CN108964912B - PSK generation method, PSK generation device, user equipment, server and storage medium - Google Patents
PSK generation method, PSK generation device, user equipment, server and storage medium Download PDFInfo
- Publication number
- CN108964912B CN108964912B CN201811218693.6A CN201811218693A CN108964912B CN 108964912 B CN108964912 B CN 108964912B CN 201811218693 A CN201811218693 A CN 201811218693A CN 108964912 B CN108964912 B CN 108964912B
- Authority
- CN
- China
- Prior art keywords
- key
- quantum
- psk
- plaintext
- random
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0852—Quantum cryptography
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/085—Secret sharing or secret splitting, e.g. threshold schemes
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Physics & Mathematics (AREA)
- Electromagnetism (AREA)
- Theoretical Computer Science (AREA)
- Storage Device Security (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention provides a PSK generation method, a device, user equipment, a server and a storage medium, wherein the method comprises the steps of acquiring a random key string through a quantum key distribution network; generating a first random number locally, and acquiring a second random number generated by a server; generating an initial plaintext by using the first random number and the second random number; symmetric encryption is performed based on the random key string and the initial plaintext to generate the PSK. According to the method, the random key string is obtained by using the high-safety quantum key distribution network, and only symmetric encryption is used in the PSK generation process, so that the calculation amount of key generation can be reduced on the premise of ensuring the network safety.
Description
Technical Field
The present invention relates to the field of encryption technologies, and in particular, to a PSK generation method, apparatus, user equipment, server, and storage medium.
Background
To ensure the Security of network communication, before the user equipment and the server start encrypted communication, the user equipment and the server generally need to perform key agreement on the network communication based on network Security protocols such as Secure Sockets Layer (SSL), Transport Layer Security (TLS), and the like.
The prior art encrypted communication usually requires a cost in terms of the computational load of the user equipment and the server. In order to increase the difficulty of cracking the key, the user equipment and the server usually obtain the key based on an asymmetric encryption algorithm such as an RSA algorithm. The asymmetric encryption algorithm has a large calculation amount, increases the calculation load of the user equipment and the server, and easily influences the communication efficiency between the user equipment and the server. Moreover, with the improvement of computer cracking force, even if the key length of the RSA algorithm is doubled from 1024 bits to 2048 bits, the security of the key can not be guaranteed any more. If the key length is further increased to ensure the security of the key, the calculation amount of the user equipment and the server is further increased in the key agreement process.
Disclosure of Invention
The invention mainly aims to provide a PSK generation method, a PSK generation device, user equipment, a server and a storage medium, aiming at reducing the calculation amount of key generation on the premise of ensuring the network communication safety.
In order to achieve the above object, the present invention provides a PSK generating method based on quantum key, including the following steps:
the user equipment acquires a random key string through a quantum key distribution network;
generating a first random number locally, and acquiring a second random number generated by a server;
generating an initial plaintext by using the first random number and the second random number;
and symmetrically encrypting based on the random key string and the initial plaintext to generate the PSK.
Preferably, before the step of performing symmetric encryption based on the random key string and the initial plaintext to generate PSK, the method further includes:
locally generating a key generation parameter;
the step of performing symmetric encryption based on the random key string and the initial plaintext to generate the PSK specifically includes:
generating a first quantum key using the key generation parameter and the random key string;
and performing symmetric encryption based on the first quantum key and the initial plaintext to generate the PSK.
Preferably, the key generation parameter includes index information and a first length value;
the step of generating a first quantum key by using the key generation parameter and the random key string specifically includes:
searching a start bit in the random key string according to the index information;
searching a termination bit in the random key string according to the start bit and the first length value;
and taking data corresponding to a preset range in the random key string as the first quantum key, wherein the preset range is a range from the start bit to the end bit.
Preferably, before the step of performing symmetric encryption based on the first quantum key and the initial plaintext to generate PSK, the method further includes:
selecting a plurality of bits from the remaining range outside the preset range in the random key string to be used for generating a supplementary plaintext;
the symmetrically encrypting based on the first quantum key and the initial plaintext to generate the PSK specifically includes:
generating a plaintext to be encrypted by using the supplementary plaintext and the initial plaintext, wherein the supplementary plaintext is used as a complementary bit or an IV value for generating the plaintext to be encrypted;
and symmetrically encrypting the plaintext to be encrypted by using the first quantum key through the complementary bit or the IV value of the plaintext to be encrypted to obtain the PSK.
In addition, to achieve the above object, the present invention further provides a PSK generating apparatus based on a quantum key, including:
the first key string acquisition module is used for acquiring a random key string through a quantum key distribution network;
the first random number acquisition module is used for locally generating a first random number and acquiring a second random number generated by the server;
a first generating module, configured to generate an initial plaintext by using the first random number and the second random number;
and the first encryption module is used for carrying out symmetric encryption on the basis of the random key string and the initial plaintext so as to generate the PSK.
Furthermore, to achieve the above object, the present invention also provides a user equipment including a first memory, a first processor, and a quantum-key-based PSK generation program stored on the first memory and executable on the first processor, wherein the quantum-key-based PSK generation program implements the steps of the method described above when executed by the first processor.
Further, to achieve the above object, the present invention also proposes a computer-readable storage medium having stored thereon a quantum-key-based PSK generation program that, when executed by a processor, implements the steps of the quantum-key-based PSK generation method as described above.
In addition, in order to achieve the above object, the present invention further provides a PSK generating method based on quantum key, which is characterized by comprising the following steps:
the server acquires a random key string through a quantum key distribution network;
acquiring a first random number generated by user equipment, and locally generating a second random number;
generating an initial plaintext by using the first random number and the second random number;
and symmetrically encrypting based on the random key string and the initial plaintext to generate the PSK.
Preferably, before the step of performing symmetric encryption based on the random key string and the initial plaintext to generate PSK, the method further includes:
acquiring a key generation parameter generated by the user equipment;
the step of performing symmetric encryption based on the random key string and the initial plaintext to generate the PSK specifically includes:
generating a first quantum key using the key generation parameter and the random key string;
and performing symmetric encryption based on the first quantum key and the initial plaintext to generate the PSK.
Preferably, the key generation parameter includes index information and a first length value;
the step of generating a first quantum key by using the key generation parameter and the random key string specifically includes:
acquiring the index information and the first length value according to the key generation parameter;
searching a start bit in the random key string according to the index information;
searching a termination bit in the random key string according to the start bit and the first length value;
and taking data corresponding to a preset range in the random key string as the first quantum key, wherein the preset range is a range from the start bit to the end bit.
Preferably, before the symmetric encryption is performed based on the first quantum key and the initial plaintext to generate the PSK, the method further includes:
selecting a plurality of bits from the remaining range outside the preset range in the random key string to be used for generating a supplementary plaintext;
the symmetrically encrypting based on the first quantum key and the initial plaintext to generate the PSK specifically includes:
generating a plaintext to be encrypted by using the supplementary plaintext and the initial plaintext, wherein the supplementary plaintext is used as a complementary bit or an IV value for generating the plaintext to be encrypted;
and symmetrically encrypting the plaintext to be encrypted by using the first quantum key through the complementary bit or the IV value of the plaintext to be encrypted to obtain the PSK.
Preferably, before the obtaining of the key generation parameter generated by the user equipment, the method specifically includes:
receiving a key bill sent by user equipment, wherein the key bill is generated by the user equipment according to user equipment information and the key generation parameter;
the obtaining of the key generation parameter generated by the user equipment specifically includes:
extracting user equipment information from the key bill and performing identity verification on the user equipment information;
and when the identity authentication is passed, extracting key generation parameters from the key ticket.
In addition, to achieve the above object, the present invention further provides a PSK generating apparatus based on a quantum key, including:
the second key string acquisition module is used for acquiring a random key string through a quantum key distribution network;
the second random number acquisition module is used for acquiring the first random number generated by the user equipment and locally generating a second random number;
a second generating module, configured to generate an initial plaintext using the first random number and the second random number;
and the second encryption module is used for carrying out symmetric encryption on the basis of the random key string and the initial plaintext so as to generate the PSK.
In addition, to achieve the above object, the present invention further provides a server, which includes a second memory, a second processor, and a quantum-key-based PSK generation program stored in the second memory and executable on the second processor, wherein the quantum-key-based PSK generation program implements the steps of the method described above when executed by the second processor.
Furthermore, to achieve the above object, the present invention also proposes a computer-readable storage medium having stored thereon a quantum-key-based PSK generation program that, when executed by a processor, implements the steps of the method as described above.
According to the technical scheme provided by the invention, the random key string is obtained by utilizing the high-safety quantum key distribution network, and only symmetric encryption is used in the PSK generation process, so that the calculation amount of key generation can be reduced on the premise of ensuring the network safety.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the structures shown in the drawings without creative efforts.
Fig. 1 is a schematic structural diagram of a user equipment in a hardware operating environment according to an embodiment of the present invention;
fig. 2 is a schematic flowchart of a PSK generation method based on quantum key according to a first embodiment of the present invention;
fig. 3 is a schematic flowchart of a PSK generation method based on quantum key according to a second embodiment of the present invention;
fig. 4 is a schematic flowchart of a PSK generation method based on quantum key according to a third embodiment of the present invention;
fig. 5 is a schematic flowchart of a PSK generation method based on quantum key according to a fourth embodiment of the present invention;
FIG. 6 is a schematic diagram of a server architecture of a hardware operating environment according to an embodiment of the present invention;
fig. 7 is a schematic flowchart of a fifth embodiment of a PSK generation method based on quantum key according to the present invention;
fig. 8 is a schematic flowchart of a sixth embodiment of a PSK generation method based on quantum keys according to the present invention;
fig. 9 is a schematic flowchart of a seventh embodiment of a PSK generation method based on quantum key according to the present invention;
fig. 10 is a schematic flowchart of an eighth embodiment of a PSK generation method based on quantum keys according to the present invention;
fig. 11 is a flowchart illustrating a ninth embodiment of a PSK generation method based on quantum key according to the present invention.
The implementation, functional features and advantages of the objects of the present invention will be further explained with reference to the accompanying drawings.
Detailed Description
It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
Referring to fig. 1, fig. 1 is a schematic structural diagram of a user equipment in a hardware operating environment according to an embodiment of the present invention.
As shown in fig. 1, the user equipment may include: a first processor 1001, for example a CPU, a first communication bus 1002, a first user interface 1003, a first network interface 1004, a first memory 1005. Wherein a first communication bus 1002 is used to enable connectivity communication between these components. The first user interface 1003 may include a Display (Display), an input unit such as a key, a remote controller, and the like, and the optional first user interface 1003 may also include a standard wired interface and a wireless interface. The first network interface 1004 may optionally include a standard wired interface, a wireless interface (e.g., WI-FI interface). The first memory 1005 may be a high-speed RAM memory or a non-volatile memory (e.g., a magnetic disk memory). The first memory 1005 may alternatively be a storage device separate from the processor 1001.
Those skilled in the art will appreciate that the architecture shown in fig. 1 does not constitute a limitation of the user equipment and may include more or fewer components than those shown, or some components may be combined, or a different arrangement of components.
As shown in fig. 1, a first memory 1005, which is a kind of computer storage medium, may include therein an operating system, a network communication module, a user interface module, and a quantum-key-based PSK generation program.
In the smart television shown in fig. 1, the first network interface 1004 is mainly used for data interaction with an external network; the first user interface 1003 is mainly used for receiving an input instruction of a user; the user equipment calls a quantum key-based PSK generation program stored in the first memory 1005 through the first processor 1001, and performs the following operations:
generating a first random number locally, and acquiring a second random number generated by a server;
generating an initial plaintext by using the first random number and the second random number;
based on the random Key string and the initial plaintext, symmetric encryption is performed to generate a Pre-Shared Key (Pre-Shared Key, PSK).
Further, before the step of performing symmetric encryption based on the random key string and the initial plaintext to generate the PSK, the method includes:
locally generating a key generation parameter;
the step of performing symmetric encryption based on the random key string and the initial plaintext to generate the PSK specifically includes:
generating a first quantum key using the key generation parameter and the random key string;
and performing symmetric encryption based on the first quantum key and the initial plaintext to generate the PSK.
Further, the key generation parameter includes index information and a first length value;
the step of generating a first quantum key by using the key generation parameter and the random key string specifically includes:
searching a start bit in the random key string according to the index information;
searching a termination bit in the random key string according to the start bit and the first length value;
and taking data corresponding to a preset range in the random key string as the first quantum key, wherein the preset range is a range from the start bit to the end bit.
Further, before the step of performing symmetric encryption based on the first quantum key and the initial plaintext to generate PSK, the method further includes:
selecting a plurality of bits from the remaining range outside the preset range in the random key string to be used for generating a supplementary plaintext;
the symmetrically encrypting based on the first quantum key and the initial plaintext to generate the PSK specifically includes:
generating a plaintext to be encrypted by using the supplementary plaintext and the initial plaintext, wherein the supplementary plaintext is used as a complementary bit or an IV value for generating the plaintext to be encrypted;
and symmetrically encrypting the plaintext to be encrypted by using the first quantum key through the complementary bit or the IV value of the plaintext to be encrypted to obtain the PSK.
In this embodiment, the random key string is obtained by using the high-security quantum key distribution network, and only symmetric encryption is used in the process of generating the PSK, so that the calculation amount of key generation can be reduced on the premise of ensuring network security.
Based on the hardware structure, the embodiment of the PSK generation method based on the quantum key is provided.
Referring to fig. 2, fig. 2 is a schematic flowchart of a PSK generation method based on quantum key according to a first embodiment of the present invention.
In a first embodiment, the method for generating a quantum key-based PSK includes the steps of:
s1100: and the user equipment acquires the random key string through the quantum key distribution network.
It should be noted that the quantum key distribution network is a communication network implemented based on a quantum key distribution technology, and enables two communication parties to generate and share a random key string. The random key string is a key string that is randomly generated and is used to function as an encryption key, and the random key string may specifically be a numeric string, such as 0100001010101000, or may also be a character string, such as: the A0C2FD1, specifically, the A0C2FD1 can be directly interpreted as a 16-ary numerical value or interpreted as ASCII code, and converted into a number according to an ASCII code lookup table for use. The quantum key distribution network ensures the safety of communication by using quantum mechanical characteristics, so the quantum key distribution network has good anti-eavesdropping performance. In a particular implementation, the user device and the server may obtain the random key string based on the BB84 protocol, the B92 protocol, and the like. The random key string may be specifically generated by a user device or a server, or may be generated by a third-party entity other than the user device and the server, and the third-party entity sends the random key string to the user device and the server through the quantum key distribution network, so that the user device and the server obtain the same random key string.
Understandably, the difficulty of eavesdropping of the quantum key distribution network is high, so that the random key string is difficult to intercept, and the security of the key negotiation process is ensured.
S1200: and locally generating a first random number, and acquiring a second random number generated by the server.
It should be noted that, since the execution subject of this embodiment is the user equipment, locally generating the first random number refers to locally generating the first random number by the user equipment in the user equipment. The user equipment and the server should have the same first random number and the same second random number by acquiring the random numbers from each other. In a specific implementation, a ClientHello message may be generated by a user equipment and sent to a server, where the ClientHello message includes a first random number, and after receiving the ClientHello message, the server generates and sends a ServerHello message to the user equipment, where the ServerHello message includes a second random number. It is honest and clean, also can be produced and sent the second random number to the said customer equipment by the server first, after the customer equipment receives the second random number, produce and send the first random number to the said server again.
It should be noted that, in this embodiment, the process of generating and exchanging the random number by the user equipment and the server is similar to the process of generating and exchanging the random number in the process of performing key agreement based on the SSL/TLS protocol in the prior art, and as can be understood by those skilled in the art, this enables the technical solution of this embodiment to be implemented based on the SSL/TLS protocol with good compatibility.
S1300: and generating an initial plaintext by using the first random number and the second random number.
It should be noted that the initial plaintext is generated according to an algorithm agreed by the user equipment and the server. In a specific implementation, the initial plaintext may be generated by a concatenation combination algorithm, a digest algorithm, an addition and subtraction method, and the like, for example, the first random number is ABC (the first random number is understood to be a 16-ary value), the second random number is DEF (the second random number is understood to be a 16-ary value), the initial plaintext generated by the concatenation combination algorithm may be ABCDEF, DEFABC, abcdefabcefabc, and the like, and the initial plaintext generated by the digest algorithm may be ABDE, BEF, and the like (the initial plaintext is understood to be a 16-ary value).
As known to those skilled in the art, in the key agreement process based on the SSL/TLS protocol in the prior art, the server and the user equipment generally need to generate three random numbers and complete the exchange of the three random numbers. In the technical scheme of the embodiment, only two random numbers need to be generated in sequence, so that the interaction times between the user equipment and the server can be reduced, and the calculation amount of the user equipment and the server is reduced. In addition, in the embodiment, the initial plaintext is generated by the user equipment and the server respectively, so that the initial plaintext can be prevented from being intercepted in the transmission process, and the safety of the network is improved.
S1400: based on the random Key string and the initial plaintext, symmetric encryption is performed to generate a Pre-Shared Key (Pre-Shared Key, PSK).
It should be noted that, in this step, the random key string may be directly used to symmetrically encrypt the initial plaintext, or the random key string and/or the initial plaintext may be processed and then symmetrically encrypted. The symmetric encryption algorithm may be DES algorithm, 3DES algorithm, IDEA algorithm, etc.
It is worth noting that symmetric encryption algorithms are typically less computationally intensive than asymmetric encryption algorithms. Because only symmetric encryption is used in the encryption process, the calculation amount of the key generation of the user equipment and the server can be reduced. In addition, because the symmetric encryption is adopted, the server and the user equipment do not need to store the private key for a long time, the risk of secret leakage of the private key does not exist, and the random key string can be invalidated at any time after being used, so that the security is improved.
In this embodiment, the random key string is obtained by using the high-security quantum key distribution network, and only symmetric encryption is used in the process of generating the PSK, so that the calculation amount of key generation can be reduced on the premise of ensuring network security.
Further, as shown in fig. 3, a second embodiment of the PSK generation method based on quantum key according to the present invention is proposed based on the first embodiment, and in this embodiment, before step S1400, the method includes:
s1350: locally generating a key generation parameter;
it should be noted that, since the execution subject of the present embodiment is the user equipment, the generation of the key generation parameter locally refers to the generation of the key generation parameter locally by the user equipment in the user equipment. The key generation parameter may specifically be a string of numbers, such as: 010100. in this embodiment, the server should obtain the key generation parameter, so that the server and the user equipment have the same key generation parameter.
It is understood that the key generation parameters of the present invention may also be generated by a server, and the user equipment acquires the key generation parameters generated by the server again, so that the server and the user equipment have the same key generation parameters.
Step S1400 specifically includes:
s1410: generating a first quantum key using the key generation parameter and the random key string;
it should be noted that the first quantum key is generated according to an algorithm agreed by the user equipment and the server. In a specific implementation, the first quantum key may be generated by a concatenation combination algorithm, a digest algorithm, an addition and subtraction method, and the like, which is not described herein again.
It can be understood that, in this embodiment, the first quantum key is generated by the user equipment and the server, respectively, and thus the first quantum key can be prevented from being intercepted in the transmission process, thereby improving the security of the network.
S1420: and performing symmetric encryption based on the first quantum key and the initial plaintext to generate the PSK.
In specific implementation, the symmetric encryption algorithm used in this step may specifically be a DES algorithm, a 3DES algorithm, an IDEA algorithm, or the like.
It can be understood that, in this embodiment, in the case that the first quantum key is not intercepted, even if the random key string can be intercepted, the first quantum key cannot be generated, and thus the PSK is generated. According to the invention, the first quantum key is generated through the key generation parameters, and symmetric encryption is carried out based on the first quantum key and the initial plaintext, so that the security of the key negotiation process can be further improved.
Further, as shown in fig. 4, a third embodiment of the PSK generation method based on quantum key of the present invention is proposed based on the second embodiment, in this embodiment, the key generation parameter includes index information and a first length value, in a specific implementation, the user equipment and the server may agree that a specific bit of the key generation parameter represents the index information, and another specific bit represents the first length value, for example: the key generation parameter may be 010100, the user equipment and the server agree that the first three bits represent the index information, that is, through binary conversion, the index information is 4, and the last three bits represent the first length value, that is, through binary conversion, the first length value is 8.
Step S1410 specifically includes:
s1411: searching a start bit in the random key string according to the index information;
it should be noted that a bit is the minimum unit of data storage. The random key string in this embodiment includes a plurality of bits, and the start bit and the end bit in this embodiment are both bits in the random key string.
In a specific implementation, if the key generation parameter is 010100 and the index information is 4, the user equipment and the server may determine, according to an agreement, that the 4 th bit of the random key string is the start bit, or that the 4 th bit or the 5 th bit from the last is the start bit, which is not described herein again.
S1412: searching a termination bit in the random key string according to the start bit and the first length value;
in a specific implementation, if the first length value is 8 and the start bit is the 4 th bit, it may be determined that the stop bit is the 11 th bit of the random key string.
S1413: and taking data corresponding to a preset range in the random key string as the first quantum key, wherein the preset range is a range from the start bit to the end bit.
In a specific implementation, if the start bit is determined to be the 4 th bit of the random key string, the stop bit is determined to be the 11 th bit of the random key string, and the random key string is 0100001010101000, the first quantum key may be determined to be 00010101.
It should be noted that, in this embodiment, the length that the first quantum key should have depends on the actually used symmetric encryption algorithm, different symmetric encryption algorithms have respective requirements on the length of the key, and the larger the length of the first quantum key is, the larger the computation amount of the symmetric encryption is. It can be understood that, because the first quantum key is data corresponding to the preset range in the random key string, the difficulty of intercepting the random key string can be improved by increasing the length of the random key string on the premise of not increasing the calculation amount of symmetric encryption, so that the difficulty of obtaining the first quantum key is improved, and the security of the key agreement process is further improved.
Further, as shown in fig. 5, a fourth embodiment of the PSK generation method based on quantum key according to the present invention is proposed based on the third embodiment, in this embodiment, before step S1420, the method further includes:
s1414: selecting a plurality of bits from the remaining range outside the preset range in the random key string to be used for generating a supplementary plaintext;
it should be noted that a bit is the minimum unit of data storage. If the random key string is 0100001010101000 and the predetermined range is between 4 th and 11 th bits of the random key string, then the remaining range outside the predetermined range includes the range between 1 st and 3 rd bits of the random key string and the range between 12 th and 16 th bits of the random key string. The supplementary plaintext may be specifically the 1 st bit to the 3 rd bit of the random key string, that is, 010, the 12 th bit to the 16 th bit of the random key string, that is, 01000, or a part of 01001000 obtained by splicing the 1 st bit to the 3 rd bit and the 12 th bit to the 16 th bit of the random key string, that is, 01001000, or the first 4 bits of 01001000 obtained by splicing, that is, 0100.
Step S1420 specifically includes:
s1421: generating a plaintext to be encrypted by using the supplementary plaintext and the initial plaintext, wherein the supplementary plaintext is used as a supplementary bit or an Initialization Vector (IV) value for generating the plaintext to be encrypted;
it should be noted that different symmetric encryption algorithms have respective requirements on the length of the plaintext, and in the case of insufficient length of the plaintext, complementary bits need to be generated to perform symmetric encryption. Some encryption algorithms also require plaintext to have an IV value. The complementary bit or the initialization vector of the plaintext to be encrypted is generated in the step, and the special requirements of a partial symmetric encryption algorithm can be met.
S1422: and symmetrically encrypting the plaintext to be encrypted by using the first quantum key through the complementary bit or the IV value of the plaintext to be encrypted to obtain the PSK.
It should be noted that, in this embodiment, since the plurality of bits used for generating the supplementary plaintext are selected from the remaining range outside the preset range, the plaintext to be encrypted cannot be generated under the condition that the random key string is not completely intercepted, so that the difficulty of obtaining the plaintext to be encrypted is increased, and the security of the key agreement process is further improved.
In addition, the present invention also provides a PSK generating apparatus based on quantum key, including:
the first key string acquisition module is used for acquiring a random key string through a quantum key distribution network;
the first random number acquisition module is used for locally generating a first random number and acquiring a second random number generated by the server;
a first generating module, configured to generate an initial plaintext by using the first random number and the second random number;
and the first encryption module is used for carrying out symmetric encryption on the basis of the random key string and the initial plaintext so as to generate the PSK.
Furthermore, the present invention also provides a user equipment including a first memory, a first processor, and a quantum-key-based PSK generation program stored on the first memory and executable on the first processor, where the quantum-key-based PSK generation program implements the steps of the method described above when executed by the first processor.
Furthermore, the present invention also provides a computer-readable storage medium having stored thereon a quantum-key-based PSK generation program, which when executed by a processor implements the steps of the quantum-key-based PSK generation method as described above.
Referring to fig. 6, fig. 6 is a schematic diagram of a server structure of a hardware operating environment according to an embodiment of the present invention.
As shown in fig. 6, the server may include: a second processor 2001, e.g., a CPU, a second communication bus 2002, a second user interface 2003, a second network interface 2004, a second memory 2005. Wherein a second communication bus 2002 is used to enable connectivity communication between these components. The second user interface 2003 may include a Display (Display), an input unit such as a key, a remote controller, and the like, and the optional second user interface 2003 may also include a standard wired interface, a wireless interface. The second network interface 2004 may optionally include a standard wired interface, a wireless interface (e.g., WI-FI interface). The second memory 2005 may be a high-speed RAM memory or a non-volatile memory (e.g., a disk memory). The second memory 2005 may alternatively be a storage device separate from the aforementioned processor 2001.
Those skilled in the art will appreciate that the architecture shown in FIG. 6 does not constitute a limitation on servers, and may include more or fewer components than those shown, or some components in combination, or a different arrangement of components.
As shown in fig. 6, the second memory 2005, which is a kind of computer storage medium, may include therein an operating system, a network communication module, a user interface module, and a quantum-key-based PSK generation program.
In the server shown in fig. 6, the second network interface 2004 is mainly used for data interaction with an external network; the second user interface 2003 is mainly used for receiving input instructions of a user; the server calls, through the second processor 2001, a quantum-key-based PSK generation program stored in the second memory 2005, and performs the following operations:
acquiring a random key string through a quantum key distribution network;
acquiring a first random number generated by user equipment, and locally generating a second random number;
generating an initial plaintext by using the first random number and the second random number;
and symmetrically encrypting based on the random key string and the initial plaintext to generate the PSK.
Further, before the step of performing symmetric encryption based on the random key string and the initial plaintext to generate the PSK, the method includes the steps of:
acquiring a key generation parameter generated by the user equipment;
the step of performing symmetric encryption based on the random key string and the initial plaintext to generate the PSK specifically includes:
generating a first quantum key using the key generation parameter and the random key string;
and performing symmetric encryption based on the first quantum key and the initial plaintext to generate the PSK.
Further, the key generation parameter includes index information and a first length value;
the step of generating a first quantum key by using the key generation parameter and the random key string specifically includes:
acquiring the index information and the first length value according to the key generation parameter;
searching a start bit in the random key string according to the index information;
searching a termination bit in the random key string according to the start bit and the first length value;
and taking data corresponding to a preset range in the random key string as the first quantum key, wherein the preset range is a range from the start bit to the end bit.
Further, before the symmetric encryption based on the first quantum key and the initial plaintext to generate the PSK, the method further includes:
selecting a plurality of bits from the remaining range outside the preset range in the random key string to be used for generating a supplementary plaintext;
the symmetrically encrypting based on the first quantum key and the initial plaintext to generate the PSK specifically includes:
generating a plaintext to be encrypted by using the supplementary plaintext and the initial plaintext, wherein the supplementary plaintext is used as a complementary bit or an IV value for generating the plaintext to be encrypted;
and symmetrically encrypting the plaintext to be encrypted by using the first quantum key through the complementary bit or the IV value of the plaintext to be encrypted to obtain the PSK.
Further, before the obtaining of the key generation parameter generated by the user equipment, the method specifically includes:
receiving a key bill sent by user equipment, wherein the key bill is generated by the user equipment according to user equipment information and the key generation parameter;
the obtaining of the key generation parameter generated by the user equipment specifically includes:
extracting user equipment information from the key bill and performing identity verification on the user equipment information;
and when the identity authentication is passed, extracting key generation parameters from the key ticket.
In this embodiment, the random key string is obtained by using the high-security quantum key distribution network, and only symmetric encryption is used in the process of generating the PSK, so that the calculation amount of key generation can be reduced on the premise of ensuring network security.
Based on the hardware structure, the embodiment of the PSK generation method based on the quantum key is provided.
Referring to fig. 7, fig. 7 is a flowchart illustrating a PSK generation method based on quantum key according to a fifth embodiment of the present invention.
In a fifth embodiment, the method for generating a quantum key-based PSK includes the steps of:
s2100: the server acquires a random key string through a quantum key distribution network;
it should be noted that the quantum key distribution network is a communication network implemented based on a quantum key distribution technology, and enables two communication parties to generate and share a random key string. The random key string is a key string that is randomly generated and is used to function as an encryption key, and the random key string may specifically be a numeric string, such as 0100001010101000, or may also be a character string, such as: the A0C2FD1, specifically, the A0C2FD1 can be directly interpreted as a 16-ary numerical value or interpreted as ASCII code, and converted into a number according to an ASCII code lookup table for use. The quantum key distribution network ensures the safety of communication by using quantum mechanical characteristics, so the quantum key distribution network has good anti-eavesdropping performance. In a particular implementation, the user device and the server may obtain the random key string based on the BB84 protocol, the B92 protocol, and the like. The random key string may be specifically generated by a user device or a server, or may be generated by a third-party entity other than the user device and the server, and the third-party entity sends the random key string to the user device and the server through the quantum key distribution network, so that the user device and the server obtain the same random key string.
Understandably, the difficulty of eavesdropping of the quantum key distribution network is high, so that the random key string is difficult to intercept, and the security of the key negotiation process is ensured.
S2200: acquiring a first random number generated by user equipment, and locally generating a second random number;
note that, since the execution subject of this embodiment is the server, locally generating the second random number means that the server locally generates the second random number in the server. The user equipment and the server should have the same first random number and the same second random number by acquiring the random numbers from each other. In a specific implementation, a ClientHello message may be generated by a user equipment and sent to a server, where the ClientHello message includes a first random number, and after receiving the ClientHello message, the server generates and sends a ServerHello message to the user equipment, where the ServerHello message includes a second random number. It is honest and clean, also can be produced and sent the second random number to the said customer equipment by the server first, after the customer equipment receives the second random number, produce and send the first random number to the said server again.
It should be noted that, in this embodiment, the process of generating and exchanging the random number by the user equipment and the server is similar to the process of generating and exchanging the random number in the process of performing key agreement based on the SSL/TLS protocol in the prior art, and as can be understood by those skilled in the art, this enables the technical solution of this embodiment to be implemented based on the SSL/TLS protocol with good compatibility.
S2300: generating an initial plaintext by using the first random number and the second random number;
it should be noted that the initial plaintext is generated according to an algorithm agreed by the user equipment and the server. In a specific implementation, the initial plaintext may be generated by a concatenation combination algorithm, a digest algorithm, an addition and subtraction method, and the like, for example, the first random number is ABC (the first random number is understood to be a 16-ary value), the second random number is DEF (the second random number is understood to be a 16-ary value), the initial plaintext generated by the concatenation combination algorithm may be ABCDEF, DEFABC, abcdefabcefabc, and the like, and the initial plaintext generated by the digest algorithm may be ABDE, BEF, and the like (the initial plaintext is understood to be a 16-ary value).
As known to those skilled in the art, in the key agreement process based on the SSL/TLS protocol in the prior art, the server and the user equipment generally need to generate three random numbers and complete the exchange of the three random numbers. In the technical scheme of the embodiment, only two random numbers need to be generated in sequence, so that the interaction times between the user equipment and the server can be reduced, and the calculation amount of the user equipment and the server is reduced. In addition, in the embodiment, the initial plaintext is generated by the user equipment and the server respectively, so that the initial plaintext can be prevented from being intercepted in the transmission process, and the safety of the network is improved.
S2400: based on the random Key string and the initial plaintext, symmetric encryption is performed to generate a Pre-Shared Key (Pre-Shared Key, PSK).
It should be noted that, in this step, the random key string may be directly used to symmetrically encrypt the initial plaintext, or the random key string and/or the initial plaintext may be processed and then symmetrically encrypted. The symmetric encryption algorithm may be DES algorithm, 3DES algorithm, IDEA algorithm, etc.
It is worth noting that symmetric encryption algorithms are typically less computationally intensive than asymmetric encryption algorithms. Because only symmetric encryption is used in the encryption process, the calculation amount of the key generation of the user equipment and the server can be reduced. In addition, because the symmetric encryption is adopted, the server and the user equipment do not need to store the private key for a long time, the risk of secret leakage of the private key does not exist, and the random key string can be invalidated at any time after being used, so that the security is improved.
In this embodiment, the random key string is obtained by using the high-security quantum key distribution network, and only symmetric encryption is used in the process of generating the PSK, so that the calculation amount of key generation can be reduced on the premise of ensuring network security.
Further, as shown in fig. 8, a sixth embodiment of the PSK generation method based on quantum key according to the present invention is proposed based on the fifth embodiment, and in this embodiment, before step S2400, the method further includes:
s2350: acquiring a key generation parameter generated by the user equipment;
it should be noted that the key generation parameter may specifically be a string of numbers, such as: 010010. in this embodiment, the server should obtain the key generation parameter, so that the server and the user equipment have the same key generation parameter.
It is understood that the key generation parameters of the present invention may also be generated by a server, and the user equipment acquires the key generation parameters generated by the server again, so that the server and the user equipment have the same key generation parameters.
Step S2400 specifically includes:
s2410: generating a first quantum key using the key generation parameter and the random key string;
it should be noted that the first quantum key is generated according to an algorithm agreed by the user equipment and the server. In a specific implementation, the first quantum key may be generated by a concatenation combination algorithm, a digest algorithm, an addition and subtraction method, and the like, which is not described herein again.
It can be understood that, in this embodiment, the first quantum key is generated by the user equipment and the server, respectively, and thus the first quantum key can be prevented from being intercepted in the transmission process, thereby improving the security of the network.
S2420: and performing symmetric encryption based on the first quantum key and the initial plaintext to generate the PSK.
In specific implementation, the symmetric encryption algorithm used in this step may specifically be a DES algorithm, a 3DES algorithm, an IDEA algorithm, or the like.
It can be understood that, in this embodiment, in the case that the first quantum key is not intercepted, even if the random key string can be intercepted, the first quantum key cannot be generated, and thus the PSK is generated. According to the invention, the first quantum key is generated through the key generation parameters, and symmetric encryption is carried out based on the first quantum key and the initial plaintext, so that the security of the key negotiation process can be further improved.
Further, as shown in fig. 9, a seventh embodiment of the PSK generation method based on quantum key according to the present invention is proposed based on the sixth embodiment, in this embodiment, the key generation parameter includes index information and a first length value, and step S2410 specifically includes:
s2411: acquiring the index information and the first length value according to the key generation parameter;
it should be noted that a bit is the minimum unit of data storage. The random key string in this embodiment includes a plurality of bits, and the start bit and the end bit in this embodiment are both bits in the random key string. In a specific implementation, the user equipment and the server may agree that a specific bit of the key generation parameter represents the index information, and another specific bit represents a first length value, for example: the key generation parameter may be 010100, the user equipment and the server agree that the first three bits represent the index information, that is, through binary conversion, the index information is 4, and the last three bits represent the first length value, that is, through binary conversion, the first length value is 8.
S2412: searching a start bit in the random key string according to the index information;
in a specific implementation, if the key generation parameter is 010100 and the index information is 4, the user equipment and the server may determine, according to an agreement, that the 4 th bit of the random key string is the start bit, or that the 4 th bit or the 5 th bit from the last is the start bit, which is not described herein again.
S2413: searching a termination bit in the random key string according to the start bit and the first length value;
in a specific implementation, if the first length value is 8 and the start bit is the 4 th bit, it may be determined that the stop bit is the 11 th bit of the random key string.
S2414: and taking data corresponding to a preset range in the random key string as the first quantum key, wherein the preset range is a range from the start bit to the end bit.
In a specific implementation, if the start bit is determined to be the 4 th bit of the random key string, the stop bit is determined to be the 11 th bit of the random key string, and the random key string is 0100001010101000, the first quantum key may be determined to be 00010101.
It should be noted that, in this embodiment, the length that the first quantum key should have depends on the actually used symmetric encryption algorithm, different symmetric encryption algorithms have respective requirements on the length of the key, and the larger the length of the first quantum key is, the larger the computation amount of the symmetric encryption is. It can be understood that, because the first quantum key is data corresponding to the preset range in the random key string, the difficulty of intercepting the random key string can be improved by increasing the length of the random key string on the premise of not increasing the calculation amount of symmetric encryption, so that the difficulty of obtaining the first quantum key is improved, and the security of the key agreement process is further improved.
Further, as shown in fig. 10, an eighth embodiment of the PSK generation method based on quantum key according to the present invention is proposed based on the seventh embodiment, and in this embodiment, before step S2420, the method further includes:
s2415: selecting a plurality of bits from the remaining range outside the preset range in the random key string to be used for generating a supplementary plaintext;
it should be noted that a bit is the minimum unit of data storage. If the random key string is 0100001010101000 and the predetermined range is between 4 th and 11 th bits of the random key string, then the remaining range outside the predetermined range includes the range between 1 st and 3 rd bits of the random key string and the range between 12 th and 16 th bits of the random key string. The supplementary plaintext may be specifically the 1 st bit to the 3 rd bit of the random key string, that is, 010, the 12 th bit to the 16 th bit of the random key string, that is, 01000, or a part of 01001000 obtained by splicing the 1 st bit to the 3 rd bit and the 12 th bit to the 16 th bit of the random key string, that is, 01001000, or the first 4 bits of 01001000 obtained by splicing, that is, 0100.
Step S2420 specifically includes:
s2421: generating a plaintext to be encrypted by using the supplementary plaintext and the initial plaintext, wherein the supplementary plaintext is used as a supplementary bit or an Initialization Vector (IV) value for generating the plaintext to be encrypted;
it should be noted that different symmetric encryption algorithms have respective requirements on the length of the plaintext, and in the case of insufficient length of the plaintext, complementary bits need to be generated to perform symmetric encryption. Some encryption algorithms also require plaintext to have an IV value. The complementary bit or the initialization vector of the plaintext to be encrypted is generated in the step, and the special requirements of a partial symmetric encryption algorithm can be met.
S2422: and symmetrically encrypting the plaintext to be encrypted by using the first quantum key through the complementary bit or the IV value of the plaintext to be encrypted to obtain the PSK.
It should be noted that, in this embodiment, since the plurality of bits used for generating the supplementary plaintext are selected from the remaining range outside the preset range, the plaintext to be encrypted cannot be generated under the condition that the random key string is not completely intercepted, so that the difficulty of obtaining the plaintext to be encrypted is increased, and the security of the key agreement process is further improved.
Further, as shown in fig. 11, a ninth embodiment of the quantum-key-based PSK generation method according to the present invention is proposed based on the fifth embodiment, where step S2410 includes:
s2330: receiving a key bill sent by user equipment, wherein the key bill is generated by the user equipment according to user equipment information and the key generation parameter;
it should be noted that the key ticket may be specifically generated by the user equipment through a concatenation and combination algorithm. The user equipment can agree with the server, and specific bits of the key ticket represent the user equipment information, and other specific bits represent the key generation parameter, so that the server can extract the key generation parameter and the user equipment information after receiving the key generation parameter.
Step S2350 specifically includes:
s2351: extracting user equipment information from the key bill and performing identity verification on the user equipment information;
it should be noted that the user equipment information may specifically include domain name information of the user equipment, hardware address information of the user equipment, and the like.
S2352: and when the identity authentication is passed, extracting key generation parameters from the key ticket.
It can be understood that, in this embodiment, the security of the communication between the user equipment and the server can be improved by verifying the identity of the user equipment. When the server passes the authentication, the server extracts the key generation parameters from the key bill, so that the key generation parameters can be prevented from being extracted when the authentication cannot pass, and the calculation amount of the server in the key negotiation process is reduced.
Further, step S2200 may specifically be to obtain a first random number generated by the user equipment, and locally generate a second random number and server identity information. The user equipment may further perform the steps of:
acquiring server identity information generated by the server;
verifying the identity of the server according to the server identity information;
when the authentication is passed, an initial plaintext is generated by using the first random number and the second random number, that is, step S1300 is performed.
It should be noted that, through the bidirectional identity authentication between the user equipment and the server, it is beneficial to improve the security in the key agreement process. Specifically, the server identity information may include domain name information of the server, hardware address information of the server, and the like. When the user equipment passes the authentication, the first random number and the second random number are used for generating an initial plaintext, so that the generation of the initial plaintext can be avoided when the authentication cannot pass, and the calculation amount of the user equipment in the key negotiation process is reduced.
In addition, the present invention also provides a PSK generating apparatus based on quantum key, including:
the second key string acquisition module is used for acquiring a random key string through a quantum key distribution network;
the second random number acquisition module is used for acquiring the first random number generated by the user equipment and locally generating a second random number;
a second generating module, configured to generate an initial plaintext using the first random number and the second random number;
and the second encryption module is used for carrying out symmetric encryption on the basis of the random key string and the initial plaintext so as to generate the PSK.
Furthermore, the present invention also provides a server including a second memory, a second processor, and a quantum-key-based PSK generation program stored on the second memory and executable on the second processor, where the quantum-key-based PSK generation program implements the steps of the method described above when executed by the second processor.
Furthermore, the present invention also proposes a computer-readable storage medium having stored thereon a quantum-key-based PSK generation program that, when executed by a processor, implements the steps of the method as described above.
It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or system that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or system. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or system that comprises the element.
The above-mentioned serial numbers of the embodiments of the present invention are merely for description and do not represent the merits of the embodiments.
Through the above description of the embodiments, those skilled in the art will clearly understand that the method of the above embodiments can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware, but in many cases, the former is a better implementation manner. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium (e.g., ROM/RAM, magnetic disk, optical disk) as described above and includes instructions for enabling a terminal device (e.g., a mobile phone, a computer, a server, an air conditioner, or a network device) to execute the method according to the embodiments of the present invention.
The above description is only a preferred embodiment of the present invention, and not intended to limit the scope of the present invention, and all modifications of equivalent structures and equivalent processes, which are made by using the contents of the present specification and the accompanying drawings, or directly or indirectly applied to other related technical fields, are included in the scope of the present invention.
Claims (12)
1. A PSK generation method based on quantum keys is characterized by comprising the following steps:
the user equipment acquires a random key string through a quantum key distribution network;
generating a first random number locally, and acquiring a second random number generated by a server;
generating an initial plaintext by using the first random number and the second random number;
locally generating a key generation parameter, wherein the key generation parameter comprises index information and a first length value;
generating a first quantum key by using the index information, the first length value and the random key string;
and performing symmetric encryption based on the first quantum key and the initial plaintext to generate the PSK.
2. The method for PSK generation based on quantum key of claim 1, wherein said step of generating a first quantum key using said index information, said first length value and said random key string specifically includes:
searching a start bit in the random key string according to the index information;
searching a termination bit in the random key string according to the start bit and the first length value;
and taking data corresponding to a preset range in the random key string as the first quantum key, wherein the preset range is a range from the start bit to the end bit.
3. The method for quantum-key-based PSK generation according to claim 2, wherein said step of performing symmetric encryption based on said first quantum key and said initial plaintext to generate PSK further comprises:
selecting a plurality of bits from the remaining range outside the preset range in the random key string to be used for generating a supplementary plaintext;
the symmetrically encrypting based on the first quantum key and the initial plaintext to generate the PSK specifically includes:
generating a plaintext to be encrypted by using the supplementary plaintext and the initial plaintext, wherein the supplementary plaintext is used as a complementary bit or an IV value for generating the plaintext to be encrypted;
and symmetrically encrypting the plaintext to be encrypted by using the first quantum key through the complementary bit or the IV value of the plaintext to be encrypted to obtain the PSK.
4. A quantum key based PSK generation apparatus, comprising:
the first key string acquisition module is used for acquiring a random key string through a quantum key distribution network;
the first random number acquisition module is used for locally generating a first random number and acquiring a second random number generated by the server;
a first generating module, configured to generate an initial plaintext by using the first random number and the second random number;
the first encryption module is used for locally generating a key generation parameter, wherein the key generation parameter comprises index information and a first length value; generating a first quantum key by using the index information, the first length value and the random key string; and performing symmetric encryption based on the first quantum key and the initial plaintext to generate the PSK.
5. A user equipment comprising a first memory, a first processor, and a quantum-key-based PSK generation program stored on the first memory and executable on the first processor, the quantum-key-based PSK generation program when executed by the first processor implementing the steps of the method of any of claims 1-3.
6. A computer-readable storage medium, characterized in that the computer-readable storage medium has stored thereon a quantum-key-based PSK generation program that, when executed by a processor, implements the steps of the quantum-key-based PSK generation method according to any of claims 1 to 3.
7. A PSK generation method based on quantum keys is characterized by comprising the following steps:
the server acquires a random key string through a quantum key distribution network;
acquiring a first random number generated by user equipment, and locally generating a second random number;
generating an initial plaintext by using the first random number and the second random number;
acquiring key generation parameters generated by the user equipment, wherein the key generation parameters comprise index information and a first length value;
generating a first quantum key by using the index information, the first length value and the random key string;
and performing symmetric encryption based on the first quantum key and the initial plaintext to generate the PSK.
8. The quantum-key-based PSK generation method according to claim 7, wherein said key generation parameter includes index information and a first length value;
the step of generating a first quantum key by using the key generation parameter and the random key string specifically includes:
acquiring the index information and the first length value according to the key generation parameter;
searching a start bit in the random key string according to the index information;
searching a termination bit in the random key string according to the start bit and the first length value;
and taking data corresponding to a preset range in the random key string as the first quantum key, wherein the preset range is a range from the start bit to the end bit.
9. The method for quantum-key-based PSK generation according to claim 8, wherein prior to said symmetric encryption based on said first quantum key and said initial plaintext to generate a PSK, said method further comprises:
selecting a plurality of bits from the remaining range outside the preset range in the random key string to be used for generating a supplementary plaintext;
the symmetrically encrypting based on the first quantum key and the initial plaintext to generate the PSK specifically includes:
generating a plaintext to be encrypted by using the supplementary plaintext and the initial plaintext, wherein the supplementary plaintext is used as a complementary bit or an IV value for generating the plaintext to be encrypted;
and symmetrically encrypting the plaintext to be encrypted by using the first quantum key through the complementary bit or the IV value of the plaintext to be encrypted to obtain the PSK.
10. The method for generating PSK based on quantum key according to claim 7, wherein before obtaining the key generation parameter generated by the user equipment, it specifically includes:
receiving a key bill sent by user equipment, wherein the key bill is generated by the user equipment according to user equipment information and the key generation parameter;
the obtaining of the key generation parameter generated by the user equipment specifically includes:
extracting user equipment information from the key bill and performing identity verification on the user equipment information;
and when the identity authentication is passed, extracting key generation parameters from the key ticket.
11. A quantum key based PSK generation apparatus, comprising:
the second key string acquisition module is used for acquiring a random key string through a quantum key distribution network;
the second random number acquisition module is used for acquiring the first random number generated by the user equipment and locally generating a second random number;
a second generating module, configured to generate an initial plaintext using the first random number and the second random number;
the second encryption module is used for acquiring key generation parameters generated by the user equipment, wherein the key generation parameters comprise index information and a first length value; generating a first quantum key by using the index information, the first length value and the random key string; performing symmetric encryption based on the first quantum key and the initial plaintext to generate PSK
A server comprising a second memory, a second processor, and a quantum-key-based PSK generation program stored on the second memory and executable on the second processor, the quantum-key-based PSK generation program implementing the steps of the method of any of claims 7-10 when executed by the second processor.
12. A computer-readable storage medium, having stored thereon a quantum-key-based PSK generation program, which when executed by a processor implements the steps of the method according to any of claims 7 to 10.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811218693.6A CN108964912B (en) | 2018-10-18 | 2018-10-18 | PSK generation method, PSK generation device, user equipment, server and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811218693.6A CN108964912B (en) | 2018-10-18 | 2018-10-18 | PSK generation method, PSK generation device, user equipment, server and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN108964912A CN108964912A (en) | 2018-12-07 |
| CN108964912B true CN108964912B (en) | 2022-02-18 |
Family
ID=64480847
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811218693.6A Active CN108964912B (en) | 2018-10-18 | 2018-10-18 | PSK generation method, PSK generation device, user equipment, server and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108964912B (en) |
Families Citing this family (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112953706B (en) * | 2019-12-11 | 2022-09-06 | 天翼云科技有限公司 | Information processing method and device |
| JP2023527534A (en) * | 2020-05-29 | 2023-06-29 | 華為技術有限公司 | Key acquisition method and related equipment |
| CN114629630A (en) * | 2020-12-14 | 2022-06-14 | 中国移动通信有限公司研究院 | Initialization vector generation method, device and related equipment |
| CN113810432B (en) * | 2021-11-19 | 2022-06-17 | 阿里云计算有限公司 | Quantum-safe data encryption method, encryption equipment and storage medium |
Family Cites Families (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101311942B (en) * | 2007-05-23 | 2011-08-24 | 西门子(中国)有限公司 | Software encryption and decryption method and encryption and decryption device |
| CN101516090B (en) * | 2008-02-20 | 2013-09-11 | 华为技术有限公司 | Network authentication communication method and mesh network system |
| CN102045333B (en) * | 2010-06-29 | 2013-06-19 | 飞天诚信科技股份有限公司 | Method for generating safety message process key |
| CN102082790B (en) * | 2010-12-27 | 2014-03-05 | 北京握奇数据系统有限公司 | Method and device for encryption/decryption of digital signature |
| CN102904713A (en) * | 2011-07-25 | 2013-01-30 | 深圳市金溢科技有限公司 | Key exchange method for secret key encryption communication system |
| CN102938696B (en) * | 2011-08-15 | 2015-08-12 | 国民技术股份有限公司 | A kind of generation method of session key and module |
| JP5612007B2 (en) * | 2012-03-15 | 2014-10-22 | 株式会社東芝 | Encryption key generator |
| US8566601B1 (en) * | 2012-09-12 | 2013-10-22 | Zeutro Llc | Systems and methods for functional encryption using a string of arbitrary length |
| CN103684754B (en) * | 2013-12-03 | 2016-11-23 | 中国电子科技集团公司第三十研究所 | A kind of WPA shared key based on GPU cluster cracks system |
| CN104601451B (en) * | 2015-01-27 | 2017-11-28 | 深信服网络科技(深圳)有限公司 | Instant information communication method and system |
| KR101762013B1 (en) * | 2015-09-25 | 2017-07-26 | 덕성여자대학교 산학협력단 | Method for registering device and setting secret key using two factor communacation channel |
| CN106817694A (en) * | 2017-04-14 | 2017-06-09 | 江苏亨通问天量子信息研究院有限公司 | Quantum wireless secret communication system and mobile terminal |
| CN108156140B (en) * | 2017-12-13 | 2020-10-30 | 西安电子科技大学 | Multi-keyword searchable encryption method supporting numerical value attribute comparison |
-
2018
- 2018-10-18 CN CN201811218693.6A patent/CN108964912B/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| CN108964912A (en) | 2018-12-07 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108964912B (en) | PSK generation method, PSK generation device, user equipment, server and storage medium | |
| CN101978650B (en) | A system and method of secure network authentication | |
| CN113259133B (en) | Encryption communication method, equipment and storage medium based on HTTP protocol | |
| CN110100422B (en) | Data writing method and device based on block chain intelligent contract and storage medium | |
| CN113067699B (en) | Data sharing method and device based on quantum key and computer equipment | |
| CN102915263A (en) | Data backup method, system and equipment | |
| KR20140055509A (en) | Method and system for id-based encryption and decryption | |
| CN108199847B (en) | Digital security processing method, computer device, and storage medium | |
| CN105307165A (en) | Communication method based on mobile application, server and client | |
| CN105812334B (en) | A kind of method for network authorization | |
| CN101621794A (en) | Method for realizing safe authentication of wireless application service system | |
| CN105025019A (en) | Data safety sharing method | |
| CN110855616B (en) | Digital key generation system | |
| CN109068322A (en) | Decryption method, system, mobile terminal, server and storage medium | |
| CN109005184A (en) | File encrypting method and device, storage medium, terminal | |
| CN115396121A (en) | Security authentication method for security chip OTA data packet and security chip device | |
| CN109272314A (en) | A kind of safety communicating method and system cooperateing with signature calculation based on two sides | |
| CN108900540A (en) | A kind of business data processing method of the distribution terminal based on double-encryption | |
| CN114553590A (en) | Data transmission method and related equipment | |
| CN106850584B (en) | A kind of anonymous authentication method of curstomer-oriented/server network | |
| CN115603907A (en) | Method, device, equipment and storage medium for encrypting storage data | |
| CN111859435B (en) | Data security processing method and device | |
| CN105162592A (en) | Method and system for authenticating wearable device | |
| CN105678542B (en) | payment service interaction method, payment terminal and payment cloud terminal | |
| Hajny et al. | Cryptographic protocols for confidentiality, authenticity and privacy on constrained devices |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |