CN106549754A - The method and apparatus of management key - Google Patents

The method and apparatus of management key Download PDF

Info

Publication number
CN106549754A
CN106549754A CN201611053417.XA CN201611053417A CN106549754A CN 106549754 A CN106549754 A CN 106549754A CN 201611053417 A CN201611053417 A CN 201611053417A CN 106549754 A CN106549754 A CN 106549754A
Authority
CN
China
Prior art keywords
key
plain
message
current device
decruption
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201611053417.XA
Other languages
Chinese (zh)
Inventor
赵微
许楠
张勇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Love Relay Technology Development Co Ltd
Original Assignee
Beijing Love Relay Technology Development Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Love Relay Technology Development Co Ltd filed Critical Beijing Love Relay Technology Development Co Ltd
Priority to CN201611053417.XA priority Critical patent/CN106549754A/en
Publication of CN106549754A publication Critical patent/CN106549754A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0894Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/2803Home automation networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/2803Home automation networks
    • H04L12/2816Controlling appliance services of a home automation network by calling their functionalities

Abstract

The invention discloses a kind of method and apparatus of management key, is related to technical field of data security, it is possible to increase the safety of key plain.The method of the present invention mainly includes:When link transmission message is waited for the arrival of news, the key ciphertext for obtaining current device and the decruption key for decrypting the key ciphertext, wherein, the file after the key plain that uses is encrypted when the key ciphertext is by encrypting to the current device and/or decrypting message;The key ciphertext is decrypted using the decruption key;If successful decryption obtains key plain, after it is determined that the message link is activated, message is transmitted using the key plain;When the message link meets pre-conditioned, the key plain and the decruption key are abandoned.The present invention is mainly suitable in the scene of encrypted transmission data.

Description

The method and apparatus of management key
Technical field
The present invention relates to technical field of data security, more particularly to a kind of method and apparatus of management key.
Background technology
With the development of Internet technology, increasing intelligent home device incorporates the life of people, such as intelligent door Lock, monitoring camera, intelligent electric cooker etc..People can directly using the user equipmenies such as mobile phone, computer come remotely control these Intelligent home device, it is very convenient.
However, as these intelligent home devices are present in the middle of network, so there is also network risks.Therefore, it is Ensure that the user equipmenies such as mobile phone, computer are not compromised to the message that intelligent home device is transmitted by trunking, so as to keeping away Exempt from intelligent home device to cause danger, in prior art, prevent compromised in message transmitting procedure by the way of encryption message, The correctness of message sender identity is guaranteed by the way of signature.It follows that from user equipment to intelligent home device On whole message link, it is required for storing key on each equipment.But, inventor is sent out during stating invention in realization It is existing, key plain is stored directly in hard disk, it is easy to stolen by others, so that intelligent home device is caused danger.
The content of the invention
In view of above-mentioned technical problem, of the invention to propose a kind of method and apparatus of management key, it is possible to increase key is bright The safety of text.
On the one hand, the invention provides a kind of method of management key, methods described includes:
When link transmission message is waited for the arrival of news, obtain the key ciphertext of current device and decrypt the key ciphertext Decruption key, wherein, the key plain used when the key ciphertext is by current device encryption and/or decryption message File after being encrypted;
The key ciphertext is decrypted using the decruption key;
If successful decryption obtains key plain, after it is determined that the message link is activated, using the key plain Transmission message;
When the message link meets pre-conditioned, the key plain and the decruption key are abandoned.
On the other hand, the invention provides a kind of device of management key, described device includes:
Acquiring unit, for when link transmission message is waited for the arrival of news, obtaining key ciphertext and the decryption of current device The decruption key of the key ciphertext, wherein, the key ciphertext is that the current device is encrypted and/or message when institute is decrypted The key plain for using be encrypted after file;
Decryption unit, the decruption key for being obtained using the acquiring unit are solved to the key ciphertext It is close;
Determining unit, in the case of obtaining key plain in the decryption unit successful decryption, determines the message Whether link is activated;
Transmission unit, for after the determining unit determines that the message link is activated, using the key plain Transmission message;
Discarding unit, for when the message link meets pre-conditioned, will be the key plain and the decryption close Key is abandoned.
By above-mentioned technical proposal, the method and apparatus of the management key that the present invention is provided can not be opened in message link When dynamic, the key ciphertext of required key when only message is transmitted in storage in each equipment on message link, and do not store key In plain text;When wait for the arrival of news link transmission message when, each equipment on message link can obtain each needed for decruption key, Then acquisition key plain is decrypted to locally stored key ciphertext using decruption key, and it is determined that message link quilt After startup, start with key plain to transmit message;After message starts transmission, if message link meets pre-conditioned (example Such as the disconnecting on message link between certain two equipment), then key plain and decruption key are abandoned.It follows that with Prior art directly stores key plain and compares, and key ciphertext is only permanently stored by the present invention, and key plain is only entered The of short duration storage of row, so as to reduce the probability that key plain leaks, and then improves the safety of key plain.
Described above is only the general introduction of technical solution of the present invention, in order to better understand the technological means of the present invention, And can be practiced according to the content of description, and in order to allow the above and other objects of the present invention, feature and advantage can Become apparent, below especially exemplified by the specific embodiment of the present invention.
Description of the drawings
By the detailed description for reading hereafter preferred implementation, various other advantages and benefit are common for this area Technical staff will be clear from understanding.Accompanying drawing is only used for the purpose for illustrating preferred implementation, and is not considered as to the present invention Restriction.And in whole accompanying drawing, it is denoted by the same reference numerals identical part.In the accompanying drawings:
The flow chart that Fig. 1 shows a kind of method of management key provided in an embodiment of the present invention;
The flow chart that Fig. 2 shows the method for another kind of management key provided in an embodiment of the present invention;
Fig. 3 shows a kind of method schematic diagram of encryption key plaintext provided in an embodiment of the present invention;
Fig. 4 shows a kind of method schematic diagram of decruption key ciphertext provided in an embodiment of the present invention;
Fig. 5 shows a kind of composition frame chart of the device of management key provided in an embodiment of the present invention;
Fig. 6 shows the composition frame chart of the device of another kind of management key provided in an embodiment of the present invention.
Specific embodiment
The exemplary embodiment of the disclosure is more fully described below with reference to accompanying drawings.Although the disclosure is shown in accompanying drawing Exemplary embodiment, it being understood, however, that may be realized in various forms the disclosure and should not be by embodiments set forth here Limited.On the contrary, there is provided these embodiments are able to be best understood from the disclosure, and can be by the scope of the present disclosure Complete conveys to those skilled in the art.
The embodiment of the present invention provides a kind of method of management key, as shown in figure 1, the method mainly includes:
101st, when link transmission message is waited for the arrival of news, the key ciphertext and the decryption key for obtaining current device is close The decruption key of text.
Wherein, key ciphertext, can encrypt and/or decrypt the key plain used during message to carry out to current device File after encryption.
In actual applications, when being encrypted to the message transmitted using symmetric cryptosystem, each equipment can have There is an encryption key;When being encrypted to the message transmitted using asymmetric encryption techniques, each equipment can have one Individual public private key pair;When needing the message transmitted to be signed or during sign test, each equipment can also have a public and private key It is right.Due to public key be external disclosure, private key be that equipment is privately owned, so needing the key plain of encryption include using symmetrical Encryption technology encrypt or decrypt message when used key, using asymmetric encryption techniques encrypt or/decryption message when made Private key and using asymmetric encryption techniques to information signature or sign test when the private key that used.It follows that needing The key plain of encryption includes at least one.When key plain is multiple, respectively different key plains can be carried out adding It is close, obtain multiple key ciphertexts, it is also possible to which multiple key plains are encrypted together, obtain a key ciphertext.
You need to add is that, when being encrypted to key plain, the encryption technology for being adopted can be symmetric cryptography skill Art, thus the encryption key that used when the key plain to oneself is encrypted of current device with subsequently key ciphertext is entered During row decryption, required decruption key is identical.
When not actuated message link transmits message, each equipment on message link can only store key ciphertext, and Key plain is not stored, and key ciphertext can be stored and permanently stored into hard disk.Transmit when message link is needed During message, each equipment on message link can obtain locally stored key ciphertext and obtain decrypts the key ciphertext institute The decruption key for needing, to be decrypted acquisition key plain to key ciphertext using decruption key.
102nd, the key ciphertext is decrypted using the decruption key.
Specifically, the information of failure if decryption is unsuccessful, can be decrypted with output display, so that user knows decryption Wrong cipher key.If successful decryption, execution step 103.
If the 103, successful decryption obtains key plain, after it is determined that the message link is activated, using the key Plaintext transmission message.
Wherein, after it is determined that all devices on the message link obtain corresponding key plain, current device can be with Determine that the message link is activated, the previous equipment adjacent with the current device sends on the link that can now wait for the arrival of news Encryption and the message signed, and after receiving the message, it is possible to use it is used for decrypting in the key plain that current device is obtained (if from symmetric cryptosystem, the decruption key refers to the key with previous equipment agreement to the decruption key of message, if choosing With asymmetric encryption techniques, then the decruption key refers to the private key for decrypting message of current device) message to receiving carries out Decryption, carries out sign test to the signature that previous equipment sends using the public signature key of previous equipment, if confirming, the message for sending is errorless, Then continue with latter apparatus in key plain encryption key (if from symmetric cryptosystem the encryption key refer to it is rear One equipment agreement key, if from asymmetric encryption techniques the encryption key refer to latter apparatus for encrypting message Public key) be encrypted, signature operation is carried out using the signature private key of current device, so that the message after encryption, signature is sent To next equipment adjacent with the current device on message link, until message is transmitted to target device.
It should be noted that after successful decryption obtains key plain, key plain being stored into internal memory, also may be used To be stored to other memory spaces.
104th, when the message link meets pre-conditioned, the key plain and the decruption key are abandoned.
When message link meets pre-conditioned, only key plain can be abandoned, it is also possible to by key plain and decryption The decruption key of key ciphertext is abandoned together.Wherein, if as decruption key being permanently stored, it may happen that decruption key Leak, the phenomenon for causing key ciphertext to be disengaged, so key plain is abandoned together with decrypting ciphertext with only to abandon key bright Text is compared, and key plain is abandoned together with decrypting ciphertext the safety that may further ensure that key plain.
Specifically, it is pre-conditioned to include but is not limited to following several situations:
(1) when the message of this needs transmission is transmitted to target device, by the key plain of the current device and Decruption key is abandoned.That is, often transmit a piece of news, it is required for being decrypted key ciphertext again acquisition key bright Text.
(2) when the message number that the target device is received reaches predetermined number threshold value, by the current device Key plain and decruption key are abandoned.
Specifically, although every a piece of news is once decrypted to key ciphertext, can prevent key plain from leaking, but It is the efficiency that can but largely effect on transmission message, therefore in order to consider, message can be successfully transmitted to target device Message number when reaching predetermined number threshold value, just key plain and decruption key are abandoned.
(3) when the message link occurs to interrupt, the key plain of the current device and decruption key are abandoned.
When on message link certain connection occur interruption cause whole message link cannot continue transmit message (for example certain Individual device powers down) when, its respective key plain and decruption key can be abandoned by each equipment, when message link is connected again And when needing to transmit message, then key plain is obtained by way of decruption key ciphertext carry out message transfer operations.
The method of management key provided in an embodiment of the present invention, can be when message link be not actuated, on message link Each equipment in only storage transmission message when required key key ciphertext, and do not store key plain;When the chain that waits for the arrival of news During the transmission message of road, each equipment on message link can obtain each required decruption key, then using decruption key Acquisition key plain is decrypted to locally stored key ciphertext, and after it is determined that message link is activated, is started with Key plain is transmitting message;Message start transmission after, if message link meet it is pre-conditioned (such as on message link certain two Disconnecting between individual equipment), then key plain and decruption key are abandoned.It follows that directly storing with prior art Key plain is compared, and key ciphertext is only permanently stored by the present invention, and key plain is only carried out of short duration storage, so as to drop The probability that low key plain leaks, and then improve the safety of key plain.
Further, according to the method shown in Fig. 1, an alternative embodiment of the invention also provides a kind of side of management key Method, as shown in Fig. 2 the method mainly includes:
201st, after the key plain that each equipment on the message link all generates that transmission message is used, obtain and add The encryption key of the key plain of the close current device.
In actual applications, can so that each equipment is realized by the way of ordered encryption to own key encryption of plaintext, Can also be encrypted using other modes.
Wherein, ordered encryption is:From second equipment, the encryption key needed for each equipment is by adjacent previous What equipment sent, and the encryption key of first equipment is by user input.I.e. when the current device is source device, connect Encryption key needed for the key plain of the encryption current device for receiving user input;When the current device is trunking Or during target device, receive the encryption key that previous equipment adjacent with the current device on the message link sends. Wherein, the mode of user input encryption key is numeral, gesture or fingerprint etc..
As source device and trunking are required for sending encryption key to the next equipment being adjacent, so currently setting During for being source device or trunking, after the key plain to current device is encrypted, can be according to current device Encryption key determines the encryption key of next equipment adjacent with the current device on message link, then will be the encryption for determining close Key is sent to next equipment.
Wherein, next equipment adjacent with the current device on message link is determined according to the encryption key of current device The specific implementation of encryption key is including but not limited to following two:
(1) encryption key of the current device is directly defined as the encryption key of next equipment, i.e., each sets The standby encryption key for being used is identical.
(2) computing is carried out to the encryption key of the current device according to preset algorithm, and operation result is defined as into institute State the encryption key of next equipment.
In actual applications, can be computing be carried out to the encryption key of current device using various computing modes, under acquisition The encryption key of one equipment.For example, can first for the current device encryption key addition prestore, for arranging The data needed for the encryption key of next equipment are stated, the cryptographic Hash of the encryption key after interpolation data is then calculated, finally by institute State the encryption key that cryptographic Hash is defined as next equipment.Wherein, on the encryption key of current device during interpolation data, can It is added with any position of the encryption key in current device.
It should be noted that the mode of the encryption key for determining next equipment second, can cause adding for each equipment Key is different from, even if so as to some encryption key is (due to adopting symmetric cryptosystem, so decruption key and encryption Key is identical) reveal, also it is not result in that other encryption keys are revealed, the safety thus, it is possible to further improve key plain.
202nd, the key plain of the current device is encrypted using the encryption key, obtains the key plain Corresponding key ciphertext.
When key plain has it is multiple when, it is possible to use different encryption keys is encrypted to different key plains respectively Obtain different key ciphertexts, it is also possible to acquisition is encrypted respectively to different key plains using an encryption key different Key ciphertext, it is also possible to using an encryption key to one block encryption of all of key plain obtain a key ciphertext.
203rd, the key plain of the current device is abandoned.
After key ciphertext is obtained, key plain can be abandoned, so as to when needing to be decrypted key ciphertext, then Obtain key plain.
204th, when link transmission message is waited for the arrival of news, the key ciphertext and the decryption key for obtaining current device is close The decruption key of text.
It is corresponding with ordered encryption, when being decrypted to key ciphertext, can with using order decryption by the way of cause Each equipment obtains the decruption key needed for which successively.
Specifically, the decryption when the current device is source device, needed for the decryption key ciphertext of receives input Key;When the current device is trunking or target device, with the current device on the reception message link The decruption key that adjacent previous equipment sends.
As source device and trunking are required for sending decruption key to the next equipment being adjacent, so currently setting During for being source device or trunking, after current device successful decryption obtains key plain, can currently be set according to described Standby decruption key, determines the decruption key of next equipment adjacent with the current device on the message link, and will be true Fixed decruption key is sent to next equipment, so that the decruption key that determines described in next equipment utilization is under described The key ciphertext of one equipment is decrypted.
Corresponding with the encryption key that next equipment is determined according to the encryption key of current device (determines encryption key Method is identical with the method for determining decruption key), the decruption key of next equipment is determined according to the decruption key of current device Specific implementation is including but not limited to following two:
(1) decruption key of the current device is defined as the decruption key of next equipment.
(2) computing is carried out to the decruption key of the current device according to preset algorithm, and operation result is defined as into institute State the decruption key of next equipment.
Wherein, corresponding with encryption key is obtained, obtaining the computing mode that adopts of decruption key can be for:Work as described It is that the decruption key addition of front equipment is prestored, for arranging the data needed for the decruption key of next equipment;Calculate The cryptographic Hash of the decruption key after interpolation data;The cryptographic Hash is defined as into the decruption key of next equipment.
205th, the key ciphertext is decrypted using the decruption key.
If the 206, successful decryption obtains key plain, after it is determined that the message link is activated, using the key Plaintext transmission message.
207th, when the message link meets pre-conditioned, the key plain and the decruption key are abandoned.
The method of management key provided in an embodiment of the present invention, except only when needing using key plain, just to close Key ciphertext is decrypted acquisition key plain, so as to reduce outside the probability that key plain leaks, obtain encryption key and During decruption key, by way of being decrypted using ordered encryption so that the encryption key and decruption key needed for current device The previous equipment being only adjacent is determining, and encryption key or decruption key that other equipment sends are not adopted, So as to prevent other people to be encrypted to key plain by sending the encryption key of mistake, or prevent other people correct by sending Decruption key obtaining key plain, thus further increase the safety of key plain.
The corresponding server of application software and intelligence of user equipment (are included by trunking with user equipment below The corresponding server of home equipment) control intelligent home device, and as a example by the encrypting and decrypting mode for being adopted is for sequential system, it is right Above-mentioned key management method is introduced:
(1) ciphering process (as shown in Figure 3)
After user equipment, trunking and intelligent home device are all generated sends the key needed for message, Yong Huke To be input into encryption key 1 by the application software on user equipment;After user equipment obtains encryption key 1, it is possible to use plus Key 1 is encrypted acquisition key ciphertext 1 to key plain 1, and determines encryption key 2 according to encryption key 1, will encrypt close Key 2 is sent to trunking, and encryption key 1 and key plain 1 are abandoned;Trunking receives adding for user equipment transmission After key 2, it is possible to use encryption key 2 is encrypted acquisition key ciphertext 2 to key plain 2, and true according to encryption key 2 Determine encryption key 3, encryption key 3 is sent to into intelligent home device, encryption key 2 and key plain 2 are abandoned;Intelligent family After the equipment of residence receives the encryption key 3 of trunking transmission, it is possible to use encryption key 3 is encrypted to key plain 3 and obtains Key ciphertext 3 is obtained, encryption key 3 and key plain 3 are abandoned.
(2) decrypting process (as shown in Figure 4)
When the message link transmission message for needing startup to be made up of user equipment, trunking and intelligent home device When, the application software that user can pass through on user equipment is input into decruption key 1;After user equipment obtains decruption key 1, can So that acquisition key plain 1 is decrypted to key ciphertext 1 using decruption key 1, and decruption key 2 is determined according to decruption key 1, Decruption key 2 is sent to into trunking;After trunking receives the decruption key 2 of user equipment transmission, it is possible to use solution Key 2 is decrypted acquisition key plain 2 to key ciphertext 2, and determines decruption key 3 according to decruption key 2, will decrypt close Key 3 is sent to intelligent home device;After intelligent home device receives the decruption key 3 of trunking transmission, it is possible to use solution Key 3 is decrypted acquisition key plain 3 to key ciphertext 3.When user equipment determines that intelligent home device acquisition key is bright Wen Hou, the application software that user can pass through on user equipment send message to trunking, by trunking forwarding message extremely Intelligent home device, so as to realize control of the user equipment to intelligent home device.After message transfer function is opened, in message When link meets pre-conditioned, respective key plain can be conciliate by user equipment, trunking and intelligent home device Key is abandoned, to need next time during initiation message link transmission message, then decruption key ciphertext again.
It should be noted that when the encryption technology adopted when being encrypted to key plain is symmetric cryptosystem When, in Fig. 4, the decruption key 1 of user input must be identical with the encryption key 1 of user input in Fig. 3, and user equipment could be into Work(decryption obtains key plain 1;In the same manner, when decruption key 2 is identical with encryption key 2, trunking ability successful decryption is obtained Key plain 2 is obtained, when decruption key 3 is identical with encryption key 3, intelligent home device could successful decryption acquisition key plain 3。
Further, according to said method embodiment, an alternative embodiment of the invention also provides a kind of management key Device, as shown in figure 5, described device mainly includes:Acquiring unit 31, decryption unit 32, determining unit 33, transmission unit 34 with And discarding unit 35.Wherein,
Acquiring unit 31, for when link transmission message is waited for the arrival of news, obtaining the key ciphertext and solution of current device The decruption key of the close key ciphertext, wherein, when the key ciphertext is that the current device is encrypted and/or message is decrypted The key plain for being used be encrypted after file;
Wherein, when key plain is multiple, respectively different key plains can be encrypted, obtains multiple keys Ciphertext, it is also possible to be encrypted to multiple key plains together, obtains a key ciphertext.
Decryption unit 32, the decruption key for being obtained using the acquiring unit 31 are carried out to the key ciphertext Decryption;
Determining unit 33, in the case of obtaining key plain in 32 successful decryption of the decryption unit, it is determined that described Whether message link is activated;
It should be noted that after successful decryption obtains key plain, key plain being stored into internal memory, also may be used To be stored to other memory spaces.Additionally, when decryption failure, the information of failure can be decrypted with output display, with So that user knows decruption key mistake.
Transmission unit 34, for after the determining unit 33 determines that the message link is activated, using the key Plaintext transmission message;
Discarding unit 35, for when the message link meets pre-conditioned, by the key plain and the decryption Key is abandoned.
Optionally, as shown in fig. 6, the acquiring unit 31 includes:
When first receiver module 311 is source device for current device, the solution of the decryption key ciphertext of receives input Key;When the current device is trunking or target device, receives and currently set with described on the message link The decruption key that standby adjacent previous equipment sends.
Wherein, the mode of user input encryption key is numeral, gesture or fingerprint etc..
Optionally, the determining unit 33 is additionally operable to current device for source device or during trunking, in successful decryption Obtain key plain after, according to the decruption key of the current device, determine on the message link with the current device phase The decruption key of adjacent next equipment;
As shown in fig. 6, described device also includes:
Transmitting element 36, for the decruption key that the determining unit 33 determines is sent to next equipment, so as to The decruption key determined described in next equipment utilization is decrypted to the key ciphertext of next equipment.
Optionally, as shown in fig. 6, the determining unit 33 includes:
First determining module 331, for the decruption key of the current device to be defined as the decryption of next equipment Key;
Second determining module 332, for computing is carried out to the decruption key of the current device according to preset algorithm, and will Operation result is defined as the decruption key of next equipment.
Optionally, as shown in fig. 6, second determining module 332 includes:
Addition submodule 3321, for for the current device decruption key add prestore, for arranging State the data of the decruption key of next equipment;
Wherein, on the encryption key of current device during interpolation data, can be in the arbitrary of the encryption key of current device Position is added.
Calculating sub module 3322, for calculating the Hash of the decruption key after addition 3321 interpolation data of submodule Value;
Determination sub-module 3323, the cryptographic Hash for the calculating sub module 3322 is obtained are defined as described next The decruption key of equipment.
Optionally, as shown in fig. 6, the discarding unit 35 includes:
First discard module 351, for when the message for transmitting this is transmitted to target device, by the current device Key plain and decruption key abandon;
Second discard module 352, for when the message number that the target device is received reaches predetermined number threshold value, The key plain of the current device and decruption key are abandoned;
3rd discard module 353, for when the message link occurs to interrupt, by the key plain of the current device Abandon with decruption key.
Optionally, the determining unit 33 is for it is determined that all devices on the message link obtain corresponding key After in plain text, determine that the message link is activated.
Optionally, the acquiring unit 31 is additionally operable to each equipment on the message link and all generates transmission message institute After the key plain for using, the encryption key of the key plain of the encryption current device is obtained;
As shown in fig. 6, described device also includes:
Ciphering unit 37, for the encryption key that obtained using the acquiring unit 31 to the close of the current device Key is encrypted in plain text, obtains the corresponding key ciphertext of the key plain;
The discarding unit 35 is additionally operable to be abandoned the key plain of the current device.
Optionally, as shown in fig. 6, the acquiring unit 31 includes:
When second receiver module 312 is source device for current device, the encryption current device of receives input it is close Key encryption of plaintext key;When current device is trunking or target device, receives The encryption key that the adjacent previous equipment of front equipment sends.
The device of management key provided in an embodiment of the present invention, can be when message link be not actuated, on message link Each equipment in only storage transmission message when required key key ciphertext, and do not store key plain;When the chain that waits for the arrival of news During the transmission message of road, each equipment on message link can obtain each required decruption key, then using decruption key Acquisition key plain is decrypted to locally stored key ciphertext, and after it is determined that message link is activated, is started with Key plain is transmitting message;Message start transmission after, if message link meet it is pre-conditioned (such as on message link certain two Disconnecting between individual equipment), then key plain and decruption key are abandoned.It follows that directly storing with prior art Key plain is compared, and key ciphertext is only permanently stored by the present invention, and key plain is only carried out of short duration storage, so as to drop The probability that low key plain leaks, and then improve the safety of key plain.Additionally, obtaining encryption key and decryption During key, by way of being decrypted using ordered encryption so that the encryption key and decruption key needed for current device is only There is the previous equipment being adjacent to determine, and encryption key or decruption key that other equipment sends are not adopted, so as to Prevent other people to be encrypted to key plain by sending the encryption key of mistake, or other people are prevented by sending correct solution Thus key further increases the safety of key plain obtaining key plain.
The device embodiment is corresponding with preceding method embodiment, and for ease of reading, this device embodiment is no longer to aforementioned side Detail content in method embodiment is repeated one by one, it should be understood that the device in the present embodiment correspondingly can realize it is aforementioned Full content in embodiment of the method.
The device of the management key includes processor and memorizer, above-mentioned acquiring unit, decryption unit, determining unit, Transmission unit and discarding unit etc. are stored in memory as program unit, are stored in memory by computing device Said procedure unit is realizing corresponding function.
Kernel is included in processor, goes in memorizer, to transfer corresponding program unit by kernel.Kernel can arrange one Or more, the safety of key plain is improved by adjusting kernel parameter.
Memorizer potentially includes the volatile memory in computer-readable medium, random access memory (RAM) and/ Or the form, such as read only memory (ROM) or flash memory (flash RAM) such as Nonvolatile memory, memorizer includes that at least one deposits Storage chip.
Present invention also provides a kind of computer program, when performing in data handling equipment, is adapted for carrying out just The program code of beginningization there are as below methods step:
When link transmission message is waited for the arrival of news, obtain the key ciphertext of current device and decrypt the key ciphertext Decruption key, wherein, the key plain used when the key ciphertext is by current device encryption and/or decryption message File after being encrypted;
The key ciphertext is decrypted using the decruption key;
If successful decryption obtains key plain, after it is determined that the message link is activated, using the key plain Transmission message;
When the message link meets pre-conditioned, the key plain and the decruption key are abandoned.
Those skilled in the art are it should be appreciated that embodiments herein can be provided as method, system or computer program Product.Therefore, the application can adopt complete hardware embodiment, complete software embodiment or with reference to the reality in terms of software and hardware Apply the form of example.And, the application can be using the computer for wherein including computer usable program code at one or more The computer program implemented in usable storage medium (including but not limited to disk memory, CD-ROM, optical memory etc.) is produced The form of product.
The application be with reference to according to the method for the embodiment of the present application, equipment (system), and computer program flow process Figure and/or block diagram are describing.It should be understood that can be by computer program instructions flowchart and/or each stream in block diagram The combination of journey and/or square frame and flow chart and/or flow process and/or square frame in block diagram.These computer programs can be provided The processor of general purpose computer, special-purpose computer, Embedded Processor or other programmable data processing devices is instructed to produce A raw machine so that produced for reality by the instruction of computer or the computing device of other programmable data processing devices The device of the function of specifying in present one flow process of flow chart or one square frame of multiple flow processs and/or block diagram or multiple square frames.
These computer program instructions may be alternatively stored in and can guide computer or other programmable data processing devices with spy Determine in the computer-readable memory that mode works so that the instruction being stored in the computer-readable memory is produced to be included referring to Make the manufacture of device, the command device realize in one flow process of flow chart or one square frame of multiple flow processs and/or block diagram or The function of specifying in multiple square frames.
These computer program instructions can be also loaded in computer or other programmable data processing devices so that in meter Series of operation steps is performed on calculation machine or other programmable devices to produce computer implemented process, so as in computer or The instruction performed on other programmable devices is provided for realizing in one flow process of flow chart or multiple flow processs and/or block diagram one The step of function of specifying in individual square frame or multiple square frames.
In a typical configuration, computing device includes one or more processors (CPU), input/output interface, net Network interface and internal memory.
Memorizer potentially includes the volatile memory in computer-readable medium, random access memory (RAM) and/ Or the form, such as read only memory (ROM) or flash memory (flash RAM) such as Nonvolatile memory.Memorizer is that computer-readable is situated between The example of matter.
Computer-readable medium includes that permanent and non-permanent, removable and non-removable media can be by any method Or technology is realizing information Store.Information can be computer-readable instruction, data structure, the module of program or other data. The example of the storage medium of computer includes, but are not limited to phase transition internal memory (PRAM), static RAM (SRAM), moves State random access memory (DRAM), other kinds of random access memory (RAM), read only memory (ROM), electric erasable Programmable read only memory (EEPROM), fast flash memory bank or other memory techniques, read-only optical disc read only memory (CD-ROM), Digital versatile disc (DVD) or other optical storages, magnetic cassette tape, the storage of tape magnetic rigid disk or other magnetic storage apparatus Or any other non-transmission medium, can be used to store the information that can be accessed by a computing device.Define according to herein, calculate Machine computer-readable recording medium does not include temporary computer readable media (transitory media), the such as data signal and carrier wave of modulation.
Embodiments herein is these are only, the application is not limited to.To those skilled in the art, The application can have various modifications and variations.All any modifications made within spirit herein and principle, equivalent, Improve etc., within the scope of should be included in claims hereof.

Claims (10)

1. it is a kind of management key method, it is characterised in that methods described includes:
When link transmission message is waited for the arrival of news, the decryption of the key ciphertext and the decryption key ciphertext of current device is obtained Key, wherein, the key plain used when the key ciphertext is by current device encryption and/or decryption message is carried out File after encryption;
The key ciphertext is decrypted using the decruption key;
If successful decryption obtains key plain, after it is determined that the message link is activated, transmitted using the key plain Message;
When the message link meets pre-conditioned, the key plain and the decruption key are abandoned.
2. method according to claim 1, it is characterised in that the decruption key bag of the key ciphertext is decrypted in the acquisition Include:
When current device is source device, the decruption key of the decryption key ciphertext of receives input;
Current device is trunking or during target device, receive it is adjacent with the current device on the message link before The decruption key that one equipment sends.
3. method according to claim 2, it is characterised in that if the current device is source device or trunking, Then after successful decryption obtains key plain, methods described also includes:
According to the decruption key of the current device, next equipment adjacent with the current device on the message link is determined Decruption key;
The decruption key of determination is sent to into next equipment, so as to the decruption key determined described in next equipment utilization The key ciphertext of next equipment is decrypted.
4. method according to claim 3, it is characterised in that the decruption key according to the current device, it is determined that On the message link, the decruption key of the next equipment adjacent with the current device includes:
The decruption key of the current device is defined as into the decruption key of next equipment;
Or, computing is carried out according to preset algorithm to the decruption key of the current device, and operation result is defined as described The decruption key of next equipment.
5. method according to claim 4, it is characterised in that the decryption according to preset algorithm to the current device Key carries out computing, and the decruption key that operation result is defined as next equipment is included:
Decruption key for the current device adds the number of decruption key prestore, for arranging next equipment According to;
Calculate the cryptographic Hash of the decruption key after interpolation data;
The cryptographic Hash is defined as into the decruption key of next equipment.
6. method according to any one of claim 1 to 5, it is characterised in that described to meet pre- in the message link If during condition, the key plain and the decruption key are abandoned to be included:
When the message for transmitting this is transmitted to target device, the key plain and decruption key of the current device are lost Abandon;
Or, when the message number that the target device is received reaches predetermined number threshold value, by the close of the current device Key is abandoned with decruption key in plain text;
Or, when the message link occurs to interrupt, the key plain of the current device and decruption key are abandoned.
7. method according to any one of claim 1 to 5, it is characterised in that the determination message link is opened It is dynamic to include:
After it is determined that all devices on the message link obtain corresponding key plain, determine that the message link is opened It is dynamic.
8. method according to any one of claim 1 to 5, it is characterised in that methods described also includes:
After the key plain that each equipment on the message link all generates that transmission message is used, obtain The encryption key of the key plain of front equipment;
The key plain of the current device is encrypted using the encryption key, obtains the key plain corresponding close Key ciphertext;
The key plain of the current device is abandoned.
9. method according to claim 8, it is characterised in that the key plain of the current device is encrypted in the acquisition Encryption key includes:
When current device is source device, the encryption key of the key plain of the encryption current device of receives input;
Current device is trunking or during target device, receive it is adjacent with the current device on the message link before The encryption key that one equipment sends.
10. it is a kind of management key device, it is characterised in that described device includes:
Acquiring unit, the key ciphertext and decryption for when link transmission message is waited for the arrival of news, obtaining current device are described The decruption key of key ciphertext, wherein, use when the key ciphertext is by current device encryption and/or decryption message Key plain be encrypted after file;
Decryption unit, the decruption key for being obtained using the acquiring unit are decrypted to the key ciphertext;
Determining unit, in the case of obtaining key plain in the decryption unit successful decryption, determines the message link Whether it is activated;
Transmission unit, for, after the determining unit determines that the message link is activated, being transmitted using the key plain Message;
Discarding unit, for when the message link meets pre-conditioned, the key plain and the decruption key being lost Abandon.
CN201611053417.XA 2016-11-24 2016-11-24 The method and apparatus of management key Pending CN106549754A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201611053417.XA CN106549754A (en) 2016-11-24 2016-11-24 The method and apparatus of management key

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201611053417.XA CN106549754A (en) 2016-11-24 2016-11-24 The method and apparatus of management key

Publications (1)

Publication Number Publication Date
CN106549754A true CN106549754A (en) 2017-03-29

Family

ID=58395128

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201611053417.XA Pending CN106549754A (en) 2016-11-24 2016-11-24 The method and apparatus of management key

Country Status (1)

Country Link
CN (1) CN106549754A (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109918943A (en) * 2019-02-25 2019-06-21 宿州市新亚电子科技有限公司 The connection mobile phone that mobile phone and flash disk use is to flash disk data encryption/decryption method and system
CN110618614A (en) * 2019-09-25 2019-12-27 北京爱接力科技发展有限公司 Control method and device for smart home, storage medium and robot
CN114124364A (en) * 2020-08-27 2022-03-01 国民技术股份有限公司 Key security processing method, device, equipment and computer readable storage medium
CN114189394A (en) * 2022-02-15 2022-03-15 北京安帝科技有限公司 Data decryption method and device, electronic equipment and storage medium

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1682205A (en) * 2002-09-16 2005-10-12 三星电子株式会社 Method for encrypting and decrypting metadata and method for managing metadata and system thereof
CN101166088A (en) * 2007-09-27 2008-04-23 航天信息股份有限公司 Encryption and decryption method based on user identity identifier
CN101197674A (en) * 2007-12-10 2008-06-11 华为技术有限公司 Encrypted communication method, server and encrypted communication system
CN101557587A (en) * 2009-04-08 2009-10-14 哈尔滨工程大学 Management method of hierarchical tree key in wireless sensor network (WSN)
CN102377564A (en) * 2011-11-15 2012-03-14 华为技术有限公司 Method and device for encrypting private key

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1682205A (en) * 2002-09-16 2005-10-12 三星电子株式会社 Method for encrypting and decrypting metadata and method for managing metadata and system thereof
CN101166088A (en) * 2007-09-27 2008-04-23 航天信息股份有限公司 Encryption and decryption method based on user identity identifier
CN101197674A (en) * 2007-12-10 2008-06-11 华为技术有限公司 Encrypted communication method, server and encrypted communication system
CN101557587A (en) * 2009-04-08 2009-10-14 哈尔滨工程大学 Management method of hierarchical tree key in wireless sensor network (WSN)
CN102377564A (en) * 2011-11-15 2012-03-14 华为技术有限公司 Method and device for encrypting private key

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109918943A (en) * 2019-02-25 2019-06-21 宿州市新亚电子科技有限公司 The connection mobile phone that mobile phone and flash disk use is to flash disk data encryption/decryption method and system
CN110618614A (en) * 2019-09-25 2019-12-27 北京爱接力科技发展有限公司 Control method and device for smart home, storage medium and robot
CN114124364A (en) * 2020-08-27 2022-03-01 国民技术股份有限公司 Key security processing method, device, equipment and computer readable storage medium
CN114189394A (en) * 2022-02-15 2022-03-15 北京安帝科技有限公司 Data decryption method and device, electronic equipment and storage medium

Similar Documents

Publication Publication Date Title
US10785019B2 (en) Data transmission method and apparatus
EP3291481B1 (en) Decrypting encrypted data on an electronic device
JP2021083076A (en) Data transmission method, apparatus and system
US9094191B2 (en) Master key encryption functions for transmitter-receiver pairing as a countermeasure to thwart key recovery attacks
WO2015180691A1 (en) Key agreement method and device for verification information
CN108347419A (en) Data transmission method and device
CN104023013A (en) Data transmission method, server side and client
US10348502B2 (en) Encrypting and decrypting data on an electronic device
US20190268145A1 (en) Systems and Methods for Authenticating Communications Using a Single Message Exchange and Symmetric Key
CN109309566B (en) Authentication method, device, system, equipment and storage medium
US20230188325A1 (en) Computer-implemented system and method for highly secure, high speed encryption and transmission of data
CN106549754A (en) The method and apparatus of management key
CN103378971A (en) Data encryption system and method
US11528127B2 (en) Computer-implemented system and method for highly secure, high speed encryption and transmission of data
CN107483388A (en) A kind of safety communicating method and its terminal and high in the clouds
US20160148002A1 (en) Key storage apparatus, key storage method and program therefor
Goyal et al. Cryptographic security using various encryption and decryption method
KR101929355B1 (en) Encryption and decryption system using unique serial number and symmetric cryptography
JP5945525B2 (en) KEY EXCHANGE SYSTEM, KEY EXCHANGE DEVICE, ITS METHOD, AND PROGRAM
CN111131158A (en) Single byte symmetric encryption and decryption method, device and readable medium
CN116599771B (en) Data hierarchical protection transmission method and device, storage medium and terminal
CN112398818B (en) Software activation method and related device thereof
CN117221877B (en) Safety verification and transmission method applied to frequency radio field data
JP6404958B2 (en) Authentication system, method, program, and server
Tsai et al. Self-parameter Based Bilateral Session Key Exchange Method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20170329

RJ01 Rejection of invention patent application after publication