited to the specific embodiments described herein, be able to carry out for a person skilled in the art it is various it is apparent variation,
It readjusts and substitutes without departing from protection scope of the present invention.Therefore, although being carried out by above embodiments to the present invention
It is described in further detail, but the present invention is not limited to the above embodiments only, without departing from the inventive concept, also
It may include more other equivalent embodiments, and the scope of the invention is determined by the scope of the appended claims.
Claims (13)
1. a kind of cipher key processing method characterized by comprising
First end key and first end mark are encrypted using second end mark, obtain the first encryption data;
The first transmission key including first encryption data is sent to second end and generates request, wherein first transmission is close
Key generation request is used to indicate second end and the first encryption data is decrypted according to second end mark, obtains according to decryption
First end key generate and respond the feedback information that first transmission key generates request, and first obtained according to decryption
End mark encrypts the feedback information;
The feedback information that first transmission key generates request is responded according to the second end obtained using first end mark decryption
Determine the transmission key between first end and second end.
2. the method according to claim 1, wherein being rung according to the second end obtained using first end mark decryption
The feedback information of the first transmission key generation request is answered to determine the transmission key between first end and second end, comprising:
Second end, which is obtained, according to first end mark decryption responds the transmission key that first transmission key generates request transmission
Confirmation message, then using the first end key as the transmission key between first end and second end.
3. the method according to claim 1, wherein being rung according to the second end obtained using first end mark decryption
The feedback information of the first transmission key generation request is answered to determine the transmission key between first end and second end, comprising:
First transmission key generates request transmission second is responded if receiving and first end mark decryption being used to obtain second end
Key is held, then generates the transmission key between first end and second end according to first end key and second end key.
4. the method according to claim 1, wherein further include:
The second transmission key including the second encryption data is received from second end and generates request, wherein second encryption data is
Second end encrypts second end key and second end mark using first end mark;
Second encryption data is decrypted using first end mark, the second end key obtained according to decryption generates response
Second transmission key generates the feedback information of request, and the second end obtained according to decryption is identified to the feedback information
It carries out encryption and generates third encryption data;
The third encryption data is sent to the second end, the second end is made to determine first end and second according to feedback information
Transmission key between end.
5. the method according to claim 1, wherein the generation of first end mark includes:
According to the static information, multidate information and random number of the first end, the dynamic first end mark is generated, wherein
First end described in the first end mark unique identification.
6. the method according to claim 1, wherein the generation of first end key includes:
Generate first end key at random according to ownship information.
7. the method according to claim 1, wherein according to the second end obtained using first end mark decryption
After responding the transmission key that the feedback information that the first transmission key generation is requested determines between first end and second end, also
Include:
Based on the transmission key, whole encryptions are carried out to transmission data.
8. a kind of key handling device characterized by comprising
Encrypting module obtains the first encryption for encrypting using second end mark to first end key and first end mark
Data;
Sending module generates request for sending the first transmission key including first encryption data to second end, wherein
The first transmission key generation request is used to indicate second end and solves according to second end mark to the first encryption data
Close, the first end key obtained according to decryption generates the feedback information for responding first transmission key and generating request, Yi Jiyi
The first end mark obtained according to decryption encrypts the feedback information;
Transmission key determining module, for close according to second end response first transmission obtained using first end mark decryption
The feedback information that key generates request determines the transmission key between first end and second end.
9. device according to claim 8, which is characterized in that transmission key determining module includes:
First transmission key determination unit, it is close for obtaining second end response first transmission according to first end mark decryption
Key generates the transmission key confirmation message that request is sent, then using the first end key as the biography between first end and second end
Defeated key.
10. device according to claim 8, which is characterized in that transmission key determining module includes:
Second transmission key determination unit, if obtaining second end response first biography using first end mark decryption for reception
Defeated key generates the second end key that request is sent, then generates first end and second end according to first end key and second end key
Between transmission key.
11. device according to claim 8, which is characterized in that further include:
Request receiving module generates request for receiving the second transmission key including the second encryption data from second end, wherein
Second encryption data is that second end is encrypted to obtain using first end mark to second end key and second end mark;
Feedback information generation module, for second encryption data to be decrypted using first end mark, foundation is decrypted
The second end key that arrives, which generates, responds the feedback information that second transmission key generates request, and the obtained according to decryption
Two ends mark carries out encryption to the feedback information and generates third encryption data;
Encryption data sending module makes the second end according to anti-for sending the third encryption data to the second end
Feedforward information determines the transmission key between first end and second end.
12. a kind of equipment, which is characterized in that the equipment includes:
One or more processors;
Storage device, for storing one or more programs,
When one or more of programs are executed by one or more of processors, so that one or more of processors are real
The now cipher key processing method as described in any in claim 1-7.
13. a kind of computer readable storage medium, is stored thereon with computer program, which is characterized in that the program is by processor
The cipher key processing method as described in any in claim 1-7 is realized when execution.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810669692.7A CN108964893B (en) | 2018-06-26 | 2018-06-26 | Key processing method, device, equipment and medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810669692.7A CN108964893B (en) | 2018-06-26 | 2018-06-26 | Key processing method, device, equipment and medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN108964893A true CN108964893A (en) | 2018-12-07 |
| CN108964893B CN108964893B (en) | 2021-11-23 |
Family
ID=64486805
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810669692.7A Active CN108964893B (en) | 2018-06-26 | 2018-06-26 | Key processing method, device, equipment and medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108964893B (en) |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111062045A (en) * | 2019-12-17 | 2020-04-24 | 北京推想科技有限公司 | Information encryption and decryption method and device, electronic equipment and storage medium |
| CN111405539A (en) * | 2020-05-20 | 2020-07-10 | 孙瑛楠 | Method, device, equipment and storage medium for establishing wireless connection between equipment |
| CN112468470A (en) * | 2020-11-16 | 2021-03-09 | 北京字节跳动网络技术有限公司 | Data transmission method and device and electronic equipment |
| CN113014580A (en) * | 2021-02-24 | 2021-06-22 | 天津中新智冠信息技术有限公司 | File transmission method and device, electronic equipment and storage medium |
| CN113491084A (en) * | 2019-02-28 | 2021-10-08 | 标致雪铁龙汽车股份有限公司 | Symmetric encryption method and device for vehicle computer |
| CN116028979A (en) * | 2023-03-22 | 2023-04-28 | 新兴际华集团财务有限公司 | Key security management method, device, electronic equipment and computer readable medium |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101373503A (en) * | 2008-08-01 | 2009-02-25 | 北京大学 | Printing control method and system based on printing according to necessaries and printing client terminal |
| CN101420413A (en) * | 2007-10-25 | 2009-04-29 | 华为技术有限公司 | Session cipher negotiating method, network system, authentication server and network appliance |
| US20150046695A1 (en) * | 2012-03-09 | 2015-02-12 | Distributed Management Systems Ltd. | Scalable authentication system |
| CN106549858A (en) * | 2016-12-08 | 2017-03-29 | 深圳奥联信息安全技术有限公司 | A kind of instant messaging encryption method based on id password |
-
2018
- 2018-06-26 CN CN201810669692.7A patent/CN108964893B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101420413A (en) * | 2007-10-25 | 2009-04-29 | 华为技术有限公司 | Session cipher negotiating method, network system, authentication server and network appliance |
| CN101373503A (en) * | 2008-08-01 | 2009-02-25 | 北京大学 | Printing control method and system based on printing according to necessaries and printing client terminal |
| US20150046695A1 (en) * | 2012-03-09 | 2015-02-12 | Distributed Management Systems Ltd. | Scalable authentication system |
| CN106549858A (en) * | 2016-12-08 | 2017-03-29 | 深圳奥联信息安全技术有限公司 | A kind of instant messaging encryption method based on id password |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113491084A (en) * | 2019-02-28 | 2021-10-08 | 标致雪铁龙汽车股份有限公司 | Symmetric encryption method and device for vehicle computer |
| CN111062045A (en) * | 2019-12-17 | 2020-04-24 | 北京推想科技有限公司 | Information encryption and decryption method and device, electronic equipment and storage medium |
| CN111405539A (en) * | 2020-05-20 | 2020-07-10 | 孙瑛楠 | Method, device, equipment and storage medium for establishing wireless connection between equipment |
| CN111405539B (en) * | 2020-05-20 | 2023-08-01 | 孙瑛楠 | Method, device, equipment and storage medium for establishing wireless connection between equipment |
| CN112468470A (en) * | 2020-11-16 | 2021-03-09 | 北京字节跳动网络技术有限公司 | Data transmission method and device and electronic equipment |
| CN112468470B (en) * | 2020-11-16 | 2022-10-11 | 北京字节跳动网络技术有限公司 | Data transmission method and device and electronic equipment |
| CN113014580A (en) * | 2021-02-24 | 2021-06-22 | 天津中新智冠信息技术有限公司 | File transmission method and device, electronic equipment and storage medium |
| CN116028979A (en) * | 2023-03-22 | 2023-04-28 | 新兴际华集团财务有限公司 | Key security management method, device, electronic equipment and computer readable medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN108964893B (en) | 2021-11-23 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108964893A (en) | A kind of cipher key processing method, device, equipment and medium | |
| CN109150499B (en) | Method and device for dynamically encrypting data, computer equipment and storage medium | |
| RU2437229C2 (en) | Method and device for joint use of secret information by devices in home network | |
| US7073066B1 (en) | Offloading cryptographic processing from an access point to an access point server using Otway-Rees key distribution | |
| US8527762B2 (en) | Method for realizing an authentication center and an authentication system thereof | |
| JP6145806B2 (en) | Immediate communication method and system | |
| JP2005509938A (en) | Method, apparatus and computer program for implementing mutual challenge response authentication protocol using operating system functions | |
| CN111756529B (en) | Quantum session key distribution method and system | |
| CN109800588B (en) | Dynamic bar code encryption method and device and dynamic bar code decryption method and device | |
| JPH118620A (en) | System and method for efficiently executing authentication of communication channel and facilitating detection of illegal forgery | |
| CN113302871A (en) | Secure communication with trusted execution environment | |
| CN110430051A (en) | A kind of method for storing cipher key, device and server | |
| WO2023174038A9 (en) | Data transmission method and related device | |
| CN109345242A (en) | Key storage, update method, device, equipment and medium based on block chain | |
| US10419212B2 (en) | Methods, systems, apparatuses, and devices for securing network communications using multiple security protocols | |
| JP2022500920A (en) | Systems and methods for sharing common secrets implemented by computers | |
| CN112689014A (en) | Double-full-duplex communication method and device, computer equipment and storage medium | |
| TW202118271A (en) | Computer-implemented system and method for facilitating transactions associated with a blockchain using a network identifier for participating entities | |
| JP2019102970A (en) | Data sharing server device, key generation server device, communication terminal, and program | |
| CN109711178A (en) | A kind of storage method of key-value pair, device, equipment and storage medium | |
| CN102739660B (en) | Key exchange method for single sign on system | |
| CN116633582A (en) | Secure communication method, apparatus, electronic device and storage medium | |
| US20140185808A1 (en) | Apparatus, systems, and methods for encryption key distribution | |
| CN114050897B (en) | SM 9-based asynchronous key negotiation method and device | |
| CN113422832B (en) | File transmission method, device, equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |