CN113541934A - Encryption communication method and system and electronic equipment - Google Patents
Encryption communication method and system and electronic equipment Download PDFInfo
- Publication number
- CN113541934A CN113541934A CN202110542055.5A CN202110542055A CN113541934A CN 113541934 A CN113541934 A CN 113541934A CN 202110542055 A CN202110542055 A CN 202110542055A CN 113541934 A CN113541934 A CN 113541934A
- Authority
- CN
- China
- Prior art keywords
- key
- server
- communication
- keys
- receiving terminal
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 230000006854 communication Effects 0.000 title claims abstract description 225
- 238000004891 communication Methods 0.000 title claims abstract description 223
- 238000000034 method Methods 0.000 title claims abstract description 70
- 230000000977 initiatory effect Effects 0.000 claims abstract description 92
- 230000005540 biological transmission Effects 0.000 claims abstract description 86
- 230000004044 response Effects 0.000 claims description 17
- 238000010586 diagram Methods 0.000 description 20
- 230000003993 interaction Effects 0.000 description 8
- 230000015572 biosynthetic process Effects 0.000 description 5
- 230000008569 process Effects 0.000 description 5
- 238000003786 synthesis reaction Methods 0.000 description 5
- 230000008878 coupling Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 238000012545 processing Methods 0.000 description 3
- 230000009286 beneficial effect Effects 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 238000013478 data encryption standard Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/083—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0894—Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
Abstract
The application discloses an encryption communication method, an encryption communication system and electronic equipment, wherein the encryption communication method comprises the following steps: the key server responds to the key applications of the initiating terminal and the receiving terminal, respectively generates keys of the terminals, respectively sends the keys to the terminals to which the keys belong, and associates and stores the keys and the identifications of each terminal in a key database; the initiating terminal sends the transmission data encrypted by the key to the communication server, the communication server uses the identification of the initiating terminal to inquire the corresponding key in the key database, decrypts the encrypted data, uses the receiving terminal identification to inquire the obtained corresponding key in the key database, encrypts the transmission data again, and sends the transmission data to the receiving terminal, so that the receiving terminal can decrypt the encrypted data by the own key to obtain the transmission data. The method and the device can reduce the possibility of secret key leakage and improve the security of encrypted communication.
Description
Technical Field
The present application relates to the field of communications technologies, and in particular, to an encrypted communication method and system, and an electronic device.
Background
With the rapid development of internet technology, communication by using terminal devices is becoming the mainstream way for people to communicate. However, the communication security problem is also receiving more and more attention, and because the events such as property loss and privacy exposure caused by the communication security problem such as information leakage occur at some time, it is necessary to encrypt the data during the communication process to ensure the security of the transmitted data.
At present, in the existing encryption communication process, two communication parties need to exchange keys in advance, and the problems of key leakage and the like can occur in the exchange process, so that potential safety hazards are generated for encryption communication. In view of the above, how to improve the security of encrypted communication is an urgent problem to be solved.
Disclosure of Invention
The technical problem mainly solved by the application is to provide an encryption communication method and system and an electronic device, which can improve the security of encryption communication.
In order to solve the above technical problem, a first aspect of the present application provides an encrypted communication method, including: the key server responds to key applications of a plurality of terminals, respectively generates keys of the terminals, respectively sends the keys to the terminals to which the keys belong, associates the keys and the identifications of the terminals and stores the keys and the identifications in a key database; the plurality of terminals comprise an initiating terminal and a receiving terminal of a communication session, keys comprise a first key of the initiating terminal and a second key of the receiving terminal, in the communication session process, the initiating terminal sends first encrypted data obtained by encrypting transmission data through the first key to a communication server, the communication server decrypts the first encrypted data to obtain the transmission data through the first key obtained by inquiring in a key database based on a first identifier, encrypts the transmission data again to obtain second encrypted data through the second key obtained by inquiring in the key database based on a second identifier of the receiving terminal, and sends the second encrypted data to the receiving terminal, so that the receiving terminal decrypts the second encrypted data through the second key to obtain the transmission data.
In order to solve the above technical problem, a second aspect of the present application provides an encrypted communication method, including: the method comprises the steps that an initiating terminal sends a key application to a key server and receives a first key generated by the key server in response to the application, wherein the key server is used for responding to the key application of a plurality of terminals and respectively generating keys of the terminals and distributing the keys to the terminals, the key server is also used for respectively associating and storing the keys and identifications of the terminals into a key database, the terminals comprise the initiating terminal and the receiving terminal, and the keys comprise the first key and a second key of the receiving terminal; the communication server decrypts the first encrypted data to obtain transmission data by using a first key obtained by inquiring in a key database based on a first identifier of the initiating terminal, re-encrypts the transmission data to obtain second encrypted data by using a second key obtained by inquiring in the key database based on a second identifier of the receiving terminal, and sends the second encrypted data to the receiving terminal, so that the receiving terminal decrypts the second encrypted data by using the second key to obtain the transmission data.
In order to solve the above technical problem, a third aspect of the present application provides an encrypted communication method, including: the communication server receives first encrypted data from an initiating terminal, wherein the first encrypted data is obtained by the initiating terminal through encrypting transmission data by using a first secret key, the first secret key is generated by a secret key server, the secret key server is used for responding to secret key applications of a plurality of terminals to respectively generate secret keys of the plurality of terminals and respectively sending the secret keys to the terminals to which the secret keys belong, the secret key server is also used for respectively associating the secret keys and identifications of the plurality of terminals and storing the secret keys and the identifications in a secret key database, the plurality of terminals comprise the initiating terminal and a receiving terminal, and the secret keys comprise the first secret key and a second secret key of the receiving terminal; decrypting the first encrypted data to obtain transmission data by using a first key obtained by inquiring in a key database based on a first identifier of the initiating terminal; acquiring a second key by utilizing a second identifier based on the receiving terminal, inquiring in a key database, and encrypting the transmission data again to acquire second encrypted data; and sending the second encrypted data to the receiving terminal, wherein the receiving terminal decrypts the second encrypted data by using the second key to obtain the transmission data.
In order to solve the above technical problem, a fourth aspect of the present application provides an encryption communication method, including: the receiving terminal sends a key application to the key server, and receives a second key generated by the key server in response to the key application, wherein the key server is used for respectively generating keys of a plurality of terminals in response to the key applications of the plurality of terminals, and respectively sending the keys to the terminals to which the keys belong, and the key server is also used for respectively associating and storing the keys and the identifiers of the plurality of terminals in a key database, the plurality of terminals comprise an initiating terminal and a receiving terminal, and the keys comprise a first key and a second key of the terminals; receiving second encrypted data from the communication server, and decrypting the second encrypted data by using a second key to obtain transmission data; the communication server utilizes the first key obtained by inquiring in the key database based on the first identifier of the initiating terminal to decrypt the first encrypted data to obtain the transmission data, and utilizes the second key obtained by inquiring in the key database based on the second identifier of the receiving terminal to encrypt the transmission data again to obtain the second encrypted data.
In order to solve the above technical problem, a fifth aspect of the present application provides an electronic device, which includes a memory, a communication circuit, and a processor, wherein the memory and the communication circuit are coupled to the processor, and the processor is configured to execute program instructions stored in the memory to implement the encryption communication method of any one of the above aspects.
In order to solve the above technical problem, a sixth aspect of the present invention provides an encryption communication system, including: an originating terminal, a receiving terminal, a key server, and a communication server, the key server being configured to execute the encrypted communication method in the first aspect, the originating terminal being configured to execute the encrypted communication method in the second aspect, the communication server being configured to execute the encrypted communication method in the third aspect, and the receiving terminal being configured to execute the encrypted communication method in the fourth aspect.
Different from the situation of the prior art, in the above scheme, before a formal communication session, an initiating terminal and a receiving terminal of the communication session both initiate a key application to a key server to obtain a first key and a second key, respectively, and the key server stores the first key and a first identifier of the initiating terminal in a key database in an associated manner, and stores the second key and a second identifier of the receiving terminal in a associated manner in the key database, that is, in a key application stage, both parties of communication only obtain keys of their own terminals, while in the formal communication session, the initiating terminal sends first encrypted data obtained by encrypting transmission data with the first key to the communication server, the communication server decrypts the first encrypted data to obtain transmission data by using the first key obtained by querying the key database based on the first identifier of the initiating terminal, and queries the obtained second key in the key database based on the second identifier of the receiving terminal, the transmission data is encrypted again to obtain second encrypted data, and the second encrypted data is sent to the receiving terminal, so that the receiving terminal decrypts the second encrypted data by using a second secret key to obtain the transmission data, namely in a communication session stage, only the communication server inquires the secret keys of two communication parties in a secret key database, the two communication parties do not need to exchange the secret keys with each other, and the transmission data is encrypted data in the communication session process.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present application, the drawings needed to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present application, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts. Wherein:
FIG. 1 is a schematic flow chart diagram illustrating an embodiment of an encrypted communication method according to the present application;
FIG. 2 is an interaction diagram of an embodiment of the encrypted communication method of the present application;
FIG. 3 is an interaction diagram of another embodiment of the encrypted communication method of the present application;
FIG. 4 is a schematic flow chart diagram of another embodiment of the encrypted communication method of the present application;
FIG. 5 is a schematic flow chart diagram of another embodiment of the encrypted communication method of the present application;
FIG. 6 is a schematic flow chart diagram illustrating a further embodiment of the encrypted communication method of the present application;
FIG. 7 is a timing diagram illustrating an embodiment of the encrypted communication method of the present application;
FIG. 8 is a block diagram of an embodiment of an electronic device of the present application;
FIG. 9 is an architecture diagram of an embodiment of the present encryption communication system;
FIG. 10 is a block diagram of an embodiment of a computer-readable storage medium of the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
In the embodiment of the application, before a formal communication session, an initiating terminal and a receiving terminal of the communication session both initiate key application to a key server to obtain a first key and a second key respectively, the key server stores the first key and a first identifier of the initiating terminal in a key database in an associated manner, and stores the second key and a second identifier of the receiving terminal in the associated manner in the key database, namely, in the key application stage, two communication parties only obtain keys of respective local terminals, while in the formal communication session, the initiating terminal sends first encrypted data obtained by encrypting transmission data through the first key to the communication server, the communication server utilizes the first key obtained by inquiring in the key database based on the first identifier of the initiating terminal to decrypt the first encrypted data to obtain the transmission data, and utilizes a second key obtained by inquiring in the key database based on the second identifier of the receiving terminal, the transmission data is encrypted again to obtain second encrypted data, and the second encrypted data is sent to the receiving terminal, so that the receiving terminal decrypts the second encrypted data by using a second secret key to obtain the transmission data, namely in a communication session stage, only the communication server inquires the secret keys of two communication parties in a secret key database, the two communication parties do not need to exchange the secret keys with each other, and the transmission data is encrypted data in the communication session process.
The technical solution of the encryption communication method of the present application will be described in detail with reference to the following four aspects and specific embodiments.
In a first aspect:
referring to fig. 1, fig. 1 is a schematic flowchart illustrating an embodiment of an encryption communication method according to the present application, which specifically includes:
step S11: and the key server responds to the key applications of the plurality of terminals, respectively generates keys of the plurality of terminals and respectively sends the keys to the terminals to which the keys belong.
In an implementation scenario, in order to ensure security of key distribution, a secure communication manner may be adopted when the key server interacts with a plurality of terminals, and the secure communication manner may include, but is not limited to: SSL (Secure Sockets Layer), TLS (Transport Layer Security), SSH (Secure Shell), HTTPS (Hyper Text Transfer Protocol over Secure Socket Layer), ipsec (internet Protocol Security), and the like, without limitation.
In one implementation scenario, the key server may generate the key using any one of component synthesis and random number generation. The specific implementation manners of component synthesis and random number generation may refer to the relevant technical details of the two, which are not described herein.
In an implementation scenario, the keys of different terminals may be the same or different, and are not limited herein. For example, the plurality of terminals may include a terminal a and a terminal B, and the key of the terminal a and the key of the terminal B may be the same or different.
Step S12: the key server associates and stores the key and the identification of each terminal in a key database.
In one implementation scenario, in order to ensure the security of key transmission, the key server and the key database may be connected through a private line communication; or, the key server and the key database may be in the same intranet, and the key server may open a specified communication port, so that the plurality of terminals access the key server through the specified communication port.
In one implementation scenario, the identification of the terminal may include: at least one of an IP (Internet Protocol Address), a Mac (Media Access Control) Address, and an MEI code, and the key server associates and stores the identifier and the key of each terminal in the key database.
Referring to fig. 2 and fig. 3, fig. 2 is an interaction diagram of an embodiment of an encryption communication method of the present application, and fig. 3 is an interaction diagram of another embodiment of the encryption communication method of the present application. As shown in fig. 2, during one communication session, the terminal may include an initiating terminal and a receiving terminal, and as described above, the initiating terminal and the receiving terminal may respectively send a key application to the key server, and the key server may respectively generate a first key and a second key in response to the key application of the initiating terminal and the key application of the receiving terminal, and respectively distribute the first key and the second key to the initiating terminal and the receiving terminal, and associate and store the first key and a first identifier of the initiating terminal to the key database, and associate and store the second key and a second identifier of the receiving terminal to the key database. With reference to fig. 3, in the communication session, the initiating terminal sends first encrypted data obtained by encrypting the transmission data with the first key to the communication server, and the communication server decrypts the first encrypted data with the first key obtained by querying in the key database based on the first identifier of the initiating terminal to obtain transmission data, and encrypts the transmission data again with the second key obtained by querying in the key database based on the second identifier of the receiving terminal to obtain second encrypted data, and sends the second encrypted data to the receiving terminal, so that the receiving terminal decrypts the second encrypted data with the second key to obtain the transmission data.
According to the scheme, on one hand, the possibility of key leakage can be reduced because the two communication parties do not need to exchange keys with each other in the whole course, and on the other hand, the possibility of data leakage can be reduced because the encrypted data is transmitted in the whole course of communication, so that the safety of encrypted communication can be improved.
In a second aspect:
referring to fig. 4, fig. 4 is a flowchart illustrating an encryption communication method according to another embodiment of the present application. Specifically, the embodiments of the present disclosure may include:
step S41: the initiating terminal sends a key application to the key server and receives a first key generated by the key server in response to the key application.
In one implementation scenario, the initiating terminal may initiate a key application to the key server via secure communication. The secure communication method may specifically refer to the related description in the foregoing disclosed embodiments, and is not described herein again.
In an implementation scenario, the key server may generate the key by using any one of component synthesis and random number generation, which is not limited herein. The specific implementation manners of component synthesis and random number generation may refer to the relevant technical details of the two, which are not described herein.
In one implementation scenario, the initiating terminal may send a key application to the key server based on initiating a new communication session. For example, the initiating terminal a initiates a new communication session with the receiving terminal C during the communication with the receiving terminal B, in which case the initiating terminal a may send a key application to the key server to obtain the key used for the communication session with the receiving terminal C, so that different communication sessions may use different keys for encrypted communication, which is beneficial to further ensure the security of encrypted communication.
In another implementation scenario, the initiating terminal may also send a key application to the key server based on the communication state currently in disconnection with the communication server. For example, after the communication session with the receiving terminal B is ended, the initiating terminal a is disconnected from the communication server, and when data needs to be retransmitted to the receiving terminal B (or another terminal), the initiating terminal a may retransmit a key application to the key server to obtain a new key, so that the initiating terminal a retransmits the key after logging out of the communication server, which may be beneficial to further improving the security of encrypted communication.
In yet another implementation scenario, the initiating terminal may also send a key request to the key server based on the existing first key exceeding the validity period (i.e., the first key expires). The valid period may be set according to actual application requirements, for example, the valid period may be set to one hour, one day, one week, etc., and is not limited herein. Therefore, the validity period is set for the key, so that the key is applied to the key server again under the condition that the key exceeds the validity period, the situation that a stolen party repeatedly eavesdrops on the communication session by using the stolen key under the condition that the key is leaked can be avoided, and the improvement of the security of encrypted communication can be facilitated.
Step S42: the initiating terminal encrypts the transmission data by using the first key to obtain first encrypted data and sends the first encrypted data to the communication server.
In one implementation scenario, the key algorithm for the initiating terminal to encrypt the transmission data with the first key includes, but is not limited to: des (Data Encryption Standard) Algorithm, 3des (triple des) Algorithm, IDEA (International Data Encryption Algorithm), DSA (Digital Signature Algorithm) Digital Signature Algorithm, DSS (Digital Signature Standard) Algorithm, AES (Advanced Encryption Standard), and the like, without limitation.
Referring to fig. 2 and fig. 3, fig. 2 is an interaction diagram of an embodiment of an encryption communication method of the present application, and fig. 3 is an interaction diagram of another embodiment of the encryption communication method of the present application. As shown in fig. 2, during one communication session, the terminal may include an initiating terminal and a receiving terminal, and as described above, the initiating terminal and the receiving terminal may respectively send a key application to the key server, and the key server may respectively generate a first key and a second key in response to the key application of the initiating terminal and the key application of the receiving terminal, and respectively distribute the first key and the second key to the initiating terminal and the receiving terminal, and associate and store the first key and a first identifier of the initiating terminal to the key database, and associate and store the second key and a second identifier of the receiving terminal to the key database. With reference to fig. 3, in the communication session, the initiating terminal sends first encrypted data obtained by encrypting the transmission data with the first key to the communication server, and the communication server decrypts the first encrypted data with the first key obtained by querying in the key database based on the first identifier of the initiating terminal to obtain transmission data, and encrypts the transmission data again with the second key obtained by querying in the key database based on the second identifier of the receiving terminal to obtain second encrypted data, and sends the second encrypted data to the receiving terminal, so that the receiving terminal decrypts the second encrypted data with the second key to obtain the transmission data.
According to the scheme, on one hand, the possibility of key leakage can be reduced because the two communication parties do not need to exchange keys with each other in the whole course, and on the other hand, the possibility of data leakage can be reduced because the encrypted data is transmitted in the whole course of communication, so that the safety of encrypted communication can be improved.
In a third aspect:
referring to fig. 5, fig. 5 is a flowchart illustrating an encryption communication method according to another embodiment of the present application. Specifically, the embodiments of the present disclosure may include:
step S51: the communication server receives first encrypted data from the originating terminal.
In the embodiment of the disclosure, the first encrypted data is obtained by the initiating terminal encrypting the transmission data by using the first key, and the first key is generated by the key server, the key server is configured to respectively generate keys of the plurality of terminals in response to key applications of the plurality of terminals, and respectively send the keys to the terminals to which the keys belong, and the key server is further configured to respectively associate and store the keys and the identifiers of the plurality of terminals in the key database, the plurality of terminals may include the initiating terminal and the receiving terminal, and the keys include the first key and the second key of the receiving terminal. Specifically, reference may be made to the embodiments disclosed in the first aspect and the second aspect, which are not described herein again.
Step S52: the communication server utilizes the first identification of the initiating terminal to inquire the first key in the key database, and decrypts the first encrypted data to obtain the transmission data.
In one implementation scenario, to ensure the security of the key, the communication server and the key database may be communicatively connected via a private line.
In one implementation scenario, the communication server may query the key database using the first identifier of the initiating terminal to obtain a first key associated with the first identifier, and decrypt the first encrypted data using the first key to obtain the transmission data. For example, the key database has stored therein: the key a01 and identity a02 of terminal a, the key B01 and identity B02 of terminal B and the key C01 and identity C02 of terminal C, the communication server may use the first identity a02 of the originating terminal to query the key database for the first key associated with the first identity a02, i.e. key a 01. Other cases may be analogized, and no one example is given here.
Step S53: and the communication server uses a second key obtained by inquiring in the key database based on the second identifier of the receiving terminal to encrypt the transmission data again to obtain second encrypted data.
In an implementation scenario, the communication server may parse the transmission data to obtain a second identifier of the receiving terminal, and on this basis, the communication server may query, in the key database, to obtain a second key associated with the second identifier by using the second identifier, and encrypt the transmission data again by using the second key to obtain second encrypted data. For example, the key database has stored therein: the communication server can analyze the transmission data to obtain a second identifier B02 of the receiving terminal, and query the key database to obtain a second key associated with the second identifier B02, namely a key B01, on the basis of the key a01 and the identifier a02 of the terminal a, the key B01 and the identifier B02 of the terminal B, and the key C01 and the identifier C02 of the terminal C, and can encrypt the transmission data again by using a key B01 to obtain second encrypted data. Other cases may be analogized, and no one example is given here.
Step S54: and sending the second encrypted data to the receiving terminal.
Referring to fig. 2 and fig. 3, fig. 2 is an interaction diagram of an embodiment of an encryption communication method of the present application, and fig. 3 is an interaction diagram of another embodiment of the encryption communication method of the present application. As shown in fig. 2, during one communication session, the terminal may include an initiating terminal and a receiving terminal, and as described above, the initiating terminal and the receiving terminal may respectively send a key application to the key server, and the key server may respectively generate a first key and a second key in response to the key application of the initiating terminal and the key application of the receiving terminal, and respectively distribute the first key and the second key to the initiating terminal and the receiving terminal, and associate and store the first key and a first identifier of the initiating terminal to the key database, and associate and store the second key and a second identifier of the receiving terminal to the key database. With reference to fig. 3, in the communication session, the initiating terminal sends first encrypted data obtained by encrypting the transmission data with the first key to the communication server, and the communication server decrypts the first encrypted data with the first key obtained by querying in the key database based on the first identifier of the initiating terminal to obtain transmission data, and encrypts the transmission data again with the second key obtained by querying in the key database based on the second identifier of the receiving terminal to obtain second encrypted data, and sends the second encrypted data to the receiving terminal, so that the receiving terminal decrypts the second encrypted data with the second key to obtain the transmission data.
According to the scheme, on one hand, the possibility of key leakage can be reduced because the two communication parties do not need to exchange keys with each other in the whole course, and on the other hand, the possibility of data leakage can be reduced because the encrypted data is transmitted in the whole course of communication, so that the safety of encrypted communication can be improved.
In a fourth aspect:
referring to fig. 6, fig. 6 is a flowchart illustrating an encrypted communication method according to an embodiment of the present application. Specifically, the embodiments of the present disclosure may include:
step S61: the receiving terminal sends a key application to the key server and receives a second key generated by the key server in response to the key application.
In the embodiment of the disclosure, the key server is configured to generate keys of the plurality of terminals respectively in response to key applications of the plurality of terminals, and send the keys to the terminals to which the keys belong respectively, and the key server is further configured to associate and store the keys and the identifiers of the plurality of terminals in the key database respectively, where the plurality of terminals include an initiating terminal and a receiving terminal, and the keys include a first key of the initiating terminal and a second key of the receiving terminal. Specifically, reference may be made to the embodiments disclosed in the first aspect, the second aspect, and the third aspect, which are not described herein again.
In an implementation scenario, in order to ensure security of key distribution, a secure communication mode may be adopted when the key server interacts with the plurality of terminals, and the secure communication mode may specifically refer to relevant descriptions in the foregoing disclosed embodiments, and is not described herein again.
In one implementation scenario, the key server may generate the key using any one of component synthesis and random number generation. Reference may be made to the related description in the foregoing embodiments, which are not repeated herein.
Step S62: and the receiving terminal receives the second encrypted data from the communication server and decrypts the second encrypted data by using the second key to obtain the transmission data.
In the embodiment of the present disclosure, the initiating terminal sends, to the communication server, first encrypted data obtained by encrypting the transmission data with a first key, and the communication server decrypts the first encrypted data with the first key obtained by querying in the key database based on the first identifier of the initiating terminal to obtain the transmission data, and re-encrypts the transmission data with a second key obtained by querying in the key database based on the second identifier of the receiving terminal to obtain second encrypted data. Specifically, reference may be made to the embodiments disclosed in the second aspect and the third aspect, which are not described herein again.
According to the scheme, on one hand, the possibility of key leakage can be reduced because the two communication parties do not need to exchange keys with each other in the whole course, and on the other hand, the possibility of data leakage can be reduced because the encrypted data is transmitted in the whole course of communication, so that the safety of encrypted communication can be improved.
Referring to fig. 7, fig. 7 is a timing diagram illustrating an embodiment of an encryption communication method according to the present application. It should be noted that the embodiments of the present disclosure and the foregoing embodiments may be specifically applied to a building intercom scene, where the initiating terminal may specifically include a unit entrance machine, and the receiving terminal may include an indoor machine. Specifically, the embodiments of the present disclosure may include the following steps:
step S701: the initiating terminal sends a key application to the key server.
In one implementation scenario, taking a building talk-back scenario as an example, the unit doorway machine may send a key application to the key server before formally conducting a communication session with the indoor machine. It should be noted that, the key server and the communication server may be both disposed in the property management center, and are not limited herein.
Step S702: the receiving terminal sends a key application to the key server.
In one implementation scenario, still taking the building talk-back scenario as an example, the indoor unit may send a key request to the key server before the response unit door phone performs a communication session, similar to the above.
Step S703: the key server generates a first key in response to a key application by the originating terminal and returns the first key to the originating terminal.
In one implementation scenario, still taking the building intercom scenario as an example, the key server in the property management center may generate the first key in response to the key application from the unit door phone and return the first key to the unit door phone.
Step S704: the key server generates a second key in response to a key application of the receiving terminal and returns the second key to the receiving terminal.
In one implementation scenario, still taking the building talk-back scenario as an example, the key server in the property management center may generate the second key in response to the key application of the indoor unit, and return the second key to the indoor unit.
Step S705: the key server associates and stores the first key and the first identifier of the initiating terminal in a key database, and associates and stores the second key and the second identifier of the receiving terminal in the key database.
Step S706: the initiating terminal encrypts the transmission data by using the first key to obtain first encrypted data.
In an implementation scenario, still taking a building talk-back scenario as an example, the unit doorphone may encrypt the transmission data by using the first key to obtain the first encrypted data. It should be noted that the transmission data may include, but is not limited to: video data, audio data, etc., without limitation.
Step S707: the originating terminal transmits the first encrypted data to the communication server.
In one implementation scenario, still exemplified as a building talk-back scenario, the unit doorphone may transmit the first encrypted data to a communication server within the property management center.
Step S708: the communication server queries the first key in the key database based on the first identifier.
Step S709: the communication server decrypts the first encrypted data by using the first key to obtain the transmission data.
Step S710: the communication server queries the key database for a second key based on the second identifier.
Step S711: and the communication server encrypts the transmission data again by using the second key to obtain second encrypted data.
Step S712: the communication server transmits the second encrypted data to the receiving terminal.
In one implementation scenario, still taking the building talk-back scenario as an example, a communication server within the property management center may transmit the second encrypted data to the indoor unit.
Step S713: and the receiving terminal decrypts the second encrypted data by using the second key to obtain the transmission data.
In an implementation scenario, still taking a building intercom scenario as an example, the indoor unit decrypts the second encrypted data by using the second key to obtain the transmission data, so as to implement session communication between the unit entrance machine and the indoor unit.
According to the scheme, on one hand, the possibility of key leakage can be reduced because the two communication parties do not need to exchange keys with each other in the whole course, and on the other hand, the possibility of data leakage can be reduced because the encrypted data is transmitted in the whole course of communication, so that the safety of encrypted communication can be improved.
Referring to fig. 8, fig. 8 is a block diagram of an electronic device 800 according to an embodiment of the disclosure. Specifically, the encryption communication method may include a memory 801, a communication circuit 802 and a processor 803, where the memory 801 and the communication circuit 802 are coupled to the processor 803, and the processor 803 is configured to execute program instructions stored in the memory 801 to implement, in combination with the communication circuit 802, the steps in the foregoing first aspect encryption communication method embodiment or implement the steps in the foregoing second aspect encryption communication method embodiment; or implementing the steps in the embodiment of the encrypted communication method of the third aspect; or implementing the steps in the fourth aspect encrypted communication method embodiment described above. That is to say, in this embodiment of the present disclosure, the electronic device 800 may be a key server in the foregoing first aspect encrypted communication method embodiment, may also be an initiating terminal in the foregoing second aspect encrypted communication method embodiment, may also be a communication server in the foregoing third aspect encrypted communication method embodiment, and may also be a receiving terminal in the foregoing fourth aspect encrypted communication method embodiment.
In the embodiment of the present disclosure, the processor 803 is used to control the memory 801, the communication circuit 802 and itself to implement the steps in any of the above embodiments of the encryption communication method. The processor 803 may also be referred to as a CPU (Central Processing Unit). The processor 803 may be an integrated circuit chip having signal processing capabilities. The Processor 803 may also be a general purpose Processor, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), a Field Programmable Gate Array (FPGA) or other Programmable logic device, discrete Gate or transistor logic, discrete hardware components. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like. In addition, the processor 803 may be collectively implemented by a plurality of circuit-forming chips.
According to the scheme, on one hand, the possibility of key leakage can be reduced because the two communication parties do not need to exchange keys with each other in the whole course, and on the other hand, the possibility of data leakage can be reduced because the encrypted data is transmitted in the whole course of communication, so that the safety of encrypted communication can be improved.
Referring to fig. 9, fig. 9 is an architecture diagram of an embodiment of an encryption communication system 900 according to the present application. The encrypted communication system 900 includes: an originating terminal 901, a receiving terminal 902, a key server 903 and a communication server 904.
In the embodiment of the present disclosure, the key server 903 is configured to implement any step in the above first aspect, the initiating terminal 901 implements any step in the above second aspect, the communication server 904 implements any step in the above third aspect, and the receiving terminal 902 implements any step in the above fourth aspect.
Specifically, the key server 903 responds to the key applications of the initiating terminal 901 and the receiving terminal 902 to generate keys of the terminals respectively, sends the keys to the terminals to which the keys belong respectively, and associates and stores the key and the identifier of each terminal in a key database; the initiating terminal sends the transmission data encrypted by the key to the communication server 904, the communication server 904 queries a corresponding key in the key database by using the identifier of the initiating terminal 901, decrypts the encrypted data, and encrypts the transmission data again by using a corresponding key obtained by querying the identifier of the receiving terminal 902 in the key database, so that the receiving terminal 902 decrypts the encrypted data by using the own key to obtain the transmission data.
According to the scheme, on one hand, the possibility of key leakage can be reduced because the two communication parties do not need to exchange keys with each other in the whole course, and on the other hand, the possibility of data leakage can be reduced because the encrypted data is transmitted in the whole course of communication, so that the safety of encrypted communication can be improved.
Referring to fig. 10, fig. 10 is a block diagram illustrating an embodiment of a computer-readable storage medium 1000 according to the present application. In particular, the computer readable storage medium 1000 stores program instructions 1010 capable of being executed by a processor, the program instructions 1010 being for implementing the steps in any of the above-described aspects of the encrypted communication method embodiments.
According to the scheme, on one hand, the possibility of key leakage can be reduced because the two communication parties do not need to exchange keys with each other in the whole course, and on the other hand, the possibility of data leakage can be reduced because the encrypted data is transmitted in the whole course of communication, so that the safety of encrypted communication can be improved.
In the several embodiments provided in the present application, it should be understood that the disclosed method and apparatus may be implemented in other ways. For example, the above-described apparatus embodiments are merely illustrative, and for example, a division of a module or a unit is merely a logical division, and an actual implementation may have another division, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.
Units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the embodiment.
In addition, functional units in the embodiments of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit.
The integrated unit, if implemented in the form of a software functional unit and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present application may be substantially implemented or contributed to by the prior art, or all or part of the technical solution may be embodied in a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, a network device, or the like) or a processor (processor) to execute all or part of the steps of the method according to the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
The above description is only for the purpose of illustrating embodiments of the present application and is not intended to limit the scope of the present application, and all modifications of equivalent structures and equivalent processes, which are made by the contents of the specification and the drawings of the present application or are directly or indirectly applied to other related technical fields, are also included in the scope of the present application.
Claims (10)
1. An encrypted communication method, comprising:
the key server responds to key applications of a plurality of terminals, respectively generates keys of the terminals, respectively sends the keys to the terminals to which the keys belong, associates the keys and the identifiers of the terminals and stores the keys and the identifiers in a key database;
wherein the plurality of terminals includes an originating terminal and a receiving terminal of a communication session, the keys including a first key of the originating terminal and a second key of the receiving terminal, during the communication session, the originating terminal sends first encrypted data obtained by encrypting transmission data with the first key to a communication server, the communication server decrypts the first encrypted data to obtain the transmission data by using a first key obtained by querying the key database based on the first identifier of the initiating terminal, and re-encrypts the transmission data to obtain second encrypted data using a second key obtained by searching in the key database based on a second identifier of the receiving terminal, and transmits the second encrypted data to the receiving terminal, so that the receiving terminal decrypts the second encrypted data by using the second key to obtain the transmission data.
2. The method according to claim 1, wherein the key is stored in a memory of the terminal;
and/or the key server is in communication connection with the key database through a private line;
and/or the key server and the terminal communicate through a secure communication protocol;
and/or the key server and the key database communicate through a secure communication protocol.
3. An encrypted communication method, comprising:
the method comprises the steps that an initiating terminal sends a key application to a key server and receives a first key generated by the key server in response to the key application; the key server is used for responding to key applications of a plurality of terminals to respectively generate keys of the plurality of terminals and respectively sending the keys to the terminals to which the keys belong, and is also used for respectively associating and storing the keys and identifications of the plurality of terminals into a key database, wherein the plurality of terminals comprise the initiating terminal and the receiving terminal, and the keys comprise the first key and the second key of the receiving terminal;
encrypting the transmission data by using the first key to obtain first encrypted data, and sending the first encrypted data to a communication server;
the communication server decrypts the first encrypted data by using a first key obtained by querying in the key database based on the first identifier of the initiating terminal to obtain the transmission data, re-encrypts the transmission data by using a second key obtained by querying in the key database based on the second identifier of the receiving terminal to obtain second encrypted data, and sends the second encrypted data to the receiving terminal, so that the receiving terminal decrypts the second encrypted data by using the second key to obtain the transmission data.
4. The method of claim 3, wherein the initiating terminal sends a key application to a key server, comprising any one of:
the initiating terminal sends the key application to the key server based on initiating a new communication session;
the initiating terminal sends the key application to the key server based on the communication state disconnected with the communication server at present;
and the initiating terminal sends the key application to the key server based on the fact that the first key exceeds the valid period.
5. An encrypted communication method, comprising:
the communication server receives first encrypted data from the initiating terminal; the first encrypted data is obtained by encrypting transmission data by the initiating terminal through a first key, the first key is generated by a key server, the key server is used for responding to key applications of a plurality of terminals to respectively generate keys of the plurality of terminals and respectively send the keys to the terminals to which the keys belong, the key server is also used for respectively associating and storing the keys and identifications of the plurality of terminals in a key database, the plurality of terminals comprise the initiating terminal and the receiving terminal, and the keys comprise the first key and a second key of the receiving terminal;
decrypting the first encrypted data to obtain the transmission data by using a first key obtained by inquiring in the key database based on the first identifier of the initiating terminal;
encrypting the transmission data again by using a second key obtained by inquiring in the key database based on the second identifier of the receiving terminal to obtain second encrypted data;
sending the second encrypted data to the receiving terminal; and the receiving terminal decrypts the second encrypted data by using the second key to obtain the transmission data.
6. The method of claim 5, wherein decrypting the first encrypted data to obtain the transmission data using a first key obtained by querying the key database based on the first identifier of the originating terminal comprises:
inquiring in the key database by using the first identifier of the initiating terminal to obtain a first key associated with the first identifier, and decrypting the first encrypted data by using the first key to obtain the transmission data;
the re-encrypting the transmission data by using a second key obtained by querying the key database based on the second identifier of the receiving terminal to obtain second encrypted data includes:
analyzing the transmission data to obtain a second identifier of the receiving terminal;
and inquiring in the key database by using the second identifier of the receiving terminal to obtain a second key associated with the second identifier, and encrypting the transmission data again by using the second key to obtain second encrypted data.
7. The method of claim 5, wherein the communication server is communicatively coupled to the key database via a private line;
and/or the communication server and the key database communicate through a secure communication protocol.
8. An encrypted communication method, comprising:
the method comprises the steps that a receiving terminal sends a key application to a key server and receives a second key generated by the key server in response to the key application; the key server is used for responding to key applications of a plurality of terminals to respectively generate keys of the terminals and respectively send the keys to the terminals to which the keys belong, and is also used for respectively associating and storing the keys and identifications of the terminals in a key database, wherein the terminals comprise an initiating terminal and a receiving terminal, and the keys comprise a first key and a second key of the initiating terminal;
receiving second encrypted data from a communication server, and decrypting the second encrypted data by using the second key to obtain transmission data;
the initiating terminal sends first encrypted data obtained by encrypting the transmission data through the first secret key to a communication server, the communication server utilizes the first secret key obtained by inquiring in the secret key database based on the first identification of the initiating terminal to decrypt the first encrypted data to obtain the transmission data, and utilizes a second secret key obtained by inquiring in the secret key database based on the second identification of the receiving terminal to re-encrypt the transmission data to obtain the second encrypted data.
9. An electronic device comprising a memory, a communication circuit, and a processor, the memory and the communication circuit coupled to the processor, the processor configured to execute program instructions stored in the memory to implement the encrypted communication method of any one of claims 1 to 8.
10. An encrypted communication system, comprising: an originating terminal for performing the encrypted communication method of any one of claims 1 to 2, a receiving terminal for performing the encrypted communication method of any one of claims 3 to 4, a key server for performing the encrypted communication method of any one of claims 5 to 7, and a communication server for performing the encrypted communication method of claim 8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110542055.5A CN113541934A (en) | 2021-05-18 | 2021-05-18 | Encryption communication method and system and electronic equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110542055.5A CN113541934A (en) | 2021-05-18 | 2021-05-18 | Encryption communication method and system and electronic equipment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113541934A true CN113541934A (en) | 2021-10-22 |
Family
ID=78094673
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110542055.5A Pending CN113541934A (en) | 2021-05-18 | 2021-05-18 | Encryption communication method and system and electronic equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113541934A (en) |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101309281A (en) * | 2008-07-22 | 2008-11-19 | 中国电信股份有限公司 | End-to-end speech ciphering method, apparatus and system |
| EP2224668A1 (en) * | 2009-02-27 | 2010-09-01 | Research In Motion Limited | System and method for enabling encrypted voice communications between an external device and telephony devices associated with an enterprise network |
| CN104038930A (en) * | 2013-03-04 | 2014-09-10 | 北京信威通信技术股份有限公司 | End-to-center IP data packet encryption method |
| CN106935242A (en) * | 2015-12-30 | 2017-07-07 | 北京明朝万达科技股份有限公司 | A kind of voice communication encryption system and method |
| CN106941492A (en) * | 2017-03-30 | 2017-07-11 | 南京瑞合新信息技术有限公司 | Data safe transmission method between multiple cloud service nodes |
| CN110266480A (en) * | 2019-06-13 | 2019-09-20 | 腾讯科技(深圳)有限公司 | Data transmission method, device and storage medium |
| CN110650121A (en) * | 2019-08-28 | 2020-01-03 | 深圳市天道日新科技有限公司 | Stream media data security system based on distributed system |
-
2021
- 2021-05-18 CN CN202110542055.5A patent/CN113541934A/en active Pending
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101309281A (en) * | 2008-07-22 | 2008-11-19 | 中国电信股份有限公司 | End-to-end speech ciphering method, apparatus and system |
| EP2224668A1 (en) * | 2009-02-27 | 2010-09-01 | Research In Motion Limited | System and method for enabling encrypted voice communications between an external device and telephony devices associated with an enterprise network |
| CN104038930A (en) * | 2013-03-04 | 2014-09-10 | 北京信威通信技术股份有限公司 | End-to-center IP data packet encryption method |
| CN106935242A (en) * | 2015-12-30 | 2017-07-07 | 北京明朝万达科技股份有限公司 | A kind of voice communication encryption system and method |
| CN106941492A (en) * | 2017-03-30 | 2017-07-11 | 南京瑞合新信息技术有限公司 | Data safe transmission method between multiple cloud service nodes |
| CN110266480A (en) * | 2019-06-13 | 2019-09-20 | 腾讯科技(深圳)有限公司 | Data transmission method, device and storage medium |
| CN110650121A (en) * | 2019-08-28 | 2020-01-03 | 深圳市天道日新科技有限公司 | Stream media data security system based on distributed system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11909870B2 (en) | ECDHE key exchange for mutual authentication using a key server | |
| DE69433771T2 (en) | Method and device for confidentiality and authentication in a mobile wireless network | |
| US20030081774A1 (en) | Method and apparatus for dynamic generation of symmetric encryption keys and exchange of dynamic symmetric key infrastructure | |
| CN111756529B (en) | Quantum session key distribution method and system | |
| CN102088441B (en) | Data encryption transmission method and system for message-oriented middleware | |
| CN106411926A (en) | Data encryption communication method and system | |
| US10015144B2 (en) | Method and system for protecting data using data passports | |
| CN111756528B (en) | Quantum session key distribution method, device and communication architecture | |
| CN115632779B (en) | Quantum encryption communication method and system based on power distribution network | |
| WO2023160420A1 (en) | Group message encryption method and apparatus, device and storage medium | |
| CN109981271B (en) | Network multimedia safety protection encryption method | |
| CN110808834A (en) | Quantum key distribution method and quantum key distribution system | |
| CN110635894B (en) | Quantum key output method and system based on frame protocol format | |
| KR100789354B1 (en) | Method and apparatus for mataining data security on network camera, home gateway and home automation | |
| CN113541934A (en) | Encryption communication method and system and electronic equipment | |
| CN114765546B (en) | End-to-end hard encryption method, system, encryption equipment and key management server | |
| CN112019553B (en) | Data sharing method based on IBE/IBBE | |
| CN111698192B (en) | Method for monitoring transaction system, transaction device, monitoring device and system | |
| CN113472539A (en) | Method for carrying out national encryption by using RDMA R _ Key | |
| KR20230039722A (en) | Pre-shared key PSK update method and device | |
| CN113452514A (en) | Key distribution method, device and system | |
| WO2008004174A2 (en) | Establishing a secure authenticated channel | |
| WO2021109998A1 (en) | Media content transmission method and apparatus, and storage medium | |
| US11528132B2 (en) | Transmission of secure information in a content distribution network | |
| US20220069982A1 (en) | Caching encrypted content in an oblivious content distribution network, and system, compter-readable medium, and terminal for the same |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |