CN110035083A - Communication means, equipment and the computer readable storage medium of dialogue-based key - Google Patents

Communication means, equipment and the computer readable storage medium of dialogue-based key Download PDF

Info

Publication number
CN110035083A
CN110035083A CN201910310731.9A CN201910310731A CN110035083A CN 110035083 A CN110035083 A CN 110035083A CN 201910310731 A CN201910310731 A CN 201910310731A CN 110035083 A CN110035083 A CN 110035083A
Authority
CN
China
Prior art keywords
user terminal
session key
key
block chain
encrypted
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201910310731.9A
Other languages
Chinese (zh)
Inventor
路成业
王凌
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Jiangsu Full Chain Communication Information Technology Co Ltd
Original Assignee
Jiangsu Full Chain Communication Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Jiangsu Full Chain Communication Information Technology Co Ltd filed Critical Jiangsu Full Chain Communication Information Technology Co Ltd
Priority to CN201910310731.9A priority Critical patent/CN110035083A/en
Publication of CN110035083A publication Critical patent/CN110035083A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/14Session management

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Power Engineering (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Telephonic Communication Services (AREA)

Abstract

The embodiment of the present invention provides communication means, equipment and the computer readable storage medium of a kind of dialogue-based key.The embodiment of the present invention is requested by the first user terminal in block chain network broadcast query, the IP address of second user terminal is obtained according to the domain name block chain of second user terminal mark or inquiry of the domain name, and connection is established by the IP address of the second user terminal and the second user terminal, since the information of the block chain account book record in block chain network can not distort, the information truth recorded in the block chain account book is reliable, therefore, the IP address for the second user terminal that first user terminal is got from the block chain account book is true and reliable, in addition, the second session key that the first session key and/or the second user terminal that first user terminal is generated according to first user terminal generate is communicated with the second user terminal, it improves and communicates between the first user terminal and second user terminal Safety.

Description

Communication means, equipment and the computer readable storage medium of dialogue-based key
Technical field
The present embodiments relate to field of communication technology more particularly to a kind of communication means of dialogue-based key, equipment And computer readable storage medium.
Background technique
In internet, party A-subscriber and party B-subscriber want to establish secure attachment in the environment of distrust, main at present logical Cross graceful key exchange (English: Diffie-Hellman key exchange the is abbreviated as D-H) Lai Shixian of diffie-hellman.It can To allow both sides to create a key by insecure channels under conditions of any information of absolutely not other side.This key can To carry out encryption communication content as symmetric key in subsequent communication.
The graceful key exchange of diffie-hellman itself is not provided with the authentication service of communication two party, therefore it is easy to By man-in-the-middle attack.One go-between carries out diffie-hellman graceful key exchange twice in the center of channel, for example, it is primary and Alice carries out diffie-hellman graceful key exchange, another time and the graceful key exchange of Bob diffie-hellman, which can be at Function is pretended oneself to be Bob to Alice, and vice versa.In addition, attacker can also decrypt and (read and store) anyone Information and encryption information again, be then passed to another person.Therefore, cause the safety communicated between user lower.
Summary of the invention
The embodiment of the present invention provides communication means, equipment and the computer readable storage medium of a kind of dialogue-based key, To improve the safety communicated between the first user terminal and second user terminal.
In a first aspect, the embodiment of the present invention provides a kind of communication means of dialogue-based key, comprising:
First user terminal is requested in block chain network broadcast query, and the inquiry request includes the domain of second user terminal Name block chain identifies or domain name, and the block chain account book stored in the accounting nodes includes the domain name area of the second user terminal Block chain mark or domain name, the IP address of the second user terminal, the second user terminal are in the block chain network The title for the application program that public key, the second user terminal are supported and the service port number of the application program;
First user terminal receives the second user terminal of the transmission of the accounting nodes in the block chain network Public key in the block chain network of IP address, the second user terminal, answering of being supported of the second user terminal With the title of program and the service port number of the application program;
First user terminal is supported according to IP address, the second user terminal of the second user terminal The service port number of the title of application program and the application program establishes connection with the second user terminal;
The first session key and/or described second that first user terminal is generated according to first user terminal are used The second session key that family terminal generates is communicated with the second user terminal.
Second aspect, the embodiment of the present invention provide a kind of first user terminal, comprising:
Memory;
Processor;
Communication interface;And
Computer program;
Wherein, the computer program stores in the memory, and is configured as being executed by the processor following Operation:
It is requested by the communication interface in block chain network broadcast query, the inquiry request includes second user terminal Domain name block chain mark or domain name, the block chain account book stored in the accounting nodes includes the domain of the second user terminal Name block chain mark or domain name, the IP address of the second user terminal, the second user terminal are in the block chain network In public key, the title of application program that the second user terminal is supported and the application program service port number;
The second user terminal of the transmission of the accounting nodes in the block chain network is received by the communication interface Public key in the block chain network of IP address, the second user terminal, answering of being supported of the second user terminal With the title of program and the service port number of the application program;
The title for the application program supported according to the IP address of the second user terminal, the second user terminal and The service port number of the application program establishes connection with the second user terminal;
Second generated according to the first session key of first user terminal generation and/or the second user terminal Session key is communicated with the second user terminal.
The third aspect, the embodiment of the present invention provide a kind of computer readable storage medium, are stored thereon with computer program, The computer program is executed by processor to realize method described in first aspect.
Communication means, equipment and the computer readable storage medium of dialogue-based key provided in an embodiment of the present invention lead to It crosses the first user terminal to request in block chain network broadcast query, according to the domain name block chain of second user terminal mark or domain name Inquiry obtains the IP address of second user terminal, and is established by the IP address of the second user terminal and the second user terminal Connection is recorded since the information of the block chain account book record in block chain network can not distort in the block chain account book Information truth it is reliable, therefore, the IP address for the second user terminal that the first user terminal is got from the block chain account book It is true and reliable, in addition, the first session key that the first user terminal is generated according to first user terminal and/or described Second user terminal generate the second session key communicated with the second user terminal, improve the first user terminal with The safety communicated between second user terminal.
Detailed description of the invention
Fig. 1 is a kind of schematic diagram of application scenarios provided in an embodiment of the present invention;
Fig. 2 is the communication means flow chart of dialogue-based key provided in an embodiment of the present invention;
Fig. 3 be another embodiment of the present invention provides dialogue-based key communication means flow chart;
Fig. 4 be another embodiment of the present invention provides dialogue-based key communication means flow chart;
Fig. 5 be another embodiment of the present invention provides dialogue-based key communication means flow chart;
Fig. 6 be another embodiment of the present invention provides dialogue-based key communication means flow chart;
Fig. 7 is the structural schematic diagram of the first user terminal provided in an embodiment of the present invention.
Through the above attached drawings, it has been shown that the specific embodiment of the disclosure will be hereinafter described in more detail.These attached drawings It is not intended to limit the scope of this disclosure concept by any means with verbal description, but is by referring to specific embodiments Those skilled in the art illustrate the concept of the disclosure.
Specific embodiment
Example embodiments are described in detail here, and the example is illustrated in the accompanying drawings.Following description is related to When attached drawing, unless otherwise indicated, the same numbers in different drawings indicate the same or similar elements.Following exemplary embodiment Described in embodiment do not represent all implementations consistent with this disclosure.On the contrary, they be only with it is such as appended The example of the consistent device and method of some aspects be described in detail in claims, the disclosure.
The communication means of dialogue-based key provided in an embodiment of the present invention, can be adapted for communication system shown in FIG. 1. As shown in Figure 1, the communication system includes: node 1- node 7.The communication system specifically can be block chain network, node 1- section Point 7 is the node in the block chain network respectively.It only schematically illustrates herein, does not limit the structure of the block chain network, The node of the block chain network is not limited yet.Wherein, node specifically can be the equipment such as terminal device, server.Optionally, should Block chain network specifically can be domain name block chain network described in following example.In addition, only schematically illustrate herein, The structure and the node number in the domain name block chain network for not limiting the domain name block chain network.
The communication means of dialogue-based key provided in an embodiment of the present invention, it is intended to which the technology as above for solving the prior art is asked Topic.
How to be solved with technical solution of the specifically embodiment to technical solution of the present invention and the application below above-mentioned Technical problem is described in detail.These specific embodiments can be combined with each other below, for the same or similar concept Or process may repeat no more in certain embodiments.Below in conjunction with attached drawing, the embodiment of the present invention is described.
Fig. 2 is the communication means flow chart of dialogue-based key provided in an embodiment of the present invention.The embodiment of the present invention is directed to The technical problem as above of the prior art provides the communication means of dialogue-based key, and specific step is as follows for this method:
Step 201, the first user terminal are requested in block chain network broadcast query, and the inquiry request includes second user The domain name block chain of terminal identifies or domain name, and the block chain account book stored in the accounting nodes includes the second user terminal Domain name block chain mark or domain name, the IP address of the second user terminal, the second user terminal in the block chain The title for the application program that public key, the second user terminal in network are supported and the serve port of the application program Number.
The first user terminal and second user terminal in the present embodiment specifically can be block chain network as shown in Figure 1 In node.First user terminal and second user terminal needs are registered in the block chain network, in registration process, first User terminal and second user terminal need to carry out authentication, that is to say, that each user terminal is in the block chain network There are unique public key and private key.Optionally, which is that some externally provides the application program of service The service provider of (Application, APP), the first user terminal need to access second user terminal, that is to say, that first User terminal is needed using service provided by second user terminal.First user terminal and second user terminal are pacified Full communication.Firstly, the first user terminal can obtain the domain name block of second user terminal by the approach of non-domain name block chain Chain mark or domain name.First user terminal is identified according to the domain name block chain of second user terminal or domain name is in the block chain network Middle broadcast query request, the inquiry request include the domain name block chain mark or domain name of second user terminal.Specifically, first uses Family terminal is broadcast in the block chain network again after being signed using the private key of oneself to the inquiry request.The block chain network In accounting nodes can receive the inquiry request.The accounting nodes are stored with block chain account book, can in the block chain account book Record has the information such as domain name block chain mark or domain name, IP address, the public key of each node in the block chain network.It is herein It schematically illustrates, does not limit the specifying information recorded in the block chain account book.In other embodiments, in the block chain account book The Transaction Information between each node can also be recorded.
Specifically, record has the domain name block chain mark or domain name, institute of the second user terminal in the block chain account book State public key in the block chain network of the IP address, the second user terminal of second user terminal, the second user The service port number of the title for the application program that terminal is supported and the application program.When the accounting nodes receive this first When the inquiry request that user terminal is broadcasted in block chain network, the accounting nodes are to first user terminal in the inquiry request Private key signature verified.If the verification passes, then the accounting nodes according to the domain name block chain mark of the second user terminal Knowledge or domain name, inquire the block chain account book of oneself storage inside, and the second user end is obtained from the block chain account book Public key in the block chain network of the IP address at end, the second user terminal, the second user terminal are supported The service port number of the title of application program and the application program.Further, the accounting nodes are by the second user terminal Public key in the block chain network of IP address, the second user terminal, answering of being supported of the second user terminal The first user terminal is sent to the service port number of the title of program and the application program.Specifically, the accounting nodes can To the first user terminal sends the IP address of the second user terminal, the second user terminal exists in a manner of using broadcast The title of the application program that public key, the second user terminal in the block chain network are supported and the application program Service port number.
Step 202, first user terminal receive described the second of the transmission of the accounting nodes in the block chain network Public key in the block chain network of the IP address of user terminal, the second user terminal, the second user terminal institute The service port number of the title of the application program of support and the application program.
Optionally, if the service port number for the application program that second user terminal is supported is changed, this Two user terminals needs broadcast updated service port number in the block chain network in time, so as in the block chain network Accounting nodes updated service port number can be recorded in block chain account book.
IP address, the second user terminal of step 203, first user terminal according to the second user terminal The service port number of the title for the application program supported and the application program establishes connection with the second user terminal.
Optionally, the mountable application program for thering is second user terminal to be supported of first user terminal.When this applies journey When sequence generates the access request of access second user terminal in first user terminal, which visits according to initiation The IP address of the title for the application program asked port numbers corresponding with the application program and the second user terminal, to this Second user terminal sends connection request, which specifically can be transmission control protocol (Transmission Control Protocol, TCP) connection request.It include the domain name block chain mark of the first user terminal in TCP connection request Know.After second network equipment receives TCP connection request, which determines the domain name block of the first user terminal Chain identifies whether in the white list of second network equipment.If the domain name block chain mark of first user terminal this In the white list of two network equipments, then second network equipment is determining establishes TCP connection with first user terminal.
The first session key and/or institute that step 204, first user terminal are generated according to first user terminal The second session key for stating the generation of second user terminal is communicated with the second user terminal.
After the first user terminal and second network equipment establish TCP connection, the first user terminal can be generated first Session key, and/or, second user terminal generates the second session key.
If the first user terminal generates the first session key, second user terminal does not generate the second session key, then First user terminal and second user terminal can carry out coded communication according to first session key.
If the first user terminal does not generate the first session key, second user terminal generates the second session key, then First user terminal and second user terminal can carry out coded communication according to second session key.
If the first user terminal generates the first session key, second user terminal generates the second session key, then first User terminal and second user terminal can generate third session key according to the first session key and the second session key respectively, the One user terminal and second user terminal can carry out coded communication according to the third session key.
The embodiment of the present invention is requested by the first user terminal in block chain network broadcast query, according to second user terminal Domain name block chain mark or inquiry of the domain name obtain the IP address of second user terminal, and by the IP of the second user terminal Location and the second user terminal establish connection, since the information of the block chain account book record in block chain network is can not to distort , i.e., the information truth recorded in the block chain account book is reliable, and therefore, the first user terminal is got from the block chain account book The IP address of second user terminal be true and reliable, in addition, the first user terminal is generated according to first user terminal The first session key and/or the second user terminal generate the second session key led to the second user terminal Letter, improves the safety communicated between the first user terminal and second user terminal.
Fig. 3 be another embodiment of the present invention provides dialogue-based key communication means flow chart.In above-described embodiment On the basis of, the first session key and/or described second that first user terminal is generated according to first user terminal The second session key that user terminal generates communicate specifically comprising the following steps: with the second user terminal
Step 301, first user terminal generate the first session key.
As shown in figure 4, the first user terminal sends inquiry request to accounting nodes, accounting nodes are returned to the first user terminal The relevant information for returning second user terminal, for example, the IP address of the second user terminal, the second user terminal are described The service of the title and the application program of the application program that public key, the second user terminal in block chain network are supported Port numbers.First user terminal sends TCP connection to the second user terminal according to the relevant information of the second user terminal and builds Vertical request, further, the second user terminal establish request according to the TCP connection and establish TCP connection with first user terminal. In the present embodiment, first user terminal and the second user terminal are established after TCP connection, which can be with Machine generates a session key, and herein, the session key which is generated is the first session key Ks.
The public key of step 302, first user terminal according to the second user terminal in the block chain network First session key is encrypted.
First user terminal is close to first session according to public key of the second user terminal in the block chain network Key Ks is encrypted.Specifically, public key of first user terminal according to the second user terminal in the block chain network, and The first algorithm made an appointment using the first user terminal and second user terminal encrypts first session key Ks.
Encrypted first session key is sent to the second user by step 303, first user terminal Terminal, so that the second user terminal is added using private key of the second user terminal in the block chain network to described First session key after close is decrypted, and obtains first session key.
Encrypted first session key Ks is sent to second user terminal by the first user terminal.Second user terminal connects After receiving the encrypted first session key Ks, according to private key of the second user terminal in the block chain network, and The first algorithm made an appointment using the first user terminal and second user terminal is to the encrypted first session key Ks It is decrypted, obtains the first session key Ks.
Step 304, first user terminal are led to according to first session key and the second user terminal Letter.
After second user terminal deciphering obtains the first session key Ks, the first user terminal and second user terminal it Between communication i.e. can be used the first session key Ks carry out coded communication.
In addition, being communicated according to first session key with the second user terminal in first user terminal During, either side in first user terminal and the second user terminal can to first session key into Row modification.
A kind of possible situation is: in first user terminal according to first session key and the second user During terminal is communicated, it is close that first user terminal receives the first session after the second user terminal modifications Key;First user terminal is communicated according to modified first session key with the second user terminal.
For example, the second user terminal is modified first session key, herein by modified first meeting Words key is denoted as Ks ', and the second user terminal encrypts the Ks ' using the public key of first user terminal, and will The encrypted Ks ' be attached to in the message of first user terminal communication.First user terminal receives the report Wen Hou parses encrypted Ks ' from the message, and using the private key of first user terminal to the encrypted Ks ' Be decrypted, obtain Ks ', in subsequent communication process, the first user terminal according to modified first session key Ks ' with The second user terminal is communicated.
Alternatively possible situation is: being used in first user terminal according to first session key and described second During family terminal is communicated, first user terminal modifies first session key;First user terminal Modified first session key is sent to the second user terminal, so that after the second user terminal is according to modification First session key communicated with first user terminal.
For example, first user terminal is modified first session key, herein by modified first meeting Words key is denoted as Ks ', and first user terminal encrypts the Ks ' using the public key of the second user terminal, and will The encrypted Ks ' is attached in the message communicated with the second user terminal.The second user terminal receives the report Wen Hou parses encrypted Ks ' from the message, and using the private key of the second user terminal to the encrypted Ks ' It is decrypted, obtains Ks ', in subsequent communication process, the second user terminal is according to modified first session key Ks ' is communicated with first user terminal.
The embodiment of the present invention generates the first session key by the first user terminal, and passes through the public key of second user terminal First session key is encrypted, encrypted first session key is further sent to second user terminal, is improved The transmission security of first session key.
Fig. 5 be another embodiment of the present invention provides dialogue-based key communication means flow chart.In above-described embodiment On the basis of, the first session key and/or described second that first user terminal is generated according to first user terminal The second session key that user terminal generates communicate specifically comprising the following steps: with the second user terminal
It is close that step 501, first user terminal receive encrypted second session that the second user terminal is sent Key, second session key are that the second user terminal generates, and encrypted second session key is described the Two user terminals carry out second session key using public key of first user terminal in the block chain network It is obtained after encryption.
In the present embodiment, first user terminal and the second user terminal are established after TCP connection, and second user is whole End generates a session key at random, and herein, the session key which is generated is the second session key.It should Second user terminal adds second session key according to public key of first user terminal in the block chain network It is close, and encrypted second session key is sent to the first user terminal.
Step 502, first user terminal use private key of first user terminal in the block chain network, Encrypted second session key is decrypted, second session key is obtained.
After first user terminal receives encrypted second session key, according to first user terminal in the area Private key in block chain network is decrypted encrypted second session key, obtains the second session key.
Step 503, first user terminal are led to according to second session key and the second user terminal Letter.
After the first user terminal is decrypted and obtains the second session key, between the first user terminal and second user terminal Communication i.e. can be used second session key carry out coded communication.
In addition, being communicated according to second session key with the second user terminal in first user terminal During, either side in first user terminal and the second user terminal can to second session key into Row modification.
A kind of possible situation is: in first user terminal according to second session key and the second user During terminal is communicated, it is close that first user terminal receives the second session after the second user terminal modifications Key;First user terminal is communicated according to modified second session key with the second user terminal.
For example, the second user terminal is modified second session key, herein by modified second meeting Words key is denoted as Kt ', and the second user terminal encrypts the Kt ' using the public key of first user terminal, and will The encrypted Kt ' be attached to in the message of first user terminal communication.First user terminal receives the report Wen Hou parses encrypted Kt ' from the message, and using the private key of first user terminal to the encrypted Kt ' Be decrypted, obtain Kt ', in subsequent communication process, the first user terminal according to modified second session key Kt ' with The second user terminal is communicated.
Alternatively possible situation is: being used in first user terminal according to second session key and described second During family terminal is communicated, first user terminal modifies second session key;First user terminal Modified second session key is sent to the second user terminal, so that after the second user terminal is according to modification Second session key communicated with first user terminal.
For example, first user terminal is modified second session key, herein by modified second meeting Words key is denoted as Kt ', and first user terminal encrypts the Kt ' using the public key of the second user terminal, and will The encrypted Kt ' is attached in the message communicated with the second user terminal.The second user terminal receives the report Wen Hou parses encrypted Kt ' from the message, and using the private key of the second user terminal to the encrypted Kt ' It is decrypted, obtains Kt ', in subsequent communication process, the second user terminal is according to modified second session key Kt ' is communicated with first user terminal.
The embodiment of the present invention generates the second session key by second user terminal, and passes through the public key of the first user terminal Second session key is encrypted, encrypted second session key is further sent to the first user terminal, is improved The transmission security of second session key.
Fig. 6 be another embodiment of the present invention provides dialogue-based key communication means flow chart.In above-described embodiment On the basis of, the first session key and/or described second that first user terminal is generated according to first user terminal The second session key that user terminal generates communicate specifically comprising the following steps: with the second user terminal
Step 601, first user terminal generate the first session key.
In the present embodiment, first user terminal and the second user terminal are established after TCP connection, and the first user is whole End generates the first session key, in addition, the second user terminal generates the second session key.
The public key of step 602, first user terminal according to the second user terminal in the block chain network First session key is encrypted.
First user terminal is close to first session according to public key of the second user terminal in the block chain network Key is encrypted.
Encrypted first session key is sent to the second user by step 603, first user terminal Terminal, so that the second user terminal is added using private key of the second user terminal in the block chain network to described First session key after close is decrypted, and obtains first session key, and according to first session key and The second session key that the second user terminal generates, determines third session key.
Encrypted first session key is sent to second user terminal by the first user terminal.Second user terminal receives To after encrypted first session key, according to private key of the second user terminal in the block chain network, to this plus The first session key after close is decrypted, and obtains the first session key.In addition, first user terminal and the second user are whole End establish after TCP connection, the second user terminal generation have the second session key, further, the second user terminal according to Its second session key decrypting the first obtained session key and oneself generating, it is whole using the first user terminal and second user The second algorithm made an appointment is held, third session key is generated.
It is close that step 604, first user terminal receive encrypted second session that the second user terminal is sent Key, second session key are that the second user terminal generates, and encrypted second session key is described the Two user terminals carry out second session key using public key of first user terminal in the block chain network It is obtained after encryption.
In addition, after the second user terminal generates the second session key, the second user terminal can also according to this Public key of one user terminal in the block chain network encrypts second session key, and by encrypted second meeting Words key is sent to the first user terminal.
Step 605, first user terminal use private key of first user terminal in the block chain network, Encrypted second session key is decrypted, second session key is obtained.
After first user terminal receives encrypted second session key, according to first user terminal in the area Private key in block chain network is decrypted encrypted second session key, obtains the second session key.
Step 606, first user terminal generate the according to first session key and second session key Three session keys.
What the first session key and the first user terminal that the first user terminal is further generated according to oneself were decrypted Second session key, the second algorithm made an appointment using the first user terminal and second user terminal generate third session Key.
Step 607, first user terminal are led to according to the third session key and the second user terminal Letter.
In subsequent communication process, the progress of third session key is can be used in the first user terminal and second user terminal Coded communication.
Optionally, led in first user terminal according to the third session key and the second user terminal During letter, it is possible to modify first session key either in the first user terminal and second user terminal, first It is also possible to modify second session key either in user terminal and second user terminal.The first session after modification The transmission process of the second session key after key and/or modification is consistent with above-described embodiment, and details are not described herein again.
If having modified the first session key either in the first user terminal and second user terminal, the first user Terminal and second user terminal can respectively generate new according to modified first session key and the second original session key Third session key, and in subsequent communication process, the first user terminal and second user terminal are close using the third session Key carries out coded communication.
If having modified the second session key either in the first user terminal and second user terminal, the first user Terminal and second user terminal can respectively generate new according to modified second session key and the first original session key Third session key, and in subsequent communication process, the first user terminal and second user terminal are close using the third session Key carries out coded communication.
If having modified the first session key either in the first user terminal and second user terminal, and if The second session key is had modified either in one user terminal and second user terminal, then the first user terminal and second user Terminal respectively can generate new third session key according to modified first session key and modified second session key, And in subsequent communication process, the first user terminal and second user terminal carry out encryption using the third session key and lead to Letter.
The present embodiment generates the first session key by the first user terminal and second user terminal generates the second session Key, the first user terminal encrypt the first session key using the public key of second user terminal, and by encrypted the One session key is sent to second user terminal, and second user terminal is using the public key of the first user terminal to the second session key It is encrypted, and encrypted second session key is sent to the first user terminal, so that the first user terminal and second is used Family terminal can generate third session key according to the first session key and the second session key, further improve the first use The safety communicated between family terminal and second user terminal.
Fig. 7 is the structural schematic diagram of the first user terminal provided in an embodiment of the present invention.Provided in an embodiment of the present invention One user terminal can execute the process flow that the communication means embodiment of dialogue-based key provides, as shown in fig. 7, first uses Family terminal 70 includes: memory 71, processor 72, computer program and communication interface 73;Wherein, computer program is stored in It in reservoir 71, and is configured as executing following operation by processor 72: be looked by the communication interface in the broadcast of block chain network Request is ask, the inquiry request includes the domain name block chain mark or domain name of second user terminal, is stored in the accounting nodes Block chain account book include the domain name block chain mark of the second user terminal or the IP of domain name, the second user terminal The application program that public key in the block chain network of location, the second user terminal, the second user terminal are supported Title and the application program service port number;The book keeping operation section in the block chain network is received by the communication interface The public key in the block chain network of IP address, the second user terminal for the second user terminal that point is sent, institute State the title for the application program that second user terminal is supported and the service port number of the application program;It is used according to described second The title for the application program that the IP address of family terminal, the second user terminal are supported and the serve port of the application program Number, connection is established with the second user terminal;The first session key and/or described generated according to first user terminal The second session key that second user terminal generates is communicated with the second user terminal.
Optionally, the first session key and/or described second that the processor is generated according to first user terminal When the second session key that user terminal generates is communicated with the second user terminal, it is specifically used for: generates the first session Key;First session key is encrypted according to public key of the second user terminal in the block chain network; Encrypted first session key is sent to the second user terminal by the communication interface, so that described second User terminal is using private key of the second user terminal in the block chain network to encrypted first meeting Words key is decrypted, and obtains first session key;Communication.
Optionally, the processor is also used to: first user terminal according to first session key with it is described During second user terminal is communicated, after the second user terminal modifications are received by the communication interface first Session key;It is communicated according to modified first session key with the second user terminal;Or it is used described first During family terminal is communicated according to first session key with the second user terminal, first session is modified Key;Modified first session key is sent to the second user terminal by the communication interface, so that described Second user terminal is communicated according to modified first session key with first user terminal.
Optionally, the first session key and/or described second that the processor is generated according to first user terminal When the second session key that user terminal generates is communicated with the second user terminal, it is specifically used for: by the communication Encrypted second session key that second user terminal described in interface is sent, second session key is described second What user terminal generated, encrypted second session key is the second user terminal using first user terminal It is obtained after the public key in the block chain network encrypts second session key;It is whole using first user The private key in the block chain network is held, encrypted second session key is decrypted, second meeting is obtained Talk about key;It is communicated according to second session key with the second user terminal.
Optionally, the processor is also used to: first user terminal according to second session key with it is described During second user terminal is communicated, after the second user terminal modifications are received by the communication interface second Session key;It is communicated according to modified second session key with the second user terminal;Or it is used described first During family terminal is communicated according to second session key with the second user terminal, second session is modified Key;Modified second session key is sent to the second user terminal by the communication interface, so that described Second user terminal is communicated according to modified second session key with first user terminal.
Optionally, the first session key and/or described second that the processor is generated according to first user terminal When the second session key that user terminal generates is communicated with the second user terminal, it is specifically used for: generates the first session Key;First session key is encrypted according to public key of the second user terminal in the block chain network; Encrypted first session key is sent to the second user terminal by the communication interface, so that described second User terminal is using private key of the second user terminal in the block chain network to encrypted first meeting Words key is decrypted, and obtains first session key, and according to first session key and the second user terminal The second session key generated, determines third session key;The second user terminal is received by the communication interface to send Encrypted second session key, second session key is that the second user terminal generates, described encrypted Second session key is the second user terminal using public key pair of first user terminal in the block chain network What second session key obtained after being encrypted;Using private of first user terminal in the block chain network Key is decrypted encrypted second session key, obtains second session key;It is close according to first session Key and second session key generate third session key;According to the third session key and the second user terminal It is communicated.
First user terminal of embodiment illustrated in fig. 7 can be used for executing the technical solution of above method embodiment, realize Principle is similar with technical effect, and details are not described herein again.
In addition, the embodiment of the present invention also provides a kind of computer readable storage medium, it is stored thereon with computer program, institute It states computer program and is executed by processor communication means to realize dialogue-based key described in above-described embodiment.
In several embodiments provided by the present invention, it should be understood that disclosed device and method can pass through it Its mode is realized.For example, the apparatus embodiments described above are merely exemplary, for example, the division of the unit, only Only a kind of logical function partition, there may be another division manner in actual implementation, such as multiple units or components can be tied Another system is closed or is desirably integrated into, or some features can be ignored or not executed.Another point, it is shown or discussed Mutual coupling, direct-coupling or communication connection can be through some interfaces, the INDIRECT COUPLING or logical of device or unit Letter connection can be electrical property, mechanical or other forms.
The unit as illustrated by the separation member may or may not be physically separated, aobvious as unit The component shown may or may not be physical unit, it can and it is in one place, or may be distributed over multiple In network unit.It can select some or all of unit therein according to the actual needs to realize the mesh of this embodiment scheme 's.
It, can also be in addition, the functional units in various embodiments of the present invention may be integrated into one processing unit It is that each unit physically exists alone, can also be integrated in one unit with two or more units.Above-mentioned integrated list Member both can take the form of hardware realization, can also realize in the form of hardware adds SFU software functional unit.
The above-mentioned integrated unit being realized in the form of SFU software functional unit can store and computer-readable deposit at one In storage media.Above-mentioned SFU software functional unit is stored in a storage medium, including some instructions are used so that a computer It is each that equipment (can be personal computer, server or the network equipment etc.) or processor (processor) execute the present invention The part steps of embodiment the method.And storage medium above-mentioned includes: USB flash disk, mobile hard disk, read-only memory (Read- Only Memory, ROM), random access memory (Random Access Memory, RAM), magnetic or disk etc. it is various It can store the medium of program code.
Those skilled in the art can be understood that, for convenience and simplicity of description, only with above-mentioned each functional module Division progress for example, in practical application, can according to need and above-mentioned function distribution is complete by different functional modules At the internal structure of device being divided into different functional modules, to complete all or part of the functions described above.On The specific work process for stating the device of description, can refer to corresponding processes in the foregoing method embodiment, and details are not described herein.
Finally, it should be noted that the above embodiments are only used to illustrate the technical solution of the present invention., rather than its limitations;To the greatest extent Pipe present invention has been described in detail with reference to the aforementioned embodiments, those skilled in the art should understand that: its according to So be possible to modify the technical solutions described in the foregoing embodiments, or to some or all of the technical features into Row equivalent replacement;And these are modified or replaceed, various embodiments of the present invention technology that it does not separate the essence of the corresponding technical solution The range of scheme.

Claims (13)

1. a kind of communication means of dialogue-based key characterized by comprising
First user terminal is requested in block chain network broadcast query, and the inquiry request includes the domain name area of second user terminal Block chain identifies or domain name, and the block chain account book stored in the accounting nodes includes the domain name block chain of the second user terminal Public key in the block chain network of mark or domain name, the IP address, the second user terminal of the second user terminal, The title for the application program that the second user terminal is supported and the service port number of the application program;
First user terminal receives the IP of the second user terminal of the transmission of the accounting nodes in the block chain network The application journey that public key in the block chain network of address, the second user terminal, the second user terminal are supported The service port number of the title of sequence and the application program;
The application that first user terminal is supported according to IP address, the second user terminal of the second user terminal The service port number of the title of program and the application program establishes connection with the second user terminal;
The first session key and/or the second user that first user terminal is generated according to first user terminal are whole The second session key that end generates is communicated with the second user terminal.
2. the method according to claim 1, wherein first user terminal is according to first user terminal Generate the first session key and/or the second user terminal generate the second session key and the second user terminal into Row communication, comprising:
First user terminal generates the first session key;
First user terminal is according to public key of the second user terminal in the block chain network to first meeting Words key is encrypted;
Encrypted first session key is sent to the second user terminal by first user terminal, so that described Second user terminal is using private key of the second user terminal in the block chain network to described encrypted described the One session key is decrypted, and obtains first session key;
First user terminal is communicated according to first session key with the second user terminal.
3. according to the method described in claim 2, it is characterized in that, the method also includes:
During first user terminal is communicated according to first session key with the second user terminal, First user terminal receives the first session key after the second user terminal modifications;
First user terminal is communicated according to modified first session key with the second user terminal;
Or
During first user terminal is communicated according to first session key with the second user terminal, First user terminal modifies first session key;
First user terminal sends modified first session key to the second user terminal, so that described the Two user terminals are communicated according to modified first session key with first user terminal.
4. the method according to claim 1, wherein first user terminal is according to first user terminal Generate the first session key and/or the second user terminal generate the second session key and the second user terminal into Row communication, comprising:
First user terminal receives encrypted second session key that the second user terminal is sent, second meeting Words key is that the second user terminal generates, and encrypted second session key is that the second user terminal uses What first user terminal obtained after the public key in the block chain network encrypts second session key;
First user terminal uses private key of first user terminal in the block chain network, after the encryption The second session key be decrypted, obtain second session key;
First user terminal is communicated according to second session key with the second user terminal.
5. according to the method described in claim 4, it is characterized in that, the method also includes:
During first user terminal is communicated according to second session key with the second user terminal, First user terminal receives the second session key after the second user terminal modifications;
First user terminal is communicated according to modified second session key with the second user terminal;
Or
During first user terminal is communicated according to second session key with the second user terminal, First user terminal modifies second session key;
First user terminal sends modified second session key to the second user terminal, so that described the Two user terminals are communicated according to modified second session key with first user terminal.
6. the method according to claim 1, wherein first user terminal is according to first user terminal Generate the first session key and/or the second user terminal generate the second session key and the second user terminal into Row communication, comprising:
First user terminal generates the first session key;
First user terminal is according to public key of the second user terminal in the block chain network to first meeting Words key is encrypted;
Encrypted first session key is sent to the second user terminal by first user terminal, so that described Second user terminal is using private key of the second user terminal in the block chain network to described encrypted described the One session key is decrypted, and obtains first session key, and according to first session key and the second user The second session key that terminal generates, determines third session key;
First user terminal receives encrypted second session key that the second user terminal is sent, second meeting Words key is that the second user terminal generates, and encrypted second session key is that the second user terminal uses What first user terminal obtained after the public key in the block chain network encrypts second session key;
First user terminal uses private key of first user terminal in the block chain network, after the encryption The second session key be decrypted, obtain second session key;
First user terminal generates third session key according to first session key and second session key;
First user terminal is communicated according to the third session key with the second user terminal.
7. a kind of first user terminal characterized by comprising
Memory;
Processor;
Communication interface;And
Computer program;
Wherein, the computer program stores in the memory, and is configured as executing following operation by the processor:
It is requested by the communication interface in block chain network broadcast query, the inquiry request includes the domain of second user terminal Name block chain identifies or domain name, and the block chain account book stored in the accounting nodes includes the domain name area of the second user terminal Block chain mark or domain name, the IP address of the second user terminal, the second user terminal are in the block chain network The title for the application program that public key, the second user terminal are supported and the service port number of the application program;
The IP of the second user terminal of the transmission of the accounting nodes in the block chain network is received by the communication interface The application journey that public key in the block chain network of address, the second user terminal, the second user terminal are supported The service port number of the title of sequence and the application program;
The title for the application program supported according to the IP address of the second user terminal, the second user terminal and described The service port number of application program establishes connection with the second user terminal;
The second session that the first session key generated according to first user terminal and/or the second user terminal generate Key is communicated with the second user terminal.
8. the first user terminal according to claim 7, which is characterized in that the processor is whole according to first user The second session key for holding the first session key generated and/or the second user terminal to generate and the second user terminal When being communicated, it is specifically used for:
Generate the first session key;
First session key is encrypted according to public key of the second user terminal in the block chain network;
Encrypted first session key is sent to the second user terminal by the communication interface, so that described Second user terminal is using private key of the second user terminal in the block chain network to described encrypted described the One session key is decrypted, and obtains first session key;
It is communicated according to first session key with the second user terminal.
9. the first user terminal according to claim 8, which is characterized in that the processor is also used to:
During first user terminal is communicated according to first session key with the second user terminal, The first session key after receiving the second user terminal modifications by the communication interface;
It is communicated according to modified first session key with the second user terminal;
Or
During first user terminal is communicated according to first session key with the second user terminal, Modify first session key;
Modified first session key is sent to the second user terminal by the communication interface, so that described the Two user terminals are communicated according to modified first session key with first user terminal.
10. the first user terminal according to claim 7, which is characterized in that the processor is according to first user The second session key and the second user that the first session key and/or the second user terminal that terminal generates generate are whole When end is communicated, it is specifically used for:
Encrypted second session key that the second user terminal is sent, second meeting are received by the communication interface Words key is that the second user terminal generates, and encrypted second session key is that the second user terminal uses What first user terminal obtained after the public key in the block chain network encrypts second session key;
Using private key of first user terminal in the block chain network, to encrypted second session key into Row decryption, obtains second session key;
It is communicated according to second session key with the second user terminal.
11. the first user terminal according to claim 10, which is characterized in that the processor is also used to:
During first user terminal is communicated according to second session key with the second user terminal, The second session key after receiving the second user terminal modifications by the communication interface;
It is communicated according to modified second session key with the second user terminal;
Or
During first user terminal is communicated according to second session key with the second user terminal, Modify second session key;
Modified second session key is sent to the second user terminal by the communication interface, so that described the Two user terminals are communicated according to modified second session key with first user terminal.
12. the first user terminal according to claim 7, which is characterized in that the processor is according to first user The second session key and the second user that the first session key and/or the second user terminal that terminal generates generate are whole When end is communicated, it is specifically used for:
Generate the first session key;
First session key is encrypted according to public key of the second user terminal in the block chain network;
Encrypted first session key is sent to the second user terminal by the communication interface, so that described Second user terminal is using private key of the second user terminal in the block chain network to described encrypted described the One session key is decrypted, and obtains first session key, and according to first session key and the second user The second session key that terminal generates, determines third session key;
Encrypted second session key that the second user terminal is sent, second meeting are received by the communication interface Words key is that the second user terminal generates, and encrypted second session key is that the second user terminal uses What first user terminal obtained after the public key in the block chain network encrypts second session key;
Using private key of first user terminal in the block chain network, to encrypted second session key into Row decryption, obtains second session key;
According to first session key and second session key, third session key is generated;
It is communicated according to the third session key with the second user terminal.
13. a kind of computer readable storage medium, is stored thereon with computer program, which is characterized in that the computer program As the method according to claim 1 to 6 is realized when being executed by processor.
CN201910310731.9A 2019-04-17 2019-04-17 Communication means, equipment and the computer readable storage medium of dialogue-based key Pending CN110035083A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910310731.9A CN110035083A (en) 2019-04-17 2019-04-17 Communication means, equipment and the computer readable storage medium of dialogue-based key

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910310731.9A CN110035083A (en) 2019-04-17 2019-04-17 Communication means, equipment and the computer readable storage medium of dialogue-based key

Publications (1)

Publication Number Publication Date
CN110035083A true CN110035083A (en) 2019-07-19

Family

ID=67238788

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910310731.9A Pending CN110035083A (en) 2019-04-17 2019-04-17 Communication means, equipment and the computer readable storage medium of dialogue-based key

Country Status (1)

Country Link
CN (1) CN110035083A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112689016A (en) * 2020-12-25 2021-04-20 杭州复杂美科技有限公司 Intelligent device control method, device and storage medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105337969A (en) * 2015-10-19 2016-02-17 朱建龙 Safety communication method between two mobile terminals
CN107613041A (en) * 2017-09-22 2018-01-19 中国互联网络信息中心 DNS management system, domain name management method and domain name analytic method based on block chain
CN108366137A (en) * 2018-05-28 2018-08-03 北京奇虎科技有限公司 The method and root DNS that domain name is handled based on block chain
US10177909B1 (en) * 2017-09-26 2019-01-08 Cloudflare, Inc. Managing private key access in multiple nodes

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105337969A (en) * 2015-10-19 2016-02-17 朱建龙 Safety communication method between two mobile terminals
CN107613041A (en) * 2017-09-22 2018-01-19 中国互联网络信息中心 DNS management system, domain name management method and domain name analytic method based on block chain
US10177909B1 (en) * 2017-09-26 2019-01-08 Cloudflare, Inc. Managing private key access in multiple nodes
CN108366137A (en) * 2018-05-28 2018-08-03 北京奇虎科技有限公司 The method and root DNS that domain name is handled based on block chain

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112689016A (en) * 2020-12-25 2021-04-20 杭州复杂美科技有限公司 Intelligent device control method, device and storage medium
CN112689016B (en) * 2020-12-25 2022-06-28 杭州复杂美科技有限公司 Intelligent device control method, device and storage medium

Similar Documents

Publication Publication Date Title
CN105553951B (en) Data transmission method and device
CN100592731C (en) Lawful interception of end-to-end encrypted data traffic
JP5496907B2 (en) Key management for secure communication
US9065642B2 (en) Intercepting key sessions
JP4981072B2 (en) Method and system for decryptable and searchable encryption
US8200959B2 (en) Verifying cryptographic identity during media session initialization
CN102160357B (en) Key management in communication network
EP3364595A1 (en) Key configuration method and key management center, and network element
EP2767029B1 (en) Secure communication
CN103534975A (en) Discovery of security associations for key management relying on public keys
CN107094156B (en) Secure communication method and system based on P2P mode
CN112425136A (en) Internet of things security using multi-party computing (MPC)
CN103986723B (en) A kind of secret communication control, secret communication method and device
CN107196919B (en) Data matching method and device
WO2010124482A1 (en) Method and system for implementing secure forking calling session in ip multi-media subsystem
CN107196918B (en) Data matching method and device
CN103997405B (en) A kind of key generation method and device
CN102281303A (en) Data exchange method
CN110138558A (en) Transmission method, equipment and the computer readable storage medium of session key
CN101273571B (en) Implementing method for field-crossing multi-network packet network cryptographic key negotiation safety strategy
Du et al. {UCBlocker}: Unwanted call blocking using anonymous authentication
CN110035083A (en) Communication means, equipment and the computer readable storage medium of dialogue-based key
CN110048842A (en) Session key processing method, equipment and computer readable storage medium
CN107395552A (en) A kind of data transmission method and device
CN110176994A (en) Session cipher key distributing method, equipment and storage medium based on alliance's block chain

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WD01 Invention patent application deemed withdrawn after publication
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20190719