KR20220153917A - Secure instant messaging method and apparatus thereof - Google Patents

Abstract

A security instant messaging method and a device thereof are disclosed. According to an embodiment, the security instant messaging method is performed by an instant messaging server. The messaging method comprises the following steps of: storing a file transmitted through a chat room generated in a messaging server in a file server; receiving a first ciphertext in which a storage path of the file is encrypted with an encryption key of a chat room from a client that transmitted the file; storing the first ciphertext to correspond to the chat room; and transmitting a message including the first ciphertext to a client participating in the chat room through the chat room.

Description

Secure instant messaging method and apparatus {SECURE INSTANT MESSAGING METHOD AND APPARATUS THEREOF}

Embodiments below relate to methods and devices for secure instant messaging, and specifically to methods and devices for secure instant messaging using end-to-end encryption.

An instant messaging service or instant messenger is a messenger service in which two or more users transmit and receive text, pictures, voices, etc. in real time through a network. Since the instant messaging service passes through a messaging server for data communication between users, communication data may be stored in the server. This has a security vulnerability in that data leakage and alteration are possible due to hacking of the server. Accordingly, an encryption technology for security, such as data leakage prevention, should be applied in a data communication process using an instant messaging service.

End to End Encryption (E2EE) is an encryption method that transmits a message in an encrypted state in all processes from the sender to the receiver. It is also called end-to-end encryption. When end-to-end encryption is used, only the sender and receiver of the message can see the contents, and the server in the middle cannot see the contents, so it is a technology for protecting data transmitted and received through instant messaging services. are being developed

Through the following embodiments, a technology capable of transmitting and receiving a file using an end-to-end encryption method in an instant messaging service can be provided. More specifically, a technology capable of transmitting, receiving, and storing a file through an instant messaging server in a manner of encrypting a storage path of a file without encrypting the file itself may be provided.

However, the technical challenges are not limited to the above-described technical challenges, and other technical challenges may exist.

A secure instant messaging method performed in an instant messaging server according to one aspect includes storing a file transmitted through a chat room created in the messaging server in a file server; Receiving a first ciphertext obtained by encrypting a storage path of the file with an encryption key of the chat room from a client transmitting the file; storing the first ciphertext in response to the chat room; and transmitting a message including the first cipher text to a client participating in the chat room through the chat room.

The receiving of the first cipher text may include receiving a storage path of the file from the file server; transmitting the storage path of the file to the client that transmitted the file; and receiving the first cipher text from a client that has transmitted the file.

The receiving of the first cipher text may include receiving a signal confirming storage of the file from the file server; transmitting the signal to the client that transmitted the file; and receiving the first cipher text from a client that has transmitted the file, based on the signal.

The signal for confirming storage of the file may include information for identifying the file in the file server.

The first cipher text may be decrypted with a decryption key of the chat room.

The decryption key of the chat room may be stored in a client participating in the chat room.

The chat room encryption key and the chat room decryption key may be generated with a symmetric key corresponding to the chat room.

The secure instant messaging method may include storing the first cipher text and a second cipher text obtained by encrypting a text message transmitted through the chat room with an encryption key of the chat room, in accordance with a transmission order, in correspondence with the chat room; and transmitting the first encrypted text and the second encrypted text stored in correspondence to the chat room to a client accessing the chat room.

A client participating in the chat room may include a user terminal logged into a user account subscribed to an instant messaging service provided by the messaging server.

The file server may include a database for storing files transmitted through the chat room.

A secure instant messaging method performed by a client according to one aspect includes receiving a chat room key encrypted with a user public key corresponding to the client from a messaging server providing a secure instant messaging service; Decrypting the encrypted chat room key with a user private key stored in the client; Receiving a message including a storage path of an encrypted file through the chat room from the messaging server; Decrypting the storage path of the encrypted file with the key of the chat room; and receiving the file from a file server based on the storage path of the decrypted file.

The key of the chat room may include a symmetric key generated corresponding to the chat room.

The storage path of the encrypted file may include a first ciphertext obtained by encrypting the storage path of the file with a key of the chat room.

An instant messaging server according to one side stores a file transmitted through a chat room in a file server, and receives a first ciphertext obtained by encrypting a storage path of the file with an encryption key of the chat room from a client that has transmitted the file. Receives, stores the first cipher text corresponding to the chat room, and transmits a message including the first cipher text to a client participating in the chat room through the chat room, and at least one processor.

In receiving the first cipher text, the processor receives a storage path of the file from the file server, transmits the storage path of the file to a client that has transmitted the file, and transmits the storage path of the file from the client that has transmitted the file. A first cipher text may be received.

In receiving the first ciphertext, the processor receives a signal confirming storage of the file from the file server, transmits the signal to a client that has transmitted the file, and based on the signal, the file The first ciphertext may be received from the client that has transmitted the .

The instant messaging server may further include a memory for storing the first cipher text and a second cipher text obtained by encrypting a text message transmitted through the chat room with an encryption key of the chat room, in correspondence with the chat room.

The processor, corresponding to the chat room, stores the first cipher text and the second cipher text obtained by encrypting the text message transmitted through the chat room with the encryption key of the chat room in the memory according to the order of transmission, and accesses the chat room. The first cipher text and the second cipher text stored in correspondence to the chat room may be transmitted to the client.

A client according to one side receives a chat room key encrypted with a corresponding user public key from a messaging server providing a secure instant messaging service, and converts the encrypted chat room key into a user private key , and receives a message including a storage path of an encrypted file through the chat room from the messaging server, decrypts the storage path of the encrypted file with a key of the chat room, and based on the storage path of the decrypted file. and at least one processor for receiving the file from the file server.

The client further includes a memory for storing the user private key corresponding to the logged-in user account.

The key of the chat room may include a symmetric key generated corresponding to the chat room.

The storage path of the encrypted file may include a first ciphertext obtained by encrypting the storage path of the file with a key of the chat room.

The following embodiments can enhance the security of files shared through an instant messaging server, and provide an instant messaging service using an end-to-end encryption method that can reduce the computation time of encryption for security and the amount of stored data. have.

1 is an exemplary diagram of a secure instant messaging system configuration according to an embodiment.
2 is a diagram for explaining data stored in an instant messaging server according to an exemplary embodiment.
3 is an operation flowchart of a secure instant messaging method performed in an instant messaging server according to an embodiment.
4 and 5 are diagrams for explaining specific operations of a secure instant messaging method according to an embodiment.
6 is an operation flowchart of a secure instant messaging method performed in a client according to an embodiment.
7 is an exemplary diagram of a hardware configuration of a secure instant messaging system according to an embodiment.

Specific structural or functional descriptions of the embodiments are disclosed for illustrative purposes only, and may be changed and implemented in various forms. Therefore, the form actually implemented is not limited only to the specific embodiments disclosed, and the scope of the present specification includes changes, equivalents, or substitutes included in the technical idea described in the embodiments.

Although terms such as first or second may be used to describe various components, such terms should only be construed for the purpose of distinguishing one component from another. For example, a first element may be termed a second element, and similarly, a second element may be termed a first element.

It should be understood that when an element is referred to as being “connected” to another element, it may be directly connected or connected to the other element, but other elements may exist in the middle.

Singular expressions include plural expressions unless the context clearly dictates otherwise. In this specification, terms such as "comprise" or "have" are intended to designate that the described feature, number, step, operation, component, part, or combination thereof exists, but one or more other features or numbers, It should be understood that the presence or addition of steps, operations, components, parts, or combinations thereof is not precluded.

Unless defined otherwise, all terms used herein, including technical or scientific terms, have the same meaning as commonly understood by one of ordinary skill in the art. Terms such as those defined in commonly used dictionaries should be interpreted as having a meaning consistent with the meaning in the context of the related art, and unless explicitly defined in this specification, it should not be interpreted in an ideal or excessively formal meaning. don't

Hereinafter, embodiments will be described in detail with reference to the accompanying drawings. In the description with reference to the accompanying drawings, the same reference numerals are given to the same components regardless of reference numerals, and overlapping descriptions thereof will be omitted.

1 is an exemplary diagram of a secure instant messaging system configuration according to an embodiment.

Referring to FIG. 1 , a secure instant messaging system according to an embodiment may include a client 110 , an instant messaging server 120 and a file server 130 . The configuration of the system shown in FIG. 1 is an example for explanation of the invention, and the number of clients or servers included in the system is not limited as shown in FIG. 1 .

A secure instant messaging system according to an embodiment is a system that provides a secure instant messaging service, and provides a service capable of transmitting/receiving data such as text messages between service users and files including documents, photos, videos, and sound data. can do. Hereinafter, a secure instant messaging system according to an embodiment may be briefly referred to as a 'system'.

According to an embodiment, the secure instant messaging service is a security-enhanced instant messaging service, and may include an instant messaging service that encrypts and transmits/receives data using an end-to-end encryption method. . The instant messaging service is a messenger service that allows users to transmit and receive data such as text messages and files including documents, pictures, videos, and sound data in real time through a network. Hereinafter, the secure instant messaging service may be simply referred to as 'service'.

The instant messaging server 120 according to an embodiment may include a server providing an instant messaging service to the client 110 . For example, the instant messaging server 120 may provide a messenger service to a user through an application linked to a service installed in the client 110 . The instant messaging server 120 may create a user account for each user according to a user's instant messaging service subscription procedure. Hereinafter, the instant messaging server 120 may be simply referred to as a 'messaging server'.

The client 110 according to an embodiment may include a user terminal logged in to a user account subscribed to an instant messaging service provided by the messaging server 120 .

According to an embodiment, the messaging server 120 may provide a chat room in which data such as text and files can be transmitted and received in the form of a message with a user designated counterpart, and display the data transmitted and received through the chat room to the user. message can be provided. One chat room may include one or more user accounts, and it is also possible to send and receive messages by creating a chat room with only one user account. The account(s) of the user(s) included in the chat room may share contents and files of text messages transmitted and received through the chat room.

The messaging server 120 according to an embodiment may store data related to a secure instant messaging service. Data on the secure instant messaging service is data managed by the server to provide the secure instant messaging service, for example, identification information of user accounts subscribed to the secure instant messaging service, chat room information corresponding to the user account, and chat room information. It may include transmitted/received text message information. Messaging server 120 may include a database for storing data regarding secure instant messaging services. Hereinafter, the database included in the messaging server 120 may be referred to as a 'first database'.

The file server 130 according to an embodiment may include a memory or a database for storing files transmitted through a chat room in the system. The messaging server 120 may request the file server 130 to store the file transmitted through the chat room. A file stored in the file server 130 may be accessed through a file storage path in the file server 130 . Hereinafter, the database included in the file server 130 may be referred to as a 'second database'.

A specific hardware configuration of the client 110 and the messaging server 120 according to an embodiment will be described in detail with reference to FIG. 7 below.

According to an embodiment, data transmitted and received by the system and/or data stored in the system may correspond to data encrypted for security. More specifically, data transmitted and received through the secure instant messaging system and/or data stored in the messaging server 120 may be encrypted using an end-to-end encryption method so that a designated recipient can decrypt it. Designated recipients may include users who are designated as targets for receiving data in various ways, for example, may be designated as recipients by the sender, may be automatically designated as recipients belonging to a specific group, and secure instant messaging In the service, a user(s) included in a chat room in which data is transmitted may be designated as a receiver. Since the data transmitted and received by the system through the messaging server 120 and/or the data stored in the messaging server 120 are data encrypted by the end-to-end encryption method, access to the messaging server 120 and the messaging server 120 is restricted. A secure instant messaging service with enhanced security can be provided as a third party cannot refer to or forge/falsify the original data.

As described above, the messaging server 120 may include a first database for storing data related to secure instant messaging services. For example, referring to FIG. 2 , the first database 200 corresponds to a user account (User_x) subscribed to the secure instant messaging service, and generates a user public key (U _e ^x- ) of the corresponding user account. and a list of chat rooms (Chat_1, Chat_2, .., Chat_n) in which the corresponding user account is participating may be stored.

More specifically, the first database may store a user public key of a corresponding user account corresponding to each user account subscribed to the secure instant messaging service. The first database may store user public keys corresponding to a plurality of user accounts subscribed to the secure instant messaging service, and each of the user public keys may be stored corresponding to a user account. The user's public key may be indexed to the user's account and stored in the first database.

A user public key according to an embodiment may be generated in a user terminal logged in with a corresponding user account, which is the client 110, in correspondence with a user account, and a user private key capable of decrypting data encrypted with the user public key. (user private key) can be created together. Hereinafter, a pair of a user public key corresponding to a user account and a user private key corresponding thereto may be referred to as a user key. In other words, the user key corresponding to the user account is an asymmetric key and may include a user public key as an encryption key and a user private key as a decryption key.

According to an embodiment, the user terminal may generate a user key corresponding to a user account, store a user private key among user keys in the user terminal, and transmit a user public key among user keys to the messaging server 120 . The messaging server 120 may receive the user public key from the user terminal and store it in the first database. In other words, a user public key among user keys corresponding to a user account may be stored in the first database by the messaging server 120, and a user private key among user keys may be stored in the user terminal. Since the messaging server 120 does not hold a user private key among user keys, the messaging server 120 cannot decrypt data encrypted with a user public key corresponding to a user account. Among user keys, a user public key may be stored in a user terminal.

As another example, referring to FIG. 2 , the first database 200 corresponds to a chat room (Chat_x) created through a secure instant messaging service, and converts the decryption key of the chat room to the user public of each user account participating in the chat room. Ciphertexts 210 encrypted with the key may be stored. In FIG. 2, U _e ^k denotes a user public key of user account k, C _e ^x denotes an encryption key of chat room Chat_x, and C _d ^x denotes a decryption key of chat room Chat_x. U _e ^k (C _d ^x ) is a cipher text obtained by encrypting the decryption key of the chat room Chat_x with the user public key of the user account k, and the cipher texts 210 are the decryption keys of the chat room Chat_x with the user public keys of each of the user accounts 1 to M participating in the chat room Chat_x. It may include ciphertexts that have been encrypted.

For example, cipher texts obtained by encrypting a chat room decryption key with a user public key of each user account participating in the chat room may be generated from a client requesting creation of the chat room and stored in the messaging server. A client requesting creation of a chat room may designate a chat room participant and obtain a user public key of a user account corresponding to the chat room participant from a messaging server. A client requesting creation of a chat room may generate a ciphertext by encrypting a decryption key of the chat room using the obtained user public key of each user account corresponding to the chat room participant, and transmit the ciphertext to be stored in the messaging server.

Also, for example, a cipher text obtained by encrypting a chat room decryption key with a user public key of a user account participating in the chat room may be generated from a client requesting participation in the chat room and stored in the messaging server. When participation in a chat room created by a client can be requested, the client requesting participation in the chat room obtains a decryption key of the chat room, and transmits ciphertext obtained by encrypting the decryption key with its own user public key to be stored in the messaging server. In the course of transmitting the chat room decryption key to the client requesting participation in the chat room, the chat room decryption key may be encrypted with an encryption algorithm decryptable by the client requesting chat room participation and then delivered.

According to an embodiment, the encryption key and the decryption key of the chat room may correspond to different asymmetric keys or to the same symmetric key. For example, when an encryption key and a decryption key of a chat room are symmetric keys, C _d ^x and C _e ^x in FIG. 2 may correspond to the same key. According to an embodiment, the messaging server may store a ciphertext encrypted with a user public key of a user account participating in the chat room as a decryption key of the chat room, or a symmetric key of the chat room as the user public key of the user account participating in the chat room. You can also store encrypted ciphertext. Hereinafter, a case where the encryption key and the decryption key of the chat room are the same symmetric key will be described as an example.

According to one embodiment, the encrypted symmetric key of the chat room may be stored in the first database in correspondence with the user account. For example, a symmetric key of a chat room encrypted with a public key corresponding to a first user account may be indexed and stored as the first user account, or may be indexed and stored as a public key corresponding to the first user account.

According to an embodiment, since a user private key among user keys is not stored in the messaging server 120, the messaging server 120 cannot decrypt a symmetric key of a chat room encrypted with a user public key corresponding to a user account. By encrypting and storing the symmetric key of the chat room in the messaging server 120, it is possible to prevent chat room information from being exposed to a third party.

As an example, referring to FIG. 2 , the first database 200 corresponds to a chat room (Chat_x) created through a secure instant messaging service, and cipher texts 220 obtained by encrypting data transmitted and received in the corresponding chat room with an encryption key of the corresponding chat room. ) can be stored. The ciphertexts that encrypt the data transmitted and received in the chat room with the encryption key of the chat room are the first cipher text (eg, the storage path of the file transmitted through the chat room (eg addr_1, addr_2) encrypted with the encryption key (C _e ^x ) of the chat room). Example: C _e ^x (addr_1), C _e ^x (addr_2)) and a second cipher text (eg C _e ^x ( msg_1), C _e ^x (msg_2)).

According to one embodiment, the first ciphertext and the second ciphertext corresponding to the chat room may be stored in the first database according to the order of transmission. For example, when data is transmitted in the order of a first text message, a first file, a second file, and a second text message through a chat room, the first database includes an encrypted cipher text of the first text message and a second text message. The encrypted ciphertext of the storage path, the encrypted ciphertext of the storage path of the second file, and the encrypted ciphertext of the second text message may be stored in the order. According to one embodiment, the first database may store information about the transmission time of the corresponding data together with the encrypted text of the data transmitted through the chat room.

According to an embodiment, when a client accesses a chat room, the messaging server 120 may transmit the first cipher text and the second cipher text stored in the first database in correspondence with the chat room to the client accessing the chat room. A client accessing a chat room may receive data transmitted and received through the corresponding chat room according to a transmission order.

According to an embodiment, the storage path of text messages transmitted and received through the chat room and files transmitted and received through the chat room may be encrypted with a symmetric key of the chat room to be transmitted and received between users, and the encrypted message may correspond to the chat room, and the messaging server 120 can be stored in Since the messaging server 120 stores the cipher text encrypted with the symmetric key of the chat room, the messaging server 120 cannot decrypt the storage path of the text message and the file encrypted with the symmetric key of the chat room because it does not know the symmetric key of the chat room. . By encrypting and storing the storage path of the text message and the file in the messaging server 120 with the symmetric key of the chat room, information on the storage path of the text message and the file can be prevented from being exposed to a third party.

A specific operation of a secure instant messaging method for storing a storage path of a file transmitted through a chat room according to an embodiment will be described in detail below.

3 is an operation flowchart of a secure instant messaging method performed in an instant messaging server according to an embodiment.

Referring to FIG. 3, the secure instant messaging method performed in an instant messaging server (eg, the messaging server 120 of FIG. 1) transfers a file transmitted through a chat room to a file server (eg, the file server 130 of FIG. 1). Step 310 of storing in , Step 320 of receiving the first ciphertext from the client (e.g., the client 110 of FIG. 1) that transmitted the file, Step 330 of storing the first ciphertext corresponding to the chat room , and transmitting a message including the first encrypted text through the chat room (340).

Step 310 according to an embodiment may correspond to a step of storing a file transmitted through a chat room created in a messaging server in a file server. A file is an information unit including data that can be processed by a computer, and may include various types of data files such as, for example, photo files, video files, sound files, and document files.

According to an embodiment, a file transmitted through a chat room may correspond to a file transmitted from a client participating in a corresponding chat room. In other words, text messages as well as files may be transmitted through the chat room, and files transmitted through the chat room may be shared with other clients participating in the chat room.

According to an embodiment, the messaging server may request the file server to store the file transmitted through the chat room. The file server may store the corresponding file in a database corresponding to the file server, and may return a storage path of the corresponding file. The storage path of the file may include an address where the corresponding file is stored in a database corresponding to the file server or an address accessible to the corresponding file.

Step 320 according to an embodiment may correspond to a step of receiving a first cipher text obtained by encrypting a storage path of a file with an encryption key of a chat room from a client that has transmitted the file. A file storage path according to an embodiment may be obtained from a file server. A specific operation of obtaining a storage path of a file from a file server in a client will be described in detail with reference to FIGS. 4 and 5 below.

The client that has transmitted the file according to an embodiment may generate the first cipher text by encrypting the storage path of the obtained file with the encryption key of the chat room. The encryption key of the chat room is an encryption key generated corresponding to the chat room and can be obtained from a client participating in the chat room. As described above, the encryption key and the decryption key of the chat room may be symmetric keys or asymmetric keys.

According to an embodiment, when the encryption key and the decryption key of the chat room are asymmetric keys, the encryption key of the chat room may correspond to a public key. Since the public key corresponds to a public key, the client can obtain the public key, the encryption key of the chat room.

Hereinafter, a case where the encryption key and the decryption key of the chat room are symmetric keys will be described as an example. According to an embodiment, when the encryption key and the decryption key of the chat room are symmetric keys, the symmetric key of the chat room may be encrypted with a user public key of a user account participating in the chat room and stored in the messaging server as described above. As described above, since the user private key of the user account is stored in the user terminal, which is a client, the client can obtain the symmetric key of the chat room by decrypting the symmetric key of the chat room encrypted with the stored user private key. According to an embodiment, when the ciphertext in which the symmetric key of the chat room is encrypted is decrypted by the client to obtain the symmetric key of the chat room, the client may store the obtained symmetric key of the chat room. In other words, the client may obtain the symmetric key of the chat room by receiving the cipher text of the symmetric key of the participating chat room from the messaging server and decrypting the cipher text with the stored user private key, or use the already obtained and stored symmetric key of the chat room. may be

According to an embodiment, the messaging server may receive 320 the first ciphertext generated by the client. The first passphrase received by the messaging server may be stored in the messaging server in response to a chat room (330). In other words, the storage path of the file transmitted to the chat room may not be stored in the messaging server as it is, and the first ciphertext obtained by encrypting the file storage path with the chat room encryption key may be stored.

According to an embodiment, the messaging server may transmit (340) a message including the first cipher text to a client participating in a corresponding chat room through a chat room. The message may include a push message. In other words, the messaging server may notify other clients participating in the chat room that a file has been transmitted from a specific client by transmitting a message including the first cipher text to the chat room.

According to an embodiment, the first ciphertext may be decrypted with a chat room symmetric key or a chat room decryption key. A client participating in the chat room may obtain a symmetric key of the chat room or a decryption key of the chat room for decrypting the first ciphertext, and may store the symmetric key of the chat room. The client may obtain the storage path of the file included in the message by decrypting the first cipher text included in the message. A specific operation of the secure instant messaging method performed by the client will be described in detail below.

4 and 5 are diagrams for explaining specific operations of a secure instant messaging method according to an embodiment.

The client, messaging server, and file server shown in FIGS. 4 and 5 may correspond to the client 110, messaging server 120, and file server 130 shown in FIG. 1, respectively.

As described above with reference to FIG. 3, the messaging server (eg, the messaging server 120 of FIG. 1) according to an embodiment stores a file from a client (eg, the client 110 of FIG. 1) that transmits a file through a chat room. A step of receiving a first cipher text obtained by encrypting a path with an encryption key of a corresponding chat room (eg, step 320 of FIG. 3 ) may be included.

Referring to FIG. 4 , receiving a first cipher text of a messaging server (eg, step 320 of FIG. 3 ) according to an embodiment includes receiving a storage path of a file transmitted through a chat room from a file server ( 440), transmitting the file storage path to the client that transmitted the file (450), and receiving a first cipher text from the client that transmitted the file (460). In other words, the messaging server may receive (410) a file transmitted from a client through a chat room, transmit (420) the received file to a file server, and request storage. The file server may store the received file in a second database included in the file server (430) and transmit the storage path of the corresponding file to the client through the messaging server (440, 450).

Referring to FIG. 4 , the client receiving the storage path of the file from the messaging server may generate first ciphertext by encrypting the storage path of the received file with the symmetric key of the chat room (460). As described above, the first cipher text generated at the client may be transmitted 470 and stored 480 to the messaging server.

Referring to FIG. 5 , receiving a first cipher text of a messaging server (eg, step 320 of FIG. 3 ) according to an embodiment includes receiving a storage confirmation signal confirming storage of the file from a file server. (540), transmitting a storage confirmation signal to the client that transmitted the file (550), and receiving a first cipher text from the client that transmitted the file based on the storage confirmation signal (590). . In other words, the messaging server may receive (510) a file transmitted from a client through a chat room, transmit (520) the received file to a file server, and request storage. The file server may store the received file in a second database included in the file server (530) and transmit a storage confirmation signal confirming that the file is stored to the client through the messaging server (540, 550).

A storage confirmation signal according to an embodiment may include information for identifying a file stored in a file server. For example, the storage confirmation signal may include ID information of a file stored in the file server. According to an embodiment, the client may request a storage path of the file from the file server based on the received storage confirmation signal (560). For example, the client may transfer the ID of the file included in the storage confirmation signal to the file server and request a storage path of the file having the ID. The file server may transmit the storage path of the requested file to the client in response to the request signal (570). According to an embodiment, a client may obtain a file storage path from a file server without going through a messaging server.

6 is an operation flowchart of a secure instant messaging method performed in a client according to an embodiment.

Referring to FIG. 6 , a secure instant messaging method performed by a client (eg, the client 110 of FIG. 1 ) according to an embodiment includes receiving a chat room key encrypted with a user public key corresponding to the client (610). , Decrypting the key of the encrypted chat room with the user private key stored in the client (620), Receiving a message including the storage path of the encrypted file through the chat room from the messaging server (630), The storage path of the encrypted file It may include decrypting with the key of the chat room (640), and receiving a file from a file server (eg, the file server 130 of FIG. 1) based on the storage path of the decrypted file (650). .

Step 610 according to an embodiment may include receiving a chat room key encrypted with a user public key corresponding to a client from a messaging server (eg, the messaging server 120 of FIG. 1 ). As described above, the chat room key encrypted with the user public key of the user account participating in the chat room may be stored in the first database of the messaging server in correspondence with the corresponding chat room. The key of the encrypted chat room received in step 610 may correspond to the key of the chat room in which the key of the chat room in which the client is participating through the logged-in user account is encrypted with the user public key of the corresponding user account. According to an embodiment, the chat room key may include a symmetric key generated in correspondence with the corresponding chat room.

Step 620 according to an embodiment may include obtaining a chat room key by decrypting an encrypted chat room key obtained from a client with a user private key. The obtained chat room key may be stored in the client. The client may obtain a user private key corresponding to the logged-in user account. For example, a user private key generated in correspondence with a user account may be stored in a client logged in with a corresponding user account.

Step 630 according to an embodiment may include receiving a first cipher text obtained by encrypting a storage path of a file transmitted through a chat room from a messaging server with a key of the chat room. The first ciphertext may be transmitted to the client in the form of a message.

Step 640 according to an embodiment may include obtaining a storage path of a file by decrypting the first ciphertext with the key of the chat room obtained in step 620 .

Step 650 according to an embodiment may include accessing a corresponding file stored in a file server from a client based on the storage path of the acquired file. The file server can be accessed based on the storage path, and a client can refer to or download a file stored in the file server by accessing the file server based on the storage path.

7 is an exemplary diagram of a hardware configuration of a secure instant messaging system according to an embodiment.

Referring to FIG. 7 , a secure instant messaging system according to an embodiment includes a client 110 (eg, the client 110 of FIG. 1 ) connected through a network 730 and a messaging server 120 (eg, the client 110 of FIG. 1 ). messaging server 120) and file server 130 (eg, file server 130 of FIG. 1).

The client 110 according to an embodiment may be a fixed terminal implemented as a computer device or a mobile terminal. For example, the client 110 may include a smart phone, a mobile phone, a computer, a laptop computer, a digital broadcasting terminal, a personal digital assistant (PDA), a portable multimedia player (PMP), and a tablet PC. For example, the client 110 may communicate with the messaging server 120, the file server 130, and/or other electronic devices through the network 730 using a wireless or wired communication method.

The messaging server 120 and the file server 130 according to an embodiment communicate with the client 110 and/or other servers through the network 730 to provide commands, codes, files, content, services, and the like. Alternatively, it may be implemented in a plurality of computer devices. The communication method is not limited, and may include a communication method utilizing a communication network (eg, mobile communication network, wired Internet, wireless Internet, broadcasting network) that the network 730 may include, and a short-distance wireless communication method between devices. For example, the network 730 may include a personal area network (PAN), a local area network (LAN), a campus area network (CAN), a metropolitan area network (MAN), a wide area network (WAN), and a broadband network (BBN). , one or more arbitrary networks such as the Internet.

According to an embodiment, the messaging server 120 may provide a file for installing an application to the client 110 connected through the network 730 . In this case, the client 110 may install an application using a file provided from the messaging server 120 . In addition, a service provided by the messaging server 120 by accessing the messaging server 120 under the control of an operating system (OS) included in the client 110 and at least one program (eg, a browser or an installed application). I can provide content. For example, when the client 110 transmits a service request message to the messaging server 120 through the network 730 under the control of an application, the messaging server 120 transmits a code corresponding to the service request message to the client 110. ), and the client 110 can provide content to the user by constructing and displaying a screen according to the code under the control of the application.

According to an embodiment, the client 110 and the messaging server 120 may include memories 711 and 721, processors 713 and 723, communication modules 715 and 725, and input/output interfaces 717 and 727. have.

The processors 713 and 723 according to an embodiment may perform at least one operation described above through FIGS. 1 to 6 . For example, the processor 713 may perform operations of the secure instant messaging method performed in the client 110 described above through FIGS. 1 to 6, and the processor 723 may perform the above described operations through FIGS. 1 to 6 Operations of the secure instant messaging method performed in one messaging server 120 may be performed. The processors 713 and 723 may be configured to process commands of a computer program by performing basic arithmetic, logic, and input/output operations. Instructions may be provided to the processors 713 and 723 by the memories 711 and 721 or the communication modules 715 and 725.

The memories 711 and 721 are computer-readable recording media and may be volatile memories or non-volatile memories. The memories 711 and 721 according to an embodiment may store information related to the secure instant messaging method described above with reference to FIGS. 1 to 6 . For example, the memory 721 may include the aforementioned first database. As another example, the memory 711 may store a user private key corresponding to a user account logged into the client 110 described above.

The memories 711 and 721 according to an embodiment may store programs implementing the secure instant messaging method described above through FIGS. 1 to 6 . For example, the program implementing the above-described secure instant messaging method may include code for a browser or application that is installed and operated in the client 110 by files provided from the messaging server 120 through the network 730. can

The communication modules 715 and 725 according to an embodiment may provide functions for the client 110, the messaging server 120, and the file server 130 to communicate with each other through the network 730, and other electronic devices. Alternatively, it may provide functions for communicating with other servers. For example, a request generated according to a program code stored in a recording device such as a memory 711 by the processor 713 of the client 110 is transferred to the messaging server 120 through the network 730 under the control of the communication module 715. ) can be transmitted. For example, control signals, commands, contents, files, etc. provided under the control of the processor 723 of the messaging server 120 pass through the communication module 725 and the network 730 to the communication module 715 of the client 110. ) It may be received by the client 110 through. For example, control signals or commands of the messaging server 120 received through the communication module 715 may be transferred to the processor 713 or memory 711, and content or files may be transferred to the client 110 further. It can be stored in a storage medium that can include.

The input/output interfaces 717 and 727 may be means for interface with the input/output device 719 . For example, the input device may include a device such as a keyboard or mouse, and the output device may include a device such as a display for displaying a communication session of an application. As another example, the input/output interface 717 may be a means for interface with a device in which functions for input and output are integrated into one, such as a touch screen. As a more specific example, the processor 713 of the client 110 processes the command of the computer program loaded into the memory 711, and the service screen or content configured using the data provided by the messaging server 120 is an input/output interface. It can be displayed on the display through 717. Input through the input/output device 719 received from the user may be provided in a form processable by the processor 713 of the client 110 through the input/output interface 717 .

According to one embodiment, the client 110 and the messaging server 120 may include other components not shown in FIG. 7 . For example, the client 110 is implemented to include at least some of the aforementioned input/output devices 719 or other components such as transceivers, Global Positioning System (GPS) modules, cameras, various sensors, databases, and the like. may include more.

According to an embodiment, data communication between the client 110 , the messaging server 120 and the file server 130 may be performed through the network 730 . For example, the messaging server 120 and the client 110 may transmit and receive data through a network 730 formed by an application related to a secure instant messaging service. Data communication between messaging server 120 and file server 130 may be performed based on network encryption.

For example, data communication may be performed between the messaging server 120 and the client 110 according to Secure Sockets Layer (SSL). More specifically, data transmitted and received between the messaging server 120 and the client 110 may be transmitted and received after being encrypted with a symmetric key between the messaging server 120 and the client 110 . The symmetric key between the messaging server 120 and the client 110 may be encrypted with a public key distributed by the server to the client and transmitted to the messaging server 120, and the messaging server 120 may decrypt with a private key corresponding to the public key and You can check the symmetric key. In a communication session, the server and the client can maintain security by encrypting data with a symmetric key and transmitting and receiving data. Communication between the file server 130 and the client 110 and between the messaging server 120 and the file server 130 may also be performed on a principle similar to data communication between the messaging server 120 and the client 110.

In the above description, for convenience of description, the communication process according to the network encryption method will be omitted in the data communication process between the client 110, the messaging server 120 and the file server 130, but the network according to an embodiment ( The process of data communication between the client 110, the messaging server 120, and the file server 130 through 730 may include a process of transmitting and receiving encrypted data according to a network encryption method.

The embodiments described above may be implemented as hardware components, software components, and/or a combination of hardware components and software components. For example, the devices, methods and components described in the embodiments may include, for example, a processor, a controller, an arithmetic logic unit (ALU), a digital signal processor, a microcomputer, a field programmable gate (FPGA). array), programmable logic units (PLUs), microprocessors, or any other device capable of executing and responding to instructions. The processing device may execute an operating system (OS) and software applications running on the operating system. A processing device may also access, store, manipulate, process, and generate data in response to execution of software. For convenience of understanding, there are cases in which one processing device is used, but those skilled in the art will understand that the processing device includes a plurality of processing elements and/or a plurality of types of processing elements. It can be seen that it can include. For example, a processing device may include a plurality of processors or a processor and a controller. Other processing configurations are also possible, such as parallel processors.

Software may include a computer program, code, instructions, or a combination of one or more of the foregoing, which configures a processing device to operate as desired or processes independently or collectively. You can command the device. Software and/or data may be any tangible machine, component, physical device, virtual equipment, computer storage medium or device, intended to be interpreted by or provide instructions or data to a processing device. , or may be permanently or temporarily embodied in a transmitted signal wave. Software may be distributed on networked computer systems and stored or executed in a distributed manner. Software and data may be stored on computer readable media.

The method according to the embodiment may be implemented in the form of program instructions that can be executed through various computer means and recorded on a computer readable medium. A computer readable medium may store program instructions, data files, data structures, etc. alone or in combination, and program instructions recorded on the medium may be specially designed and configured for the embodiment or may be known and usable to those skilled in the art of computer software. have. Examples of computer-readable recording media include magnetic media such as hard disks, floppy disks and magnetic tapes, optical media such as CD-ROMs and DVDs, and magnetic media such as floptical disks. - includes hardware devices specially configured to store and execute program instructions, such as magneto-optical media, and ROM, RAM, flash memory, and the like. Examples of program instructions include high-level language codes that can be executed by a computer using an interpreter, as well as machine language codes such as those produced by a compiler.

The hardware device described above may be configured to operate as one or a plurality of software modules to perform the operations of the embodiments, and vice versa.

As described above, although the embodiments have been described with limited drawings, those skilled in the art can apply various technical modifications and variations based on this. For example, the described techniques may be performed in an order different from the method described, and/or components of the described system, structure, device, circuit, etc. may be combined or combined in a different form than the method described, or other components may be used. Or even if it is replaced or substituted by equivalents, appropriate results can be achieved.

Therefore, other implementations, other embodiments, and equivalents of the claims are within the scope of the following claims.

Claims (20)

A secure instant messaging method performed in an instant messaging server, comprising:
storing a file transmitted through a chat room created in the messaging server in a file server;
Receiving a first ciphertext obtained by encrypting a storage path of the file with an encryption key of the chat room from a client transmitting the file;
storing the first ciphertext in response to the chat room; and
Transmitting a message including the first cipher text to a client participating in the chat room through the chat room
including,
A secure instant messaging method.
According to claim 1,
Receiving the first cipher text
Receiving a storage path of the file from the file server;
transmitting the storage path of the file to the client that transmitted the file; and
Receiving the first cipher text from a client that has transmitted the file
including,
A secure instant messaging method.
According to claim 1,
Receiving the first cipher text
receiving a signal confirming storage of the file from the file server;
transmitting the signal to the client that transmitted the file; and
Based on the signal, receiving the first cipher text from a client that has transmitted the file.
including,
A secure instant messaging method.
According to claim 3,
The signal confirming the storage of the file is
Including information for identifying the file in the file server,
A secure instant messaging method.
According to claim 1,
The first cipher text is decrypted with the decryption key of the chat room,
The decryption key of the chat room is stored in the client participating in the chat room,
A secure instant messaging method.
According to claim 5,
The encryption key of the chat room and the decryption key of the chat room are generated with a symmetric key corresponding to the chat room.
A secure instant messaging method.
According to claim 1,
Corresponding to the chat room, storing the first cipher text and the second cipher text obtained by encrypting the text message transmitted through the chat room with the encryption key of the chat room according to transmission order; and
Transmitting the first cipher text and the second cipher text stored in correspondence to the chat room to a client accessing the chat room.
Including more,
A secure instant messaging method.
According to claim 1,
Clients participating in the chat room
Including a user terminal logged in to a user account subscribed to an instant messaging service provided by the messaging server
A secure instant messaging method.
According to claim 1,
The file server is
Including a database for storing files transmitted through the chat room
A secure instant messaging method.
A secure instant messaging method performed on a client, comprising:
receiving a chat room key encrypted with a user public key corresponding to the client from a messaging server providing a secure instant messaging service;
Decrypting the encrypted chat room key with a user private key stored in the client;
Receiving a message including a storage path of an encrypted file through the chat room from the messaging server;
Decrypting the storage path of the encrypted file with the key of the chat room; and
Receiving the file from a file server based on the storage path of the decrypted file
including,
A secure instant messaging method.
According to claim 10,
The key of the chat room includes a symmetric key generated in correspondence with the chat room,
The storage path of the encrypted file includes a first ciphertext obtained by encrypting the storage path of the file with the key of the chat room.
A secure instant messaging method.
A computer program stored in a medium to be combined with hardware to execute the method of any one of claims 1 to 11.
Save the file transmitted through the created chat room to the file server,
Receiving a first ciphertext in which a storage path of the file is encrypted with an encryption key of the chat room from a client that has transmitted the file;
Storing the first cipher text in correspondence with the chat room;
Transmitting a message including the first cipher text to a client participating in the chat room through the chat room,
at least one processor
including,
Instant Messaging Server.
According to claim 13,
the processor,
In receiving the first cipher text,
Receiving a storage path of the file from the file server;
Transmitting the storage path of the file to the client that transmitted the file;
Receiving the first ciphertext from the client that transmitted the file,
Instant Messaging Server.
According to claim 13,
the processor,
In receiving the first cipher text,
Receiving a signal confirming storage of the file from the file server;
Transmitting the signal to the client that transmitted the file;
Based on the signal, receiving the first cipher text from the client that transmitted the file,
Instant Messaging Server.
According to claim 13,
Corresponding to the chat room, storing the first cipher text and a second cipher text obtained by encrypting the text message transmitted through the chat room with the encryption key of the chat room
Memory
Including more,
Instant Messaging Server.
According to claim 16,
the processor,
Corresponding to the chat room, storing the first cipher text and a second cipher text obtained by encrypting the text message transmitted through the chat room with the encryption key of the chat room in the memory according to the order of transmission;
Transmitting the first cipher text and the second cipher text stored in correspondence to the chat room to a client connected to the chat room;
Instant Messaging Server.
Receiving a chat room key encrypted with a corresponding user public key from a messaging server providing a secure instant messaging service;
Decrypting the encrypted chat room key with a user private key;
Receiving a message including a storage path of an encrypted file through the chat room from the messaging server;
Decrypting the storage path of the encrypted file with the key of the chat room;
Receiving the file from a file server based on the storage path of the decrypted file;
at least one processor
including,
Client.
According to claim 18,
Memory for storing the user private key corresponding to the logged-in user account
Including more,
Client.
According to claim 18,
The key of the chat room includes a symmetric key generated in correspondence with the chat room,
The storage path of the encrypted file includes a first ciphertext obtained by encrypting the storage path of the file with the key of the chat room.
Client.

Images