CN114258018B - Key management method, device, computer equipment and storage medium - Google Patents
Key management method, device, computer equipment and storage medium Download PDFInfo
- Publication number
- CN114258018B CN114258018B CN202111342556.5A CN202111342556A CN114258018B CN 114258018 B CN114258018 B CN 114258018B CN 202111342556 A CN202111342556 A CN 202111342556A CN 114258018 B CN114258018 B CN 114258018B
- Authority
- CN
- China
- Prior art keywords
- server
- public
- node
- key
- private key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000007726 management method Methods 0.000 title abstract description 44
- 238000004422 calculation algorithm Methods 0.000 claims abstract description 93
- 239000006185 dispersion Substances 0.000 claims abstract description 75
- 238000000034 method Methods 0.000 claims abstract description 28
- 238000004590 computer program Methods 0.000 claims description 37
- 230000006870 function Effects 0.000 claims description 18
- 230000001172 regenerating effect Effects 0.000 claims description 8
- 238000004891 communication Methods 0.000 description 6
- 238000010586 diagram Methods 0.000 description 5
- 230000005540 biological transmission Effects 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 3
- 238000012545 processing Methods 0.000 description 3
- 230000008859 change Effects 0.000 description 2
- 238000013500 data storage Methods 0.000 description 2
- 230000008569 process Effects 0.000 description 2
- 230000003068 static effect Effects 0.000 description 2
- OKTJSMMVPCPJKN-UHFFFAOYSA-N Carbon Chemical compound [C] OKTJSMMVPCPJKN-UHFFFAOYSA-N 0.000 description 1
- 241000700605 Viruses Species 0.000 description 1
- 238000004458 analytical method Methods 0.000 description 1
- 230000015572 biosynthetic process Effects 0.000 description 1
- 230000001413 cellular effect Effects 0.000 description 1
- 230000007613 environmental effect Effects 0.000 description 1
- 229910021389 graphene Inorganic materials 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000007493 shaping process Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
- H04W12/043—Key management, e.g. using generic bootstrapping architecture [GBA] using a trusted network node as an anchor
- H04W12/0433—Key management protocols
Abstract
The application relates to a key management method, a device, a computer device and a storage medium. The method comprises the following steps: judging an encryption mode adopted by a wireless network where a server is located; if the wireless network where the server is located adopts a symmetric encryption algorithm, generating a symmetric key of each node connected with the server through a first cipher machine corresponding to the server, and storing the generated symmetric key in a first cipher pool of the first cipher machine based on a first key dispersion algorithm; if the wireless network where the server is located adopts an asymmetric encryption algorithm, generating a public-private key pair of each node connected with the server through a second cipher machine corresponding to the server, and storing the generated public-private key pair in a second cipher pool of the second cipher machine based on a second key dispersion algorithm. The key management system adapting to the diversified wireless network is designed, unified management can be realized for keys generated by using different encryption and decryption algorithms, and the cost of key storage is reduced by a key dispersion algorithm.
Description
Technical Field
The present application relates to the field of wireless network password security, and in particular, to a key management method, apparatus, computer device, storage medium, and computer program product.
Background
Wireless networks refer to any traveling radio computer network, commonly combined with telecommunications networks, that can be interlinked between nodes without the need for cables. Wireless networks have wide application in many fields such as military, environmental monitoring and forecasting, medical treatment, intelligent home, intelligent transportation, internet of things, etc., however, due to the adoption of wireless channel transmission technology, the network and the nodes are easy to be attacked such as eavesdropping, active intrusion, damage and interference, etc., and network data security is particularly important. In the field of wireless network security, since management of keys involves security of data transmission, management of keys is very important. Thus, there is an urgent need for a key management method.
Disclosure of Invention
Based on this, it is necessary to provide a secure and reliable key management method, apparatus, computer device, storage medium and computer program product in view of the above-mentioned needs.
In a first aspect, the present application provides a key management method. The method comprises the following steps:
Judging an encryption mode adopted by a wireless network where a server is located;
if the wireless network where the server is located adopts a symmetric encryption algorithm, generating a symmetric key of each node connected with the server through a first cipher machine corresponding to the server, and storing the generated symmetric key in a first cipher pool of the first cipher machine based on a first key dispersion algorithm;
if the wireless network where the server is located adopts an asymmetric encryption algorithm, generating a public-private key pair of each node connected with the server through a second cipher machine corresponding to the server, and storing the generated public-private key pair in a second cipher pool of the second cipher machine based on a second key dispersion algorithm.
In one embodiment, before determining the encryption mode adopted by the wireless network where the server is located, the method further includes:
generating a unique identifier corresponding to each node connected with the server, and sending the unique identifier corresponding to each node to a first cipher machine or a second cipher machine corresponding to the server; the unique identification is used to instruct the first cryptographic machine or the second cryptographic machine to assign a key to the corresponding node.
In one embodiment, the generating, by the second crypto-engine corresponding to the server, the public-private key pair of each node connected to the server includes:
Randomly selecting a point on an elliptic curve as a base point, wherein the elliptic curve is a curve meeting an asymmetric encryption algorithm;
and generating a public-private key pair of each node based on the second cipher machine according to the base point and the elliptic curve, wherein the public key in the public-private key pair is determined by the base point and the private key in the public-private key pair.
In one embodiment, the nodes connected with the server comprise a relay node and a terminal node; accordingly, storing the generated public-private key pair in a second cryptographic pool of a second cryptographic machine based on a second key-dispersing algorithm, comprising:
acquiring a dispersion function and a dispersion factor of a second key dispersion algorithm;
for each terminal node subordinate to the relay node, taking a public-private key pair of the relay node as a father key of each terminal node, dispersing the public-private key pair of each terminal node based on a dispersion function and a dispersion factor, and determining a hash factor corresponding to the public-private key pair of each terminal node;
in a second cryptographic pool of the second cryptographic machine, the parent key of each terminal node and the corresponding hash factor are stored.
In one embodiment, the nodes connected with the server comprise a relay node and a terminal node; correspondingly, generating a public-private key pair of each node connected with the server through a second cipher machine corresponding to the server, including:
For each terminal node subordinate to the relay node, after the public-private key pair of the relay node is generated, the public-private key pair of the relay node is used as the public-private key pair of each terminal node.
In one embodiment, the method further comprises:
for the current moment, acquiring the total time length of the first cipher machine from the generation of the symmetric key to the current moment;
if the total duration is greater than the preset updating duration, regenerating the symmetric key of each node connected with the server through the first cipher machine corresponding to the server.
In a second aspect, the present application further provides a key management apparatus. The device comprises:
judging an encryption mode adopted by a wireless network where a server is located;
if the wireless network where the server is located adopts a symmetric encryption algorithm, generating a symmetric key of each node connected with the server through a first cipher machine corresponding to the server, and storing the generated symmetric key in a first cipher pool of the first cipher machine based on a first key dispersion algorithm;
if the wireless network where the server is located adopts an asymmetric encryption algorithm, generating a public-private key pair of each node connected with the server through a second cipher machine corresponding to the server, and storing the generated public-private key pair in a second cipher pool of the second cipher machine based on a second key dispersion algorithm.
In a third aspect, the present application also provides a computer device. The device comprises a memory and a processor, wherein the memory stores a computer program, and the processor realizes the following steps when executing the computer program:
judging an encryption mode adopted by a wireless network where a server is located;
if the wireless network where the server is located adopts a symmetric encryption algorithm, generating a symmetric key of each node connected with the server through a first cipher machine corresponding to the server, and storing the generated symmetric key in a first cipher pool of the first cipher machine based on a first key dispersion algorithm;
if the wireless network where the server is located adopts an asymmetric encryption algorithm, generating a public-private key pair of each node connected with the server through a second cipher machine corresponding to the server, and storing the generated public-private key pair in a second cipher pool of the second cipher machine based on a second key dispersion algorithm.
In a fourth aspect, the present application also provides a computer-readable storage medium. The computer readable storage medium having stored thereon a computer program which when executed by a processor performs the steps of:
judging an encryption mode adopted by a wireless network where a server is located;
If the wireless network where the server is located adopts a symmetric encryption algorithm, generating a symmetric key of each node connected with the server through a first cipher machine corresponding to the server, and storing the generated symmetric key in a first cipher pool of the first cipher machine based on a first key dispersion algorithm;
if the wireless network where the server is located adopts an asymmetric encryption algorithm, generating a public-private key pair of each node connected with the server through a second cipher machine corresponding to the server, and storing the generated public-private key pair in a second cipher pool of the second cipher machine based on a second key dispersion algorithm.
In a fifth aspect, the present application also provides a computer program product. The computer program product comprises a computer program which, when executed by a processor, implements the steps of:
judging an encryption mode adopted by a wireless network where a server is located;
if the wireless network where the server is located adopts a symmetric encryption algorithm, generating a symmetric key of each node connected with the server through a first cipher machine corresponding to the server, and storing the generated symmetric key in a first cipher pool of the first cipher machine based on a first key dispersion algorithm;
If the wireless network where the server is located adopts an asymmetric encryption algorithm, generating a public-private key pair of each node connected with the server through a second cipher machine corresponding to the server, and storing the generated public-private key pair in a second cipher pool of the second cipher machine based on a second key dispersion algorithm.
The key management method, the device, the computer equipment, the storage medium and the computer program product judge the encryption mode adopted by the wireless network where the server is located; if the wireless network where the server is located adopts a symmetric encryption algorithm, generating a symmetric key of each node connected with the server through a first cipher machine corresponding to the server, and storing the generated symmetric key in a first cipher pool of the first cipher machine based on a first key dispersion algorithm; if the wireless network where the server is located adopts an asymmetric encryption algorithm, generating a public-private key pair of each node connected with the server through a second cipher machine corresponding to the server, and storing the generated public-private key pair in a second cipher pool of the second cipher machine based on a second key dispersion algorithm. The key management system adapting to the diversified wireless network is designed, unified management can be realized on keys generated by different encryption and decryption algorithms used in different fields or by different users, and the cost of key storage is reduced through a key dispersion algorithm.
Drawings
FIG. 1 is a diagram of an application environment for a key management method in one embodiment;
FIG. 2 is a flow diagram of a key management method in one embodiment;
FIG. 3 is a flow chart of a key management method according to another embodiment;
FIG. 4 is a flow chart of a key distribution step in another embodiment;
FIG. 5 is a flow chart of a key management method in yet another embodiment;
FIG. 6 is a block diagram of a key management device in one embodiment;
fig. 7 is an internal structural diagram of a computer device in one embodiment.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more apparent, the present application will be further described in detail with reference to the accompanying drawings and examples. It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the present application.
It will be understood that the terms "first," "second," and the like, as used herein, may be used to describe various terms, but are not limited by these terms unless otherwise specified. These terms are only used to distinguish one term from another. For example, the third and fourth preset thresholds may be the same or different without departing from the scope of the present application.
The key management method provided by the embodiment of the application can be applied to an application environment shown in fig. 1. Wherein the terminal 102 communicates with the server 104 via a network. The data storage system may store data that the server 104 needs to process. The data storage system may be integrated on the server 104 or may be located on a cloud or other network server. The terminal 102 may be, but is not limited to, various smartphones, tablet computers, and portable wearable devices, which may be smartwatches, smartbracelets, and the like. The server 104 may be implemented as a stand-alone server or as a server cluster of multiple servers.
In one embodiment, as shown in fig. 2, a key management method is provided, the method comprising the steps of:
step 201, judging an encryption mode adopted by a wireless network where a server is located;
step 202, if a symmetric encryption algorithm is adopted in the wireless network where the server is located, generating a symmetric key of each node connected with the server through a first cipher machine corresponding to the server, and storing the generated symmetric key in a first cipher pool of the first cipher machine based on a first key dispersion algorithm;
In step 203, if the wireless network where the server is located adopts an asymmetric encryption algorithm, a public-private key pair of each node connected with the server is generated through a second cryptographic machine corresponding to the server, and the generated public-private key pair is stored in a second cryptographic pool of the second cryptographic machine based on a second key distribution algorithm.
In step 201, a Wireless network (english: wireless network) refers to any type of radio computer network, which is commonly combined with a telecommunication network, and is capable of being linked between nodes without cables, and a Wireless channel transmission technology is adopted between a server and the nodes. The topology of the wireless network is varied, and for ease of understanding, all embodiments in this scenario are illustrated by way of example in a tree topology. The network provider may provide a plurality of servers at the same time, and in a tree network structure starting from one server, the encryption modes between the server and all nodes are identical, and the encryption modes are set in advance by the network provider and are set in the attribute list of the server.
In step 202 and step 203, the cryptographic machine is a special device for encrypting and decrypting information in real time and authenticating the information by using a password. The first cipher machine is one network cipher machine, and is one multifunctional safety and secret gateway integrating data encryption, fireproof wall, worm virus preventing, traffic shaping and other functions and capable of providing network data enciphering and deciphering service. Typically, a server is equipped with a cryptographic engine that generates a key for communication before the server communicates with the connected nodes. The first cryptographic machine and the second cryptographic machine may be the same or different, and when the first cryptographic machine and the second cryptographic machine are the same, the first cryptographic machine and the second cryptographic machine satisfy a cryptographic machine that can be used for both symmetric encryption and asymmetric encryption.
Specifically, the attribute list or detailed information of the server is obtained, and the encryption mode of the wireless network where the server is located is obtained by extracting the key words. If a symmetric encryption algorithm is adopted, a key or a subkey is generated for each node through a first cipher machine, the subkey is obtained by dividing an originally generated longer key into a plurality of subkeys according to the length of a required key when the length of the key generated by the first cipher machine is too long, and then the plurality of subkeys are distributed to a plurality of nodes. When the tree network topology structure of the server is longer, the same symmetric key can be generated as a shared key for the terminal node subordinate to one relay node in order to avoid the great cost of generating and storing a large number of keys, when the key is stored in the first cipher pool, the shared key is only needed to be stored, and after the relay node is disconnected with one terminal node or is connected with one new terminal node, the server is requested to regenerate the shared key.
In the key management method, the encryption mode adopted by the wireless network where the server is located is judged; if the wireless network where the server is located adopts a symmetric encryption algorithm, generating a symmetric key of each node connected with the server through a first cipher machine corresponding to the server, and storing the generated symmetric key in a first cipher pool of the first cipher machine based on a first key dispersion algorithm; if the wireless network where the server is located adopts an asymmetric encryption algorithm, generating a public-private key pair of each node connected with the server through a second cipher machine corresponding to the server, and storing the generated public-private key pair in a second cipher pool of the second cipher machine based on a second key dispersion algorithm. The key management system adapting to the diversified wireless network is designed, unified management can be realized on keys generated by different encryption and decryption algorithms used in different fields or by different users, and the cost of key storage is reduced through a key dispersion algorithm.
In combination with the foregoing embodiment, in one embodiment, before determining an encryption manner adopted by the wireless network where the server is located, the method further includes:
generating a unique identifier corresponding to each node connected with the server, and sending the unique identifier corresponding to each node to a first cipher machine or a second cipher machine corresponding to the server; the unique identification is used to instruct the first cryptographic machine or the second cryptographic machine to assign a key to the corresponding node.
Note that the node ID, which is the identification of the node, is generated with the formation of the node, and is unique, and is therefore referred to as a unique identification in this embodiment. In the communication between the entire node and the server or between the nodes, the unique identifier is used to distinguish each node, and when the first cryptographic machine or the second cryptographic machine generates a key for each node, each node is also distinguished according to the unique identifier. In one embodiment, when the key is stored inside the crypto-engine, a database may be created in which the key of each node corresponds to its unique identifier one to one.
The above key management method, before determining an encryption mode adopted by a wireless network where a server is located, further includes: generating a unique identifier corresponding to each node connected with the server, and sending the unique identifier corresponding to each node to a first cipher machine or a second cipher machine corresponding to the server; the unique identification is used to instruct the first cryptographic machine or the second cryptographic machine to assign a key to the corresponding node. And generating a unique identifier, and finishing key management of each subsequent node through the unique identifier, so that the method is convenient and efficient.
In combination with the foregoing embodiments, in one embodiment, as shown in fig. 3, the generating, by using a second cryptographic machine corresponding to the server, a public-private key pair of each node connected to the server includes:
step 301, randomly selecting a point on an elliptic curve as a base point, wherein the elliptic curve is a curve meeting an asymmetric encryption algorithm;
and step 302, generating a public-private key pair of each node based on the second cipher machine according to the base point and the elliptic curve, wherein the public key of the public-private key pair is determined by the base point and the private key of the public-private key pair.
Wherein, the elliptic curve mentioned in step 301 refers to a discrete elliptic curve used in ECC (Elliptic Curve Cryptography, elliptic curve encryption), and may be expressed as:
T=(p,a,b,G,n,h)
wherein p, a, b are parameters for determining an elliptic curve, p is prime number, (mod p) operation) G is base point, n is order of point G, and h is integer part of quotient of dividing number m of all points on elliptic curve by n. There is a multiplication rule on elliptic curves over one finite field Fp, namely:
Q=kG
wherein Q, k and G are points on an elliptic curve, and the encryption mechanism of elliptic curve encryption is based on the following steps: knowing G and kG on elliptic curves is very difficult, whereas knowing k and G is very easy. G is taken as a base point, k is taken as a private key, and Q is taken as a public key.
Specifically, the second crypto-machine generates a corresponding public-private key pair for each node by using a base point and a private key which are randomly generated, wherein the private key can be randomly selected, or can be determined according to a received input instruction and manually selected.
In the key management method, a point on an elliptic curve is randomly selected as a base point, wherein the elliptic curve is a curve meeting an asymmetric encryption algorithm; and generating a public-private key pair of each node based on the second cipher machine according to the base point and the elliptic curve, wherein the public key of the public-private key pair is determined by the base point and the private key of the public-private key pair. According to the elliptic asymmetric encryption method, a key with higher safety coefficient is generated, when the relay node is provided, the key with higher safety coefficient can reduce the generation of the terminal node key, and the memory can be saved during storage.
In combination with the foregoing embodiments, in one embodiment, as shown in fig. 4, the nodes connected to the server include a relay node and a terminal node; accordingly, storing the generated public-private key pair in a second cryptographic pool of a second cryptographic machine based on a second key-dispersing algorithm, comprising:
Step 401, obtaining a dispersion function and a dispersion factor of a second key dispersion algorithm;
step 402, for each terminal node subordinate to the relay node, taking the public-private key pair of the relay node as a father key of each terminal node, dispersing the public-private key pair of each terminal node based on a dispersion function and a dispersion factor, and determining a hash factor corresponding to the public-private key pair of each terminal node;
step 403, storing the father key and the corresponding hash factor of each terminal node in the second cryptographic pool of the second cryptographic machine.
The key calculation algorithm in step 401 is abbreviated as diffify, which refers to that a double-length (a length key is 8 bytes) Master Key (MK) is used to perform a decentralized processing on data to derive a double-length DES encryption key (DK). Hash factor (ZF): an integer less than T, and a ZF value range of the initial value j to an upper limit T, wherein T=2L < -1 >.
Specifically, in this embodiment, a dispersion method capable of calculating a dispersion key pair SK (d, P) by using only a parent key pair MK (d, P) and a dispersion factor is adopted, specifically, a key pair of a terminal node is taken as a parent key, a private key of the parent key pair is taken as a key, a hash factor zf=0, and a dispersion function operation is performed on a known dispersion factor to obtain a child key; then, hash operation Hash () is carried out according to the sub-key SK added with a Hash factor ZF to obtain an intermediate key; calculating to obtain a private key d according to modulo operation mod () of the base point steps n of the intermediate keys ZK and G; and finally, calculating to obtain a public key P according to the base point G and the private key d. The obtained scattered key pair SK (d, P) is the key pair of each node, and when the scattered key pair SK (d, P) is stored, only the father key and the hash factor used for obtaining the key pair of each node are needed to be stored.
In the key management method, a dispersion function and a dispersion factor of the second key dispersion algorithm are obtained; for each terminal node subordinate to the relay node, taking a public-private key pair of the relay node as a father key of each terminal node, dispersing the public-private key pair of each terminal node based on the dispersion function and the dispersion factor, and determining a hash factor corresponding to the public-private key pair of each terminal node; in a second cryptographic pool of the second cryptographic machine, the parent key of each terminal node and the corresponding hash factor are stored. The key to be stored is dispersed through a preset key dispersing algorithm, so that the cost of key storage can be greatly reduced.
In combination with the foregoing embodiments, in one embodiment, the nodes connected to the server include a relay node and a terminal node; correspondingly, generating a public-private key pair of each node connected with the server through a second cipher machine corresponding to the server, including:
for each terminal node subordinate to the relay node, after the public-private key pair of the relay node is generated, the public-private key pair of the relay node is used as the public-private key pair of each terminal node.
In the attribute topology of the wireless network, the longer the structure is, the more corresponding terminal nodes are, and when the key is stored, if public and private key pairs of each terminal node are stored, a large amount of memory is required to be consumed, so that for the terminal nodes belonging to one relay node, only the public and private key pairs of the relay node need to be stored, and in a small range centered on the relay node, the relay node and all the terminal nodes share one key.
In the key management method, the nodes connected with the server comprise a relay node and a terminal node; correspondingly, generating a public-private key pair of each node connected with the server through a second cipher machine corresponding to the server, including: for each terminal node subordinate to the relay node, after the public-private key pair of the relay node is generated, the public-private key pair of the relay node is used as the public-private key pair of each terminal node. By sharing the key between nodes within a certain range, the memory required to store the key is reduced.
In combination with the foregoing embodiments, in one embodiment, as shown in fig. 5, the method further includes:
step 501, for the current time, acquiring the total time length of the first cipher machine from the generation of the symmetric key to the current time;
step 502, if the total duration is greater than the preset updating duration, regenerating the symmetric key of each node connected with the server through the first crypto-engine corresponding to the server.
The "total time period that the first crypto-engine passes from the time when the symmetric key is generated to the current time" in step 501 refers to a period of updating a set key after the first crypto-engine completes the key generation operation of all nodes once. The "current time" refers to a time-adding point acquired in real time for calculating the total time length. When the key use period reaches the preset updating duration, the server sends a key updating message to the relay node, the relay node sends the key updating message to the terminal node, and the password opportunity corresponding to the server generates new keys for all the nodes again.
In addition, in the aspect of key management, the method also comprises the steps that the relay node stores a node unique identification list corresponding to the terminal node connected with the relay node, if a certain terminal node needs to be deleted, the node unique identification list is updated, the updated node unique identification list is encrypted through the shared key and then sent to other terminal nodes, and the shared key is renegotiated among the terminal nodes; if the terminal nodes are required to be added, generating node unique identifiers and corresponding public and private key pairs for the terminal nodes through a server, updating a node unique identifier list by the relay node, encrypting the updated node unique identifier list through a shared key, and then sending the encrypted node unique identifier list to the terminal nodes, wherein the shared key is renegotiated among all the terminal nodes.
In the key management method, for the current time, acquiring the total time length of the first cipher machine from the generation of the symmetric key to the current time; and if the total time length is longer than the preset updating time length, regenerating the symmetric key of each node connected with the server through the first cipher machine corresponding to the server. And updating the secret key regularly according to the preset updating time length, so that the safety of the secret key is ensured.
It should be understood that, although the steps of fig. 2, 3, 4 and 5 are shown in order as indicated by the arrows, the steps are not necessarily performed in order as indicated by the arrows. The steps are not strictly limited to the order of execution unless explicitly recited herein, and the steps may be executed in other orders. Moreover, at least a portion of the steps of fig. 2, 3, 4, and 5 may include a plurality of steps or stages, which are not necessarily performed at the same time, but may be performed at different times, and the order of execution of the steps or stages is not necessarily sequential, but may be performed in turn or alternately with at least a portion of the steps or stages of other steps or other steps.
It should be noted that, in the actual implementation process, the technical solutions described above may be implemented as independent embodiments, or may be implemented as combined embodiments by combining them. In addition, when describing the foregoing embodiments of the present invention, the different embodiments are described according to the corresponding order based on the idea of convenience for description, for example, the order of the data flow directions is not limited to the execution order of the different embodiments, and is not limited to the execution order of the steps in the embodiments. Accordingly, in an actual implementation, if multiple embodiments provided by the present invention are required to be implemented, the execution sequence provided when the embodiments are set forth according to the present invention is not necessarily required, but the execution sequence between different embodiments may be arranged according to the requirement.
In combination with the foregoing embodiments, in one embodiment, referring to fig. 6, there is provided a key management apparatus including: a judging module 601, a first management module 602, and a second management module 603, wherein:
a judging module 601, configured to judge an encryption manner adopted by a wireless network where a server is located;
the first management module 602 is configured to generate, if a symmetric encryption algorithm is adopted in the wireless network where the server is located, a symmetric key of each node connected to the server through a first cryptographic machine corresponding to the server, and store the generated symmetric key in a first cryptographic pool of the first cryptographic machine based on a first key distribution algorithm;
And the second management module 603 is configured to generate, by using a second cryptographic engine corresponding to the server, a public-private key pair of each node connected to the server if the wireless network in which the server is located adopts an asymmetric encryption algorithm, and store the generated public-private key pair in a second cryptographic pool of the second cryptographic engine based on a second key distribution algorithm.
In one embodiment, the key management apparatus further includes an identifier generating module 600:
generating a unique identifier corresponding to each node connected with the server, and sending the unique identifier corresponding to each node to a first cipher machine or a second cipher machine corresponding to the server; the unique identification is used to instruct the first cryptographic machine or the second cryptographic machine to assign a key to the corresponding node.
In one embodiment, the public-private key pair of each node connected to the server is generated by the second crypto-engine corresponding to the server, and accordingly, the second management module 602 includes:
randomly selecting a point on an elliptic curve as a base point, wherein the elliptic curve is a curve meeting an asymmetric encryption algorithm;
and generating a public-private key pair of each node based on the second cipher machine according to the base point and the elliptic curve, wherein the public key in the public-private key pair is determined by the base point and the private key in the public-private key pair.
In one embodiment, the nodes connected with the server comprise a relay node and a terminal node; accordingly, the generated public-private key pair is stored in a second cryptographic pool of a second cryptographic machine based on a second key distribution algorithm, and accordingly, the second management module 602 includes:
acquiring a dispersion function and a dispersion factor of a second key dispersion algorithm;
for each terminal node subordinate to the relay node, taking a public-private key pair of the relay node as a father key of each terminal node, dispersing the public-private key pair of each terminal node based on a dispersion function and a dispersion factor, and determining a hash factor corresponding to the public-private key pair of each terminal node;
in a second cryptographic pool of the second cryptographic machine, the parent key of each terminal node and the corresponding hash factor are stored.
In one embodiment, the nodes connected with the server comprise a relay node and a terminal node; correspondingly, a public-private key pair of each node connected by the server is generated through a second cryptographic machine corresponding to the server, and correspondingly, the second management module 602 includes:
for each terminal node subordinate to the relay node, after the public-private key pair of the relay node is generated, the public-private key pair of the relay node is used as the public-private key pair of each terminal node.
In one embodiment, the key management device further includes an update module 604:
for the current moment, acquiring the total time length of the first cipher machine from the generation of the symmetric key to the current moment;
if the total duration is greater than the preset updating duration, regenerating the symmetric key of each node connected with the server through the first cipher machine corresponding to the server.
The respective modules in the above-described key management apparatus may be implemented in whole or in part by software, hardware, and combinations thereof. The above modules may be embedded in hardware or may be independent of a processor in the computer device, or may be stored in software in a memory in the computer device, so that the processor may call and execute operations corresponding to the above modules.
In one embodiment, a computer device is provided, which may be a server, the internal structure of which may be as shown in fig. 7. The computer device includes a processor, a memory, a communication interface, a display screen, and an input device connected by a system bus. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device includes a non-volatile storage medium and an internal memory. The non-volatile storage medium stores an operating system and a computer program. The internal memory provides an environment for the operation of the operating system and computer programs in the non-volatile storage media. The communication interface of the computer device is used for carrying out wired or wireless communication with an external terminal, and the wireless mode can be realized through WIFI, a mobile cellular network, NFC (near field communication) or other technologies. The computer program is executed by a processor to implement a key management method.
It will be appreciated by those skilled in the art that the structure shown in fig. 7 is merely a block diagram of a portion of the structure associated with the present application and is not intended to limit the computer device to which the present application is applied, and that a particular computer device may include more or fewer components than shown, or may combine certain components, or have a different arrangement of components.
In one embodiment, a computer device is provided, the computer device comprising a memory and a processor, the memory having stored therein a computer program, the processor when executing the computer program performing the steps of:
judging an encryption mode adopted by a wireless network where a server is located;
if the wireless network where the server is located adopts a symmetric encryption algorithm, generating a symmetric key of each node connected with the server through a first cipher machine corresponding to the server, and storing the generated symmetric key in a first cipher pool of the first cipher machine based on a first key dispersion algorithm;
if the wireless network where the server is located adopts an asymmetric encryption algorithm, generating a public-private key pair of each node connected with the server through a second cipher machine corresponding to the server, and storing the generated public-private key pair in a second cipher pool of the second cipher machine based on a second key dispersion algorithm.
In one embodiment, the processor when executing the computer program further performs the steps of: before judging the encryption mode adopted by the wireless network where the server is located, the method further comprises the following steps:
generating a unique identifier corresponding to each node connected with the server, and sending the unique identifier corresponding to each node to a first cipher machine or a second cipher machine corresponding to the server; the unique identification is used to instruct the first cryptographic machine or the second cryptographic machine to assign a key to the corresponding node.
In one embodiment, the processor when executing the computer program further performs the steps of:
generating, by the second cryptographic engine corresponding to the server, a public-private key pair of each node connected to the server, including:
randomly selecting a point on an elliptic curve as a base point, wherein the elliptic curve is a curve meeting an asymmetric encryption algorithm;
and generating a public-private key pair of each node based on the second cipher machine according to the base point and the elliptic curve, wherein the public key in the public-private key pair is determined by the base point and the private key in the public-private key pair.
In one embodiment, the processor when executing the computer program further performs the steps of:
the nodes connected with the server comprise a relay node and a terminal node; accordingly, storing the generated public-private key pair in a second cryptographic pool of a second cryptographic machine based on a second key-dispersing algorithm, comprising:
Acquiring a dispersion function and a dispersion factor of a second key dispersion algorithm;
for each terminal node subordinate to the relay node, taking a public-private key pair of the relay node as a father key of each terminal node, dispersing the public-private key pair of each terminal node based on a dispersion function and a dispersion factor, and determining a hash factor corresponding to the public-private key pair of each terminal node;
in a second cryptographic pool of the second cryptographic machine, the parent key of each terminal node and the corresponding hash factor are stored.
In one embodiment, the processor when executing the computer program further performs the steps of:
the nodes connected with the server comprise a relay node and a terminal node; correspondingly, generating a public-private key pair of each node connected with the server through a second cipher machine corresponding to the server, including:
for each terminal node subordinate to the relay node, after the public-private key pair of the relay node is generated, the public-private key pair of the relay node is used as the public-private key pair of each terminal node.
In one embodiment, the processor when executing the computer program further performs the steps of:
for the current moment, acquiring the total time length of the first cipher machine from the generation of the symmetric key to the current moment;
If the total duration is greater than the preset updating duration, regenerating the symmetric key of each node connected with the server through the first cipher machine corresponding to the server.
In one embodiment, a computer readable storage medium is provided having a computer program stored thereon, which when executed by a processor, performs the steps of:
judging an encryption mode adopted by a wireless network where a server is located;
if the wireless network where the server is located adopts a symmetric encryption algorithm, generating a symmetric key of each node connected with the server through a first cipher machine corresponding to the server, and storing the generated symmetric key in a first cipher pool of the first cipher machine based on a first key dispersion algorithm;
if the wireless network where the server is located adopts an asymmetric encryption algorithm, generating a public-private key pair of each node connected with the server through a second cipher machine corresponding to the server, and storing the generated public-private key pair in a second cipher pool of the second cipher machine based on a second key dispersion algorithm.
In one embodiment, the computer program when executed by the processor further performs the steps of: before judging the encryption mode adopted by the wireless network where the server is located, the method further comprises the following steps:
Generating a unique identifier corresponding to each node connected with the server, and sending the unique identifier corresponding to each node to a first cipher machine or a second cipher machine corresponding to the server; the unique identification is used to instruct the first cryptographic machine or the second cryptographic machine to assign a key to the corresponding node.
In one embodiment, the computer program when executed by the processor further performs the steps of: generating, by the second cryptographic engine corresponding to the server, a public-private key pair of each node connected to the server, including:
randomly selecting a point on an elliptic curve as a base point, wherein the elliptic curve is a curve meeting an asymmetric encryption algorithm;
and generating a public-private key pair of each node based on the second cipher machine according to the base point and the elliptic curve, wherein the public key in the public-private key pair is determined by the base point and the private key in the public-private key pair.
In one embodiment, the computer program when executed by the processor further performs the steps of: the nodes connected with the server comprise a relay node and a terminal node; accordingly, storing the generated public-private key pair in a second cryptographic pool of a second cryptographic machine based on a second key-dispersing algorithm, comprising:
acquiring a dispersion function and a dispersion factor of a second key dispersion algorithm;
For each terminal node subordinate to the relay node, taking a public-private key pair of the relay node as a father key of each terminal node, dispersing the public-private key pair of each terminal node based on a dispersion function and a dispersion factor, and determining a hash factor corresponding to the public-private key pair of each terminal node;
in a second cryptographic pool of the second cryptographic machine, the parent key of each terminal node and the corresponding hash factor are stored.
In one embodiment, the computer program when executed by the processor further performs the steps of: the nodes connected with the server comprise a relay node and a terminal node; correspondingly, generating a public-private key pair of each node connected with the server through a second cipher machine corresponding to the server, including:
for each terminal node subordinate to the relay node, after the public-private key pair of the relay node is generated, the public-private key pair of the relay node is used as the public-private key pair of each terminal node.
In one embodiment, the computer program when executed by the processor further performs the steps of:
for the current moment, acquiring the total time length of the first cipher machine from the generation of the symmetric key to the current moment;
if the total duration is greater than the preset updating duration, regenerating the symmetric key of each node connected with the server through the first cipher machine corresponding to the server.
In one embodiment, a computer program product is provided comprising a computer program which, when executed by a processor, performs the steps of:
judging an encryption mode adopted by a wireless network where a server is located;
if the wireless network where the server is located adopts a symmetric encryption algorithm, generating a symmetric key of each node connected with the server through a first cipher machine corresponding to the server, and storing the generated symmetric key in a first cipher pool of the first cipher machine based on a first key dispersion algorithm;
if the wireless network where the server is located adopts an asymmetric encryption algorithm, generating a public-private key pair of each node connected with the server through a second cipher machine corresponding to the server, and storing the generated public-private key pair in a second cipher pool of the second cipher machine based on a second key dispersion algorithm.
In one embodiment, the computer program when executed by the processor further performs the steps of: before judging the encryption mode adopted by the wireless network where the server is located, the method further comprises the following steps:
generating a unique identifier corresponding to each node connected with the server, and sending the unique identifier corresponding to each node to a first cipher machine or a second cipher machine corresponding to the server; the unique identification is used to instruct the first cryptographic machine or the second cryptographic machine to assign a key to the corresponding node.
In one embodiment, the computer program when executed by the processor further performs the steps of: generating, by the second cryptographic engine corresponding to the server, a public-private key pair of each node connected to the server, including:
randomly selecting a point on an elliptic curve as a base point, wherein the elliptic curve is a curve meeting an asymmetric encryption algorithm;
and generating a public-private key pair of each node based on the second cipher machine according to the base point and the elliptic curve, wherein the public key in the public-private key pair is determined by the base point and the private key in the public-private key pair.
In one embodiment, the computer program when executed by the processor further performs the steps of: the nodes connected with the server comprise a relay node and a terminal node; accordingly, storing the generated public-private key pair in a second cryptographic pool of a second cryptographic machine based on a second key-dispersing algorithm, comprising:
acquiring a dispersion function and a dispersion factor of a second key dispersion algorithm;
for each terminal node subordinate to the relay node, taking a public-private key pair of the relay node as a father key of each terminal node, dispersing the public-private key pair of each terminal node based on a dispersion function and a dispersion factor, and determining a hash factor corresponding to the public-private key pair of each terminal node;
In a second cryptographic pool of the second cryptographic machine, the parent key of each terminal node and the corresponding hash factor are stored.
In one embodiment, the computer program when executed by the processor further performs the steps of: the nodes connected with the server comprise a relay node and a terminal node; correspondingly, generating a public-private key pair of each node connected with the server through a second cipher machine corresponding to the server, including:
for each terminal node subordinate to the relay node, after the public-private key pair of the relay node is generated, the public-private key pair of the relay node is used as the public-private key pair of each terminal node.
In one embodiment, the computer program when executed by the processor further performs the steps of:
for the current moment, acquiring the total time length of the first cipher machine from the generation of the symmetric key to the current moment;
if the total duration is greater than the preset updating duration, regenerating the symmetric key of each node connected with the server through the first cipher machine corresponding to the server.
It should be noted that, user information (including but not limited to user equipment information, user personal information, etc.) and data (including but not limited to data for analysis, stored data, presented data, etc.) referred to in the present application are information and data authorized by the user or sufficiently authorized by each party.
Those skilled in the art will appreciate that implementing all or part of the above described methods may be accomplished by way of a computer program stored on a non-transitory computer readable storage medium, which when executed, may comprise the steps of the embodiments of the methods described above. Any reference to memory, database, or other medium used in the various embodiments provided herein may include at least one of non-volatile and volatile memory. The nonvolatile Memory may include Read-Only Memory (ROM), magnetic tape, floppy disk, flash Memory, optical Memory, high density embedded nonvolatile Memory, resistive random access Memory (ReRAM), magnetic random access Memory (Magnetoresistive Random Access Memory, MRAM), ferroelectric Memory (Ferroelectric Random Access Memory, FRAM), phase change Memory (Phase Change Memory, PCM), graphene Memory, and the like. Volatile memory can include random access memory (Random Access Memory, RAM) or external cache memory, and the like. By way of illustration, and not limitation, RAM can be in the form of a variety of forms, such as static random access memory (Static Random Access Memory, SRAM) or dynamic random access memory (Dynamic Random Access Memory, DRAM), and the like. The databases referred to in the various embodiments provided herein may include at least one of relational databases and non-relational databases. The non-relational database may include, but is not limited to, a blockchain-based distributed database, and the like. The processors referred to in the embodiments provided herein may be general purpose processors, central processing units, graphics processors, digital signal processors, programmable logic units, quantum computing-based data processing logic units, etc., without being limited thereto.
The technical features of the above embodiments may be arbitrarily combined, and all possible combinations of the technical features in the above embodiments are not described for brevity of description, however, as long as there is no contradiction between the combinations of the technical features, they should be considered as the scope of the description.
The above examples only represent a few embodiments of the present application, which are described in more detail and are not to be construed as limiting the scope of the present application. It should be noted that it would be apparent to those skilled in the art that various modifications and improvements could be made without departing from the spirit of the present application, which would be within the scope of the present application. Accordingly, the scope of protection of the present application shall be subject to the appended claims.
Claims (10)
1. A method of key management, the method comprising:
judging an encryption mode adopted by a wireless network where a server is located;
if the wireless network where the server is located adopts a symmetric encryption algorithm, generating a symmetric key of each node connected with the server through a first cipher machine corresponding to the server, and storing the generated symmetric key in a first cipher pool of the first cipher machine based on a first key dispersion algorithm;
If the wireless network where the server is located adopts an asymmetric encryption algorithm, generating a public-private key pair of each node connected with the server through a second cipher machine corresponding to the server, and storing the generated public-private key pair in a second cipher pool of the second cipher machine based on a second key dispersion algorithm;
the generating, by the first crypto-engine corresponding to the server, a symmetric key of each node connected to the server includes:
determining relay nodes in all nodes connected with the server and all terminal nodes connected with each relay node;
the first cryptographic engine generates the same symmetric key for all terminal nodes connected to each relay node.
2. The method according to claim 1, wherein before the determining the encryption mode adopted by the wireless network in which the server is located, further comprises:
generating a unique identifier corresponding to each node connected with the server, and sending the unique identifier corresponding to each node to a first cipher machine or a second cipher machine corresponding to the server; the unique identification is used to instruct the first cryptographic machine or the second cryptographic machine to assign a key to a corresponding node.
3. The method according to claim 2, wherein the generating, by the second cryptographic machine corresponding to the server, the public-private key pair of each node connected to the server includes:
randomly selecting a point on an elliptic curve as a base point, wherein the elliptic curve is a curve meeting an asymmetric encryption algorithm;
and generating a public-private key pair of each node based on the second cipher machine according to the base point and the elliptic curve, wherein the public key of the public-private key pair is determined by the base point and the private key of the public-private key pair.
4. A method according to claim 3, characterized in that the nodes connected to the server comprise relay nodes and terminal nodes; accordingly, storing the generated public-private key pair in a second cryptographic pool of a second cryptographic machine based on a second key-dispersing algorithm, comprising:
acquiring a dispersion function and a dispersion factor of the second key dispersion algorithm;
for each terminal node subordinate to the relay node, taking a public-private key pair of the relay node as a father key of each terminal node, dispersing the public-private key pair of each terminal node based on the dispersion function and the dispersion factor, and determining a hash factor corresponding to the public-private key pair of each terminal node;
In a second cryptographic pool of the second cryptographic machine, the parent key of each terminal node and the corresponding hash factor are stored.
5. The method of claim 1, wherein the nodes connected to the server comprise relay nodes and terminal nodes; correspondingly, the generating, by the second crypto-engine corresponding to the server, a public-private key pair of each node connected to the server includes:
and for each terminal node subordinate to the relay node, after generating the public-private key pair of the relay node, taking the public-private key pair of the relay node as the public-private key pair of each terminal node.
6. The method according to claim 1, wherein the method further comprises:
for the current moment, acquiring the total time length of the first cipher machine from the generation of the symmetric key to the current moment;
and if the total duration is longer than the preset updating duration, regenerating the symmetric key of each node connected with the server through the first cipher machine corresponding to the server.
7. A key management apparatus, the apparatus comprising:
the judging module is used for judging an encryption mode adopted by the wireless network where the server is located;
The first management module is used for generating a symmetric key of each node connected with the server through a first cipher machine corresponding to the server if the wireless network where the server is located adopts a symmetric encryption algorithm, and storing the generated symmetric key in a first cipher pool of the first cipher machine based on a first key dispersion algorithm;
the second management module is used for generating a public-private key pair of each node connected with the server through a second cipher machine corresponding to the server if the wireless network where the server is located adopts an asymmetric encryption algorithm, and storing the generated public-private key pair in a second cipher pool of the second cipher machine based on a second key dispersion algorithm;
wherein the first management module is further configured to:
determining relay nodes in all nodes connected with the server and all terminal nodes connected with each relay node;
the first cryptographic engine generates the same symmetric key for all terminal nodes connected to each relay node.
8. The apparatus of claim 7, wherein the second management module is further configured to:
randomly selecting a point on an elliptic curve as a base point, wherein the elliptic curve is a curve meeting an asymmetric encryption algorithm;
And generating a public-private key pair of each node based on the second cipher machine according to the base point and the elliptic curve, wherein the public key of the public-private key pair is determined by the base point and the private key of the public-private key pair.
9. A computer device comprising a memory and a processor, the memory storing a computer program, characterized in that the processor implements the steps of the method of any of claims 1 to 6 when the computer program is executed.
10. A computer readable storage medium, on which a computer program is stored, characterized in that the computer program, when being executed by a processor, implements the steps of the method of any of claims 1 to 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111342556.5A CN114258018B (en) | 2021-11-12 | 2021-11-12 | Key management method, device, computer equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111342556.5A CN114258018B (en) | 2021-11-12 | 2021-11-12 | Key management method, device, computer equipment and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114258018A CN114258018A (en) | 2022-03-29 |
| CN114258018B true CN114258018B (en) | 2024-04-09 |
Family
ID=80790806
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111342556.5A Active CN114258018B (en) | 2021-11-12 | 2021-11-12 | Key management method, device, computer equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114258018B (en) |
Citations (23)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP0851335A2 (en) * | 1996-12-31 | 1998-07-01 | Compaq Computer Corporation | Secure two-piece user authentication in a computer network |
| JP2005033781A (en) * | 2003-06-18 | 2005-02-03 | Matsushita Electric Ind Co Ltd | Content reproducing apparatus, content reproducing method, and program |
| CN101146209A (en) * | 2007-09-26 | 2008-03-19 | 中兴通讯股份有限公司 | A method and system for program stream secret key encryption in mobile multi-media broadcasting service |
| KR20080046392A (en) * | 2006-11-22 | 2008-05-27 | 광주과학기술원 | Method of generating encryption key used in communication in accordance with data density in wireless sensor network, and method for data communication using above mentioned method, and system for these purpose |
| CN101232368A (en) * | 2007-01-23 | 2008-07-30 | 华为技术有限公司 | Method for distributing media stream cryptographic key and multimedia subsystem |
| CN101593389A (en) * | 2009-07-01 | 2009-12-02 | 中国建设银行股份有限公司 | A kind of key management method and system that is used for the POS terminal |
| JP2010219979A (en) * | 2009-03-18 | 2010-09-30 | Fuji Electric Holdings Co Ltd | Network system with relay server, the relay server, and program |
| EP2555466A1 (en) * | 2011-08-05 | 2013-02-06 | Selex Sistemi Integrati S.p.A. | System for distributing cryptographic keys |
| CN103580872A (en) * | 2013-11-11 | 2014-02-12 | 北京华大智宝电子系统有限公司 | System and method for generating and managing secret key |
| CN104144415A (en) * | 2014-07-10 | 2014-11-12 | 深圳市螺光科技有限公司 | Method for connecting WiFi access point and mobile communication terminal |
| CN104579964A (en) * | 2013-01-07 | 2015-04-29 | 山东量子科学技术研究院有限公司 | Dynamic route architecture system for quantum cryptography network |
| CN105162583A (en) * | 2015-07-15 | 2015-12-16 | 北京江南天安科技有限公司 | Scatter method and system for single asymmetrical secret key pair, single-stage asymmetrical secret key pair and multistage asymmetrical secret key pair |
| KR20160050912A (en) * | 2014-10-31 | 2016-05-11 | 에스케이텔레콤 주식회사 | Method for Quantum Cryptography for Network Combining Ring and Star Structure |
| CN107094078A (en) * | 2017-06-01 | 2017-08-25 | 浙江九州量子信息技术股份有限公司 | A kind of quantum key synchronization system and synchronous method based on multilevel relay |
| CN108270557A (en) * | 2016-12-30 | 2018-07-10 | 科大国盾量子技术股份有限公司 | A kind of backbone system and its trunking method based on quantum communications |
| JP2018148493A (en) * | 2017-03-08 | 2018-09-20 | 日本放送協会 | Key generator, intermediate encryption device, consignment encryption device, data retrieval device, decryption device, and programs therefor |
| CN109995514A (en) * | 2017-12-29 | 2019-07-09 | 成都零光量子科技有限公司 | A kind of safe and efficient quantum key Information Mobile Service method |
| CN110391900A (en) * | 2019-07-04 | 2019-10-29 | 晋商博创(北京)科技有限公司 | Private key processing method, terminal and cipher key center based on SM2 algorithm |
| CN111404953A (en) * | 2020-03-24 | 2020-07-10 | 广东工业大学 | Message encryption method, message decryption method, related devices and related systems |
| WO2020238694A1 (en) * | 2019-05-27 | 2020-12-03 | 腾讯科技(深圳)有限公司 | Key management method and related device |
| CN112291364A (en) * | 2020-11-06 | 2021-01-29 | 腾讯科技(深圳)有限公司 | Message pushing processing method and device |
| CN112737779A (en) * | 2020-12-30 | 2021-04-30 | 深圳市宝能投资集团有限公司 | Service method and device for cipher machine, cipher machine and storage medium |
| CN113132105A (en) * | 2019-12-30 | 2021-07-16 | 中国移动通信集团四川有限公司 | Key processing system |
-
2021
- 2021-11-12 CN CN202111342556.5A patent/CN114258018B/en active Active
Patent Citations (24)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP0851335A2 (en) * | 1996-12-31 | 1998-07-01 | Compaq Computer Corporation | Secure two-piece user authentication in a computer network |
| JP2005033781A (en) * | 2003-06-18 | 2005-02-03 | Matsushita Electric Ind Co Ltd | Content reproducing apparatus, content reproducing method, and program |
| KR20080046392A (en) * | 2006-11-22 | 2008-05-27 | 광주과학기술원 | Method of generating encryption key used in communication in accordance with data density in wireless sensor network, and method for data communication using above mentioned method, and system for these purpose |
| CN101232368A (en) * | 2007-01-23 | 2008-07-30 | 华为技术有限公司 | Method for distributing media stream cryptographic key and multimedia subsystem |
| CN101146209A (en) * | 2007-09-26 | 2008-03-19 | 中兴通讯股份有限公司 | A method and system for program stream secret key encryption in mobile multi-media broadcasting service |
| WO2009039692A1 (en) * | 2007-09-26 | 2009-04-02 | Zte Corporation | A method and system for encrypting a program stream key in the mobile multimedia broadcast service |
| JP2010219979A (en) * | 2009-03-18 | 2010-09-30 | Fuji Electric Holdings Co Ltd | Network system with relay server, the relay server, and program |
| CN101593389A (en) * | 2009-07-01 | 2009-12-02 | 中国建设银行股份有限公司 | A kind of key management method and system that is used for the POS terminal |
| EP2555466A1 (en) * | 2011-08-05 | 2013-02-06 | Selex Sistemi Integrati S.p.A. | System for distributing cryptographic keys |
| CN104579964A (en) * | 2013-01-07 | 2015-04-29 | 山东量子科学技术研究院有限公司 | Dynamic route architecture system for quantum cryptography network |
| CN103580872A (en) * | 2013-11-11 | 2014-02-12 | 北京华大智宝电子系统有限公司 | System and method for generating and managing secret key |
| CN104144415A (en) * | 2014-07-10 | 2014-11-12 | 深圳市螺光科技有限公司 | Method for connecting WiFi access point and mobile communication terminal |
| KR20160050912A (en) * | 2014-10-31 | 2016-05-11 | 에스케이텔레콤 주식회사 | Method for Quantum Cryptography for Network Combining Ring and Star Structure |
| CN105162583A (en) * | 2015-07-15 | 2015-12-16 | 北京江南天安科技有限公司 | Scatter method and system for single asymmetrical secret key pair, single-stage asymmetrical secret key pair and multistage asymmetrical secret key pair |
| CN108270557A (en) * | 2016-12-30 | 2018-07-10 | 科大国盾量子技术股份有限公司 | A kind of backbone system and its trunking method based on quantum communications |
| JP2018148493A (en) * | 2017-03-08 | 2018-09-20 | 日本放送協会 | Key generator, intermediate encryption device, consignment encryption device, data retrieval device, decryption device, and programs therefor |
| CN107094078A (en) * | 2017-06-01 | 2017-08-25 | 浙江九州量子信息技术股份有限公司 | A kind of quantum key synchronization system and synchronous method based on multilevel relay |
| CN109995514A (en) * | 2017-12-29 | 2019-07-09 | 成都零光量子科技有限公司 | A kind of safe and efficient quantum key Information Mobile Service method |
| WO2020238694A1 (en) * | 2019-05-27 | 2020-12-03 | 腾讯科技(深圳)有限公司 | Key management method and related device |
| CN110391900A (en) * | 2019-07-04 | 2019-10-29 | 晋商博创(北京)科技有限公司 | Private key processing method, terminal and cipher key center based on SM2 algorithm |
| CN113132105A (en) * | 2019-12-30 | 2021-07-16 | 中国移动通信集团四川有限公司 | Key processing system |
| CN111404953A (en) * | 2020-03-24 | 2020-07-10 | 广东工业大学 | Message encryption method, message decryption method, related devices and related systems |
| CN112291364A (en) * | 2020-11-06 | 2021-01-29 | 腾讯科技(深圳)有限公司 | Message pushing processing method and device |
| CN112737779A (en) * | 2020-12-30 | 2021-04-30 | 深圳市宝能投资集团有限公司 | Service method and device for cipher machine, cipher machine and storage medium |
Non-Patent Citations (4)
| Title |
|---|
| NGN中SIP协议安全研究;邢文凯;李勇;;郑州轻工业学院学报(自然科学版);20091015(05);全文 * |
| 李永忠编著.《物联网信息安全》.西安电子科技大学出版社,2016,第208-225页. * |
| 陈林,廖恩红,曹杰著.《"互联网+" 智慧校园技术与工程实施》.电子科技大学出版社,2017,第38-39页. * |
| 韦鹏程,韦玉轩,邹晓兵著.《信息系统安全的理论与实践研究》.天津大学出版社,2017,第207-237页. * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114258018A (en) | 2022-03-29 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20200034550A1 (en) | System and method to protect data privacy of lightweight devices using blockchain and multi-party computation | |
| CN108629027B (en) | User database reconstruction method, device, equipment and medium based on block chain | |
| EP3242437B1 (en) | Light-weight key update mechanism with blacklisting based on secret sharing algorithm in wireless sensor networks | |
| CN105007157B (en) | Generating and managing multiple base keys based on device-generated keys | |
| CN114065265A (en) | Fine-grained cloud storage access control method, system and equipment based on block chain technology | |
| CN103414682A (en) | Method for cloud storage of data and system | |
| CN104158880B (en) | User-end cloud data sharing solution | |
| CN113329030A (en) | Block chain all-in-one machine, password acceleration card thereof, and key management method and device | |
| CN111294203B (en) | Information transmission method | |
| KR101615137B1 (en) | Data access method based on attributed | |
| US11128452B2 (en) | Encrypted data sharing with a hierarchical key structure | |
| KR20190072770A (en) | Method of performing encryption and decryption based on reinforced learning and client and server system performing thereof | |
| WO2017061950A1 (en) | Data security system and method for operation thereof | |
| Bali et al. | Lightweight authentication for MQTT to improve the security of IoT communication | |
| Mo et al. | Two-party fine-grained assured deletion of outsourced data in cloud systems | |
| Mehmood et al. | A comprehensive literature review of data encryption techniques in cloud computing and IoT environment | |
| CN105723647A (en) | System for sharing a cryptographic key | |
| Fugkeaw et al. | Improved lightweight proxy re-encryption for flexible and scalable mobile revocation management in cloud computing | |
| CN113726517A (en) | Information sharing method and device | |
| WO2021098152A1 (en) | Blockchain-based data processing method, device, and computer apparatus | |
| Qinlong et al. | Improving security and efciency for encrypted data sharing in online social networks | |
| EP3747150A1 (en) | Secure data processing | |
| CN114258018B (en) | Key management method, device, computer equipment and storage medium | |
| KR101812311B1 (en) | User terminal and data sharing method of user terminal based on attributed re-encryption | |
| Jeevitha et al. | Data Storage Security and Privacy in Cloud Computing |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |