CN107508672B

CN107508672B - Key synchronization method, key synchronization device and key synchronization system based on symmetric key pool

Info

Publication number: CN107508672B
Application number: CN201710800682.8A
Authority: CN
Inventors: 富尧; 钟一民
Original assignee: Zhejiang Shenzhou Liangzi Network Science & Technology Co ltd
Current assignee: Zhejiang Shenzhou Liangzi Network Science & Technology Co ltd
Priority date: 2017-09-07
Filing date: 2017-09-07
Publication date: 2020-06-16
Anticipated expiration: 2037-09-07
Also published as: CN107508672A

Abstract

The invention discloses a key synchronization method, a key synchronization device and a key synchronization system based on a symmetric key pool, wherein between two synchronization parties with the symmetric key pool, the two synchronization parties both use a ciphertext mode when sending messages, and the messages have authentication information for the other party to authenticate. The invention can improve the current key pool updating mechanism, greatly improves the safety, and further improves the exception handling capacity and the convenience.

Description

Key synchronization method, key synchronization device and key synchronization system based on symmetric key pool

Technical Field

The invention relates to the technical field of secure communication, in particular to a key synchronization method and a key synchronization system based on a symmetric key pool, namely a mechanism for how two communication parties take out the same key from the symmetric key pool.

Background

Due to the development of quantum computers, classical asymmetric cryptographic algorithms are no longer secure, and symmetric key algorithms will make the best way no matter in the authentication or encryption and decryption fields. The approach of symmetric key pools will be an important or even mainstream solution to secure keys.

As a scheme of security upgrade, all or part of the content in the symmetric key pool can be stored in an encrypted manner, and the encrypted key can be stored in a security isolation device hosted by the symmetric key pool. When the key operation is subsequently performed on the symmetric key pool, the symmetric key pool needs to be decrypted by the security isolation device and then used. The invention patent document with the patent publication number of CN105337726A and the title of "end-to-end handheld device encryption method and system based on quantum cryptography" discloses an end-to-end handheld device encryption method based on quantum cryptography, wherein a pair of symmetric key pools are formed between two key distribution devices for quantum communication through QKD, and are used for quantum encryption communication between users of both sides of the QKD.

Also for example, the invention patent document, publication No. CN106452740A entitled "a quantum communication service station, a quantum key management device, and a key arrangement network and method", discloses a quantum communication service station and a quantum key management device that share a same quantum random number key data block between them, which data block pair can also be understood as a pair of symmetric key pools, for encrypted communication of quantum random number keys by users of both parties.

The symmetric key pool has the operations of distribution, synchronization, supplement, monitoring, key fetching and the like. Distribution refers to the formation and filling of a pool of symmetric keys; the synchronization refers to selecting a section of key from the symmetric key pool for identity authentication, message authentication or becoming a session key for the service layer to use; the supplementation means that the two parties delete the data of the used key area at the same time and fill a new key; the monitoring means records various service conditions of the current key pool, such as residual key amount, state machine switching, workload, alarm information and the like; and taking the key, namely taking the key out of the synchronized key pool for service layer use, wherein if the key pool is in synchronization, the key cannot be taken, and the key can be taken only after the synchronization is finished.

For key synchronization of the symmetric key pool, see the patent document with the publication number CN105337726A entitled "end-to-end handheld device encryption method and system based on quantum cryptography", the synchronization of the symmetric key pool depends on the synchronization information of the quantum communication key. The synchronous information of the quantum communication key comprises the number and the starting address of the quantum communication key, the length and the life cycle of the quantum communication key and the like.

For another example, in the patent document with the disclosure number CN105337726A entitled "quantum cryptography based end-to-end handheld device encryption method and system", a key management center KMC manages key synchronization and key update of any pair of symmetric key pools in the entire communication network, and monitors the status of the key pools.

The problems existing in the prior art are as follows:

1. when the symmetric key pool is synchronously transmitted, the number, the initial address, the length, the life cycle and the like of the key are all plaintext, so that the system security is reduced.

2. The symmetric key pool synchronization may cause a problem that one or both parties are not synchronized, which may result in the failure of subsequent key pairs to continue matching, and consequently, the key pool is invalidated. The literature does not mention the handling way when the abnormal condition occurs in the synchronization of the symmetric key pool.

The KMC centrally controls key synchronization of each pair of symmetric key pools in the whole network, and if the security of the KMC is affected, the security of the whole network is affected.

Disclosure of Invention

The invention provides a key synchronization method, which can improve the current key pool updating mechanism, greatly improve the safety and further improve the exception handling capacity and convenience.

A key synchronization method based on a symmetric key pool is implemented on an active synchronization party, messages transmitted and received between the active synchronization party and a passive synchronization party are all in a ciphertext mode, and the messages are provided with authentication information for the other party to authenticate.

The key synchronization method specifically comprises the following steps:

sending a synchronization request to a passive synchronizer;

and receiving a synchronization response returned by the passive synchronization party after processing the synchronization request, performing synchronization judgment, sending synchronization feedback to the passive synchronization party according to a judgment result, and performing corresponding synchronization on the passive synchronization party.

Correspondingly, the invention also provides a key synchronization device based on the symmetric key pool as an active synchronization party, which comprises a processor and a memory, wherein the memory is used for storing the following instructions and is loaded and executed by the processor:

sending a synchronization request to a passive synchronizer;

receiving a synchronization response returned by the passive synchronization party after processing the synchronization request, performing synchronization judgment, sending synchronization feedback to the passive synchronization party according to a judgment result, and performing corresponding synchronization on the passive synchronization party;

the messages transmitted and received between the active synchronous party and the passive synchronous party are all in a ciphertext mode, and the messages are provided with authentication information for the other party to authenticate.

A key synchronization method based on a symmetric key pool is implemented on a passive synchronization party, messages transmitted and received between the passive synchronization party and an active synchronization party are all in a ciphertext mode, and the messages are provided with authentication information for the other party to authenticate.

The key synchronization method specifically comprises the following steps:

receiving a synchronization request from an active synchronization party, judging whether to pre-synchronize, and sending a synchronization response to the active synchronization party according to a judgment result, wherein the synchronization response is used for the active synchronization party to perform synchronization judgment;

and receiving the synchronous feedback returned by the active synchronous party according to the synchronous judgment and correspondingly synchronizing at the own party.

Correspondingly, the invention also provides a key synchronization device based on the symmetric key pool as a passive synchronization party, which comprises a processor and a memory, wherein the memory is used for storing the following instructions and is loaded and executed by the processor:

receiving synchronous feedback returned by the active synchronous party according to synchronous judgment and corresponding synchronization at the own party;

the messages transmitted and received between the passive synchronous party and the active synchronous party are all in a ciphertext mode, and the messages are provided with authentication information for the other party to authenticate.

A key synchronization method based on a symmetric key pool is implemented between two synchronization parties with the symmetric key pool, the two synchronization parties both use a ciphertext mode when sending messages to each other, and the messages have authentication information for the other party to authenticate.

The key synchronization method specifically comprises the following steps:

the active synchronization side sends a synchronization request to the passive synchronization side;

the passive synchronization party judges whether to pre-synchronize after receiving the synchronization request and sends corresponding synchronization response to the active synchronization party according to the judgment result;

the active synchronization party receives the synchronization response, performs synchronization judgment, sends synchronization feedback to the passive synchronization party according to the judgment result, and performs corresponding synchronization on the own party;

the passive synchronization party receives the synchronization feedback and synchronizes correspondingly at the own party.

Correspondingly, the invention also provides a key synchronization system, which comprises the key synchronization device based on the symmetric key pool and used as an active synchronization party and the key synchronization device based on the symmetric key pool and used as a passive synchronization party.

In the invention, key synchronization between two synchronous parties, namely an active synchronous party and a passive synchronous party, does not need access and control of a third party, and other members of the network are not influenced even if abnormal conditions occur.

The messages sent by the two synchronous parties to each other, such as the synchronous request, the synchronous response and the synchronous feedback, are all in a ciphertext mode, and can be correspondingly encrypted and decrypted because the two synchronous parties have a symmetric key pool, and not only the messages sent by the two synchronous parties to each other all adopt an authentication mechanism, namely, the messages are authenticated by using authentication information carried in the messages, but also the message authentication algorithm itself can adopt the prior art, such as a hash algorithm with a key, for example, a MAC algorithm (e.g., HMAC algorithm) in classical cryptography. The message authentication algorithm can identify tampering and disguising, confirm the integrity of the message and realize identity authentication of the sender.

And the active synchronizer sends a corresponding synchronization request to the passive synchronizer according to the related information of the key required by the application layer.

The key requirements of the application layer may be requests from the active synchronizer itself or from other devices.

The synchronous request comprises an identity identifier, key synchronous information and a message authentication code, wherein the key synchronous information and the message authentication code are in a ciphertext form.

The identity mark is used for identifying and positioning a corresponding key pool by the other party, and the message authentication code is the authentication information used for authenticating the other party.

And the active synchronization party pre-calculates the synchronized key control entries and assembles the key control entries and the corresponding timestamps into the key synchronization information.

The key control entry comprises a key address and a length, which respectively correspond to the following keys in the key pool:

the application layer key is used for generating a key required by the application layer;

the message authentication key is used for generating a message authentication code by combining the key synchronization information;

and the message encryption key is used for encrypting the key synchronization information and the message authentication code to obtain a corresponding ciphertext.

In the key pool, the key addresses are distributed in sequence or out of sequence in each key control entry before and after synchronization.

The key synchronization mode is synchronous refreshing or synchronous replacing and recorded in the key control item, and the active synchronizer judges the key synchronization mode at this time and correspondingly pre-calculates the synchronized key control item.

When the key synchronization is needed, the process that the active synchronizer judges the key synchronization mode at this time is as follows:

in the key control items before synchronization, the corresponding application layer key is out of the available life cycle; or if the corresponding application layer key is in the available life cycle but different from the key length required by the application layer, the key synchronization mode is synchronous replacement;

in the key control entry before synchronization, the corresponding application layer key is in the available life cycle, and the length of the corresponding application layer key is the same as that of the key required by the application layer, so that the key synchronization mode is synchronous refreshing.

If the key synchronization mode is synchronous refreshing, and the active synchronization party pre-calculates the synchronized key control items, the application layer key, the message authentication key and the message encryption key are assigned by using the related information before synchronization (namely after the last synchronization);

and if the key synchronization mode is synchronous replacement, when the active synchronization party pre-calculates the synchronized key control items, the application layer key, the message authentication key and the message encryption key are assigned according to the related information of the key required by the application layer.

The application layer initiates key needs, but does not indicate that key synchronization is necessarily needed, so under certain conditions, key synchronization is not needed, for example, the corresponding application layer key is in the available life cycle, the length of the corresponding application layer key is the same as that of the application layer key, and key control optional information (such as key use methods and the like) is the same before and after synchronization; the required key is directly used without synchronization.

The synchronous request comprises an identity, the passive synchronous party firstly verifies the identity in the synchronous request after receiving the synchronous request, if not, the data packet of the synchronous request is discarded, and if the data packet is legal, the passive synchronous party is positioned to a key pool corresponding to the identity.

Because the synchronization request is initiated by the active synchronization party, the identity is the identity of the active synchronization party, and the passive synchronization party can find the key pool corresponding to the active synchronization party according to the identity.

The passive synchronization side receives the synchronization request and then judges whether to presynchronize, namely the passive synchronization side also precomputes the synchronized key control items, the calculation process is similar to that of the active synchronization side, and the judgment process is divided into two layers according to the difference of the synchronization modes.

When the passive synchronization side judges whether to presynchronize, the method comprises the following steps:

a. judging whether synchronous refreshing is carried out or not, if so, carrying out pre-calculation on the synchronized key control items according to a synchronous refreshing mode; if not, entering the step b;

b. judging whether synchronous replacement is carried out or not, if so, carrying out pre-calculation on the synchronized key control items according to a synchronous replacement mode; if not, the failure is considered.

The passive synchronizer also sends corresponding synchronous response to the active synchronizer according to the judgment result, and whether synchronous refreshing or synchronous replacement is carried out, the passive synchronizer can be regarded as presynchronization success, namely, the successful synchronous response is sent, and the failed synchronous response is sent when the passive synchronizer is regarded as failure.

No matter what kind of synchronous response, the authentication information is carried and the cryptograph mode is adopted.

In step a, the determining whether to perform synchronous refresh includes:

a1, the passive synchronization party obtains the message encryption key before synchronization in the corresponding key pool according to the identity in the synchronization request, and obtains the key synchronization information and the message authentication code in the form of plaintext by decrypting the synchronization request;

a2, obtaining the message authentication key before synchronization in the corresponding key pool, and performing message authentication on the message authentication code obtained in the step a 1; if the authentication is passed, entering step a3, otherwise, entering step b;

a3, comparing variables aiming at the key synchronization information obtained in the step a 1; if the comparison is passed, precalculating the synchronized key control item, otherwise, entering the step b.

If the synchronous refreshing is carried out, when the active synchronous party carries out pre-calculation, the application layer key, the message authentication key and the message encryption key all adopt related information before synchronization; therefore, in the step a, the passive synchronization party adopts the relevant information before synchronization to calculate and correspondingly judge whether the information can pass through or just indicate synchronous refreshing, otherwise, the passive synchronization party needs to switch to the judgment of synchronous replacement.

If the key information is synchronously replaced, the key information is pre-calculated when the active synchronous party is pre-calculated, and the key information also corresponds to the related information pre-synchronized by the passive synchronous party.

In the application process of the symmetric key pool, the two parties can negotiate the key used next time, so that the passive synchronization party can firstly judge whether the key before synchronization is synchronous refreshing or not by using the key before synchronization, and then judge whether the key is synchronous replacing or not by using the negotiated next key after failure.

In step b, the judging whether to perform synchronous replacement includes:

b1, the passive synchronization party obtains the next message encryption key in the corresponding key pool according to the identity in the synchronization request (here, synchronization has not occurred, only relative to the state after the last synchronization is completed, only after the real synchronization is completed, the next message encryption key becomes the synchronized message encryption key, and the following same principle is applied to the next message authentication key and the next key synchronization information), so as to decrypt the synchronization request to obtain the plaintext form key synchronization information and message authentication code;

b2, obtaining the next message authentication key in the corresponding key pool, and performing message authentication on the message authentication code obtained in the step b 1; if the authentication is passed, go to step b3, otherwise, the authentication is regarded as failed;

b3, comparing variables aiming at the key synchronization information obtained in the step b 1; if the comparison is passed, the synchronized key control items are pre-calculated, otherwise, the comparison is regarded as failure.

The comparison of the variables in steps a3 and b3 is to determine whether each field of the key control entry in the key synchronization information is correct or conforms to a corresponding value range.

The generation process of the failed synchronous response comprises the following steps:

assembling the timestamp and the failure identification into failure information, and calculating a message authentication code of the failure information by adopting a message authentication key before synchronization;

encrypting the failure information and the message authentication code by using a message encryption key before synchronization to obtain a ciphertext;

and assembling the identity identification and the ciphertext to obtain a failed synchronous response.

The successful synchronization response generation process is as follows:

assembling the timestamp and the synchronized key control entry obtained by pre-calculation into success information, and calculating a message authentication code of the success information by adopting a next message authentication key;

encrypting the successful information and the message authentication code by adopting a next message encryption key to obtain a ciphertext;

and assembling the identity identification and the ciphertext to obtain a successful synchronous response.

In the synchronous response of the pre-synchronization failure and the pre-synchronization success, the carried main information is different, one is a failure identifier, and the other is a synchronized key control item obtained by pre-calculation;

in addition, the message authentication key and the message encryption key are used for the last time (before synchronization) and the next time (after synchronization), respectively.

The active synchronizer receives the synchronous response and then carries out synchronous judgment, namely whether the own party needs to carry out synchronization or not corresponds to the mode that the passive synchronizer generates the synchronous response, when the failed synchronous response is generated, a key before synchronization is adopted, and when the successful synchronous response is generated, a next key is adopted, so that the active synchronizer receives the synchronous response and then adopts the key before synchronization to obtain a failure identifier after decryption and analysis and judgment, if the failure identifier is not obtained, the next key is adopted to obtain the conclusion whether the passive synchronizer pre-synchronizes successfully or not after decryption, analysis and variable comparison, synchronous feedback is generated according to the conclusion, and if the passive synchronizer pre-synchronizes successfully, the active synchronizer starts to enter the own party.

The active synchronous party and the passive synchronous party can use a message authentication key and a message encryption key in the encryption, decryption and authentication processes, and the keys used by all parties are keys in a key pool of the own party without special description.

The process of carrying out synchronization judgment after the active synchronizer receives the synchronization response comprises the following steps:

respectively adopting a message encryption key before synchronization and a message authentication key to correspondingly decrypt and authenticate the synchronous response, and if the failure information can be successfully read, ending the process;

otherwise, the next message encryption key and the next message authentication key are respectively adopted to correspondingly decrypt and authenticate the synchronous response, if the key control items obtained by the precalculation of the passive synchronous party can be read and the variable comparison is completed, the success of the presynchronization of the passive synchronous party is indicated, and if not, the failure of the presynchronization of the passive synchronous party is indicated.

The synchronous judgment result of the active synchronous party sends synchronous feedback to the passive synchronous party, namely:

when the judgment result is that the pre-synchronization of the passive synchronization party is successful, sending successful synchronization feedback;

and sending the failed synchronous feedback when the judgment result is that the passive synchronous party fails to perform presynchronization.

The successful synchronization feedback generation process is as follows:

assembling the timestamp and the judgment success identification into success information, and calculating a message authentication code of the success information by adopting a next message authentication key;

and assembling the identity identification and the ciphertext to obtain the synchronous feedback which is successfully judged.

Similarly, the failed synchronous feedback generation process is as follows:

assembling the timestamp and the judgment failure identification into failure information, and calculating a message authentication code of the failure information by adopting a message authentication key before synchronization;

and assembling the identity identification and the ciphertext to obtain failed synchronous feedback.

And when the judgment result is that the passive synchronizer presynchronization is failed, the active synchronizer gives up reassigning the key control entry before synchronization, namely gives up synchronization.

And the passive synchronizer receives the synchronous feedback, correspondingly decrypts and authenticates the synchronous feedback by respectively adopting a next message encryption key and a next message authentication key, correspondingly processes if the judgment success identifier or the judgment failure identifier can be successfully read, and otherwise, the process is ended.

And when the passive synchronization party successfully reads the identification which is successfully judged, the passive synchronization party correspondingly synchronizes at the own party, namely, the next key control item is used for assigning values to the key control items before synchronization, so that the key synchronization is completed.

And when the passive synchronization party successfully reads the judgment failure identifier, giving up reassignment of the key control entry before synchronization, namely giving up key synchronization.

The invention has the beneficial effects that:

when the symmetric key pool is synchronously transmitted, a message authentication mechanism is added to the synchronous information of the key, and meanwhile, the synchronous information of the key is encrypted into a ciphertext, so that the system security is greatly improved.

The synchronous mechanism of the symmetric key pool only occurs in both session parties, and is not controlled by a centralized key control unit like a KMC (Key distribution controller), so that the situation that the security of the KMC is affected to cause the security of the whole network to be affected can not occur.

Drawings

FIG. 1 is a schematic diagram of a key pool structure for sequential storage;

FIG. 2 is a schematic diagram of a key pool structure for out-of-order storage;

FIG. 3 is a schematic diagram of a key synchronization information generation step;

fig. 4 is a schematic diagram of a normal flow of key synchronization.

Detailed Description

1. Distribution of symmetric key pools

USERs USER1 and USER2 form a pair of symmetric key pools using QKD or copy distribution, with name identifiers PN-U1 and PN-U2, respectively, and a size PS-PS 1-PS 2. The IDs of USER1 and USER2 are ID1 and ID2, respectively, and the IDs of the two parties are recorded in U1 and U2, that is: PID (identity) 2 in U1; in U2, PID is ID 1. As keys are used, the amount of keys RPS in the key pool decreases gradually. PN, PS, PID, RPS, etc., all belong to the key pool basic information. When the symmetric key pool is insufficient, the symmetric key pool can be subjected to key supplementation in a QKD or copy distribution mode.

2. Synchronization principle of symmetric key pool

The symmetric key pool is controlled by the key pool control information to obtain the key text. The key pool control information is composed of key control entries C, each C corresponds to a segment of key text entry K, and different Cs can point to the same segment K.

The synchronization of the symmetric key pools refers to a process of determining the current application layer key by mutually exchanging key synchronization information M between the two communication parties from a pair of symmetric key pools. Since the symmetric key cannot be transmitted over the network, the keys are synchronized by means of transmission C. The time stamps TS together with C constitute M. The purpose of adding a TS is to prevent replay attacks.

Referring to fig. 1, K may be logically divided into a message encryption key KE, a message authentication key KA, and an application layer key KU, which are stored continuously, and their lengths are LE, LA, and LU, respectively, and may be made as fixed values, where the specific length of LU is determined by the requirements of the application layer in actual use. The total length of the segment K is L ═ LE + LA + LU. In order to prevent the transmitted information from being tampered and ensure the correctness of the identity of the information sender, an authentication code attached to the information is required, and specifically, the authentication code may be generated by a keyed hash algorithm, such as a MAC algorithm (e.g., HMAC algorithm) in classical cryptography, where the key uses KA in K. And the KA calculates a message authentication code for the M to form a message authentication code MD. The ensemble of M and MD is called MS. Because the system security is reduced due to the fact that information of the MS is transmitted in a plaintext mode, the MS is symmetrically encrypted to form an encrypted key synchronization message ME, the symmetrically encrypted key is KE in K, and the encryption method can be a symmetric encryption algorithm such as AES. And after the message transmission of the two parties is successful, the message authentication is successful and the comparison of C is successful, the respective keys are re-determined, the keys are synchronized successfully, and the specific value of the key comes from KU in K. KU is the original key provided to the application layer, which is processed by the key usage method FU to generate KUA to be output to the application layer for various encryption, decryption and authentication, KUA is the key provided to the key user for actual work. KUA ═ fu (ku); a special case is that if FU is not present, KUA ═ KU.

The content of C includes key control role information CR, key control address information CA, and key control option information CI.

The CA includes a key address P, a key length L (including LE, LA, and LU).

The CI comprises information such as a key synchronization maximum life cycle TM, a key use method FU and the like. Since these are all options, it is called key control option information. TM can be the maximum time period, the maximum using times of the key or the combination of the two and the first time; when TM is not present, one K is used once by default. FU can be a combined key algorithm and its parameters, or a similar algorithm and its parameters that generates a new key from an original key; when FU is not present, default KUA ═ KU. Regarding the combined key algorithm, the "research of the digital signature method based on the combined symmetric key band encryption" published in 2009 by the university of electronic technology "can be seen.

The CR comprises a key synchronization role identifier RS, a key synchronization mode SM and a key synchronization survival value T. RS indicates that the party is a synchronous master or a passive party, the master is RSA, and the passive party is RSB. The key synchronization is divided into synchronous replacement and synchronous refresh: synchronous replacement means that the current K is abandoned and replaced by the next K, which is reflected in C and is the CA is changed; synchronous refresh means that the current K is continuously used, and only CI is changed while CA is kept unchanged in C. SM represents the self-side synchronous replacement or synchronous refresh, synchronous replacement represents SMA, and synchronous refresh represents SMB. When TM is the maximum time period, T records the time period between the current time and the previous synchronization success time; if TM is the maximum using times of the key, T records the using times of the current key; if TM is the combination of the maximum time period and the maximum using times of the key, T is the combination of the time period between the current time and the previous synchronization success time and the using times of the current key; if TM is not present, T is meaningless.

The synchronous change of the symmetric key pool requires knowledge of the address of the next key, and also specifies a synchronous change rule FA for P, which is followed by both sides of the symmetric key pool. The FA specifies the order of use of the key regions. Referring to fig. 1 and 2, the simplest synchronous replacement rule is to store the key body entries sequentially, i.e. the address P of the next key₊₁Equal to the address of the current key plus the length of the current key: p₊₁P + L. A more general synchronization change rule is to store key body entries out of order, i.e. the address of the next key equals the address of the current key, which may be anywhere in the key pool, according to C, K, PS or the like, with some calculation. For example: p₊₁＝(P + KU)% PS; where% is integer modulo. Obtaining P from FA₊₁Then, the position of the next segment K is determined.

Synchronous refreshing can be carried out any time between two times of synchronous replacement of the symmetric key pool. For example, executing different FUs for any number of times on the current KU may obtain any number of different keys, and each time the different FUs are transmitted into the C and refresh the FU information in the C; after the step of synchronous refresh, the FU 'information in C' is also refreshed.

3. Synchronous flow of symmetric key pool

Let the active and passive synchronizers of the key be USER1 and USER2, respectively, and their key pools be U1 and U2, respectively. In this document, each synchronized variable of the active synchronizer at this time is not provided with a subscript and is not provided with a superscript; all the variables of the next synchronization are all belt "₊₁"subscript, and not superscript. Each synchronized variable of the passive synchronization party is not provided with a subscript and is provided with a "'" superscript; all the variables of the next synchronization are all belt "₊₁Subscript, and superscript with "'".

Before synchronization, the two sides respectively have C and C' corresponding to each other, which is the result of successful synchronization of the previous time and is the basis of the next synchronization. C ═ CR ═ RS, SM, T }, CA ═ P, L }, CI }; c 'is the same as C except that RS' ≠ RS due to different roles. C₊₁Empty; c₊₁' -empty. That is, the control information of the synchronization preamble key exists only in C and C', C₊₁And C₊₁Both are empty. If the key is synchronized for the first time after key distribution, C and C' are also null; the first synchronization will perform a synchronization change.

In the process of synchronization, C₊₁And C₊₁' at least one is not empty. Can be replaced by C₊₁Whether it is null to determine whether U1 is in sync; with C₊₁' is empty to determine if U2 is in sync. Each party using C₊₁And C₊₁' synchronization, after synchronization is successful, use C respectively₊₁And C₊₁'replace C and C'.

With reference to fig. 3 and fig. 4, the synchronization procedure of the symmetric key pool in this embodiment includes that U1 sends a request message INVITE (i.e., a synchronization request), U2 sends a response message RESP, and U1 sends an acknowledgement message ACK. U1 synchronizes the keys after sending ACK; u2 synchronizes the keys after receiving the ACK. Its normal procedure, named PC, is as follows:

(1) u1 sending INVITE

3.1U 1 synchronization requirement: the synchronization requirement of U1 can be written as SR ═ LU_new，CI_newThe application layer of U1 needs to use a length LU_newIs encrypted (i.e., application layer original key), accompanied by CI_newAnd (4) information.

3.2U1 judges the type of synchronous operation, specifically the information in comparison C. If the following conditions occur, a synchronous replacement process is started, and the process enters 3.3.1: t within C has expired; t in C has not expired, but LU ≠ LU_new。

And if the following conditions occur, starting a synchronous refreshing flow, and entering 3.3.2: t in C has not expired, and LU ═ LU_newAnd CI is not equal to CI_new. The rest, indicating that T in C has not expired and LU ═ LU_newAnd CI is equal to CI_newNo synchronization is required. Fu (ku) can be taken out directly KUA. The flow ends.

3.3 Generation (i.e. precomputing synchronized Key control Entries) C₊₁：

3.3.1 order C₊₁＝{CR₊₁＝{RS₊₁＝RSA，SM₊₁＝SMA，T₊₁}，CA₊₁＝{P₊₁，L₊₁＝LE+LA+LU_new}，CI₊₁＝CI_new}。T₊₁The initial value may be the synchronization time (representing the time of the 1 st use of the key) or the number of uses 1 (representing the 1 st use of the key) or both. P₊₁Calculated by FA. Go to 3.4.

3.3.2 order C₊₁＝{CR₊₁＝{RS₊₁＝RSA，SM₊₁＝SMB，T₊₁}，CA₊₁＝{P₊₁＝P，L₊₁＝L}，CI₊₁＝CI_new}。T₊₁The increment rule according to T is obtained, and can be the synchronous time at the time orThe number of uses or both. Go to 3.4.

3.4 Generation of ME₊₁：

3.4.1 Generation of M₊₁: by the time stamp TS of the time₊₁And C₊₁And (4) forming.

3.4.2 generating MD₊₁: take out KA₊₁To M₊₁Calculating message authentication code to obtain MD₊₁。

3.4.3 Generation of ME₊₁: take out KE₊₁To M₊₁And MD₊₁Symmetrically encrypting the assembled message to generate ME₊₁。

3.5U 1 associates ID1 and ME₊₁Assembled and sent to USER2, i.e., INVITE.

(2) U2 sending RESP (i.e. synchronous response)

3.6 find U2: USER2 resolves ID1 after receiving INVITE^inviteAnd ME₊₁ ^invite. Due to ID1 and ME₊₁Transmitted over the network, may have been modified in arrival, and so uses the ID1^inviteAnd ME₊₁ ^inviteAnd (4) showing. The remaining variables parsed from the INVITE are used hereinafter "^invite"superscript indicates. If ID1^inviteNot identified by all the key pools of USER2, then description ID1^inviteIt is not a legal ID for USER2, and this exception is denoted EXP 1. At this point, USER2 directly discards the packet and the process ends. Otherwise, USER2 finds PID ═ ID1^inviteLocal key pool U2 to proceed to the next step.

3.7U2 judges whether or not to refresh synchronously.

3.7.1 message decryption: u2 takes out KE 'according to P', and decrypts out synchronous message M₊₁ ^invite(including time stamp TS)₊₁ ^inviteKey control item C₊₁ ^invite) And authentication information MD of synchronization message₊₁ ^invite。

3.7.2 message authentication: u2 takes out KA 'according to P', for M₊₁ ^invitePerforming message authentication operation to obtain authentication information MD₊₁'. Comparative MD₊₁' and MD₊₁ ^inviteIf not, say thatAnd 3.8, if the synchronous operation does not meet the synchronous refreshing condition, entering. Otherwise, the next step is carried out.

3.7.3 variable alignment: namely, judgment of C₊₁ ^inviteThe correctness of each field is judged by comparing the field with the information in C', and the value of the field which cannot be compared is checked to determine whether the value of the field conforms to the value range of the field. For example, SM must be satisfied₊₁ ^invite＝SMB，CA₊₁ ^inviteCA', etc. If the variable comparison fails, the synchronous operation does not meet the synchronous refreshing condition, and the operation enters 3.8. Otherwise, the next step is carried out.

3.7.4 judging that the synchronous refreshing is successful, for C₊₁' assignment (i.e., presynchronization), except for RS₊₁' RSB, the rest with C₊₁ ^inviteAnd the consistency is maintained. Go to 3.9.

3.8U 2 judges whether or not to change synchronously. If C is present₊₁If' is empty, space is allocated and P is calculated₊₁’。

3.8.1 message decryption: u2 according to P₊₁' take out KE₊₁', decrypt out the synchronization message M₊₁ ^invite(including time stamp TS)₊₁ ^inviteKey control item C₊₁ ^invite) And authentication information MD of synchronization message₊₁ ^invite。

3.8.2 message authentication: u2 according to P₊₁' Take out KA₊₁', for M₊₁ ^invitePerforming message authentication operation to obtain authentication information MD₊₁'. Comparative MD₊₁' and MD₊₁ ^inviteIf the synchronous operation is inconsistent with the synchronous refresh operation, the synchronous refresh operation does not meet the synchronous refresh condition, and the synchronous replacement condition is not met. At this point U2 returns a failed RESP (i.e., a failed synchronization response), going to 3.11. Otherwise, the next step is carried out.

The construction mode of the failed RESP is as follows:

(a) generating M₊₁': by the time stamp TS of the time₊₁' and RESPERR. The RESPERR may have a variety of possibilities for a well-agreed RESP string or identifier indicating a synchronization failure.

(b) Generating MD₊₁': taking out KA' and pair M₊₁' calculating message authentication code to obtain MD₊₁’。

(c) Generating ME₊₁': take KE' out, pair M₊₁' and MD₊₁' symmetric encryption is carried out on the assembled message to generate ME₊₁’。

(d) Will ID2 and ME₊₁' assembled and completed.

3.8.3 variable alignment: namely, judgment of C₊₁ ^inviteThe correctness of each field is judged by comparing the field with the information in C', and the value of the field which cannot be compared is checked to determine whether the value of the field conforms to the value range of the field. For example, SM must be satisfied₊₁ ^invite＝SMA，P₊₁ ^invite＝P₊₁' and the like. If the variable comparison fails, the synchronous operation does not meet the synchronous refreshing condition, and the synchronous replacement condition is not met. At this point U2 returns a failed RESP (i.e., a failed synchronization response), going to 3.11. Otherwise, the next step is carried out.

3.8.4, for C, judging that the synchronous replacement is successful₊₁' assignment (i.e., presynchronization), except for RS₊₁' RSB, the rest with C₊₁ ^inviteAnd the consistency is maintained.

3.9 Generation ME₊₁’：

3.9.1 generating M₊₁’：M₊₁' by the time stamp TS at that time₊₁' and C₊₁' composition of.

3.9.2 generating MD₊₁': take out KA₊₁', for M₊₁' calculating message authentication code to obtain MD₊₁’。

3.9.3 generating ME₊₁': take out KE₊₁', for M₊₁' and MD₊₁' symmetric encryption is carried out on the assembled message to generate ME₊₁’。

3.10U 2 associates ID2 and ME₊₁' sent to USER1 after assembly, i.e., the RESP that the synchronization was successful (i.e., a successful synchronization response).

(3) U1 sends ACK

3.11U 1 treatment of RESP

3.11.1 found U1: after USER1 receives RESP, it resolves ID2^respAnd ME₊₁ ^resp. Due to ID2 and ME₊₁' Transmission over a network, arrival of which may have been modified, therefore uses ID2^respAnd ME₊₁ ^respAnd (4) showing. The remaining variables resolved from the RESP are used hereinafter "^resp"superscript indicates. If ID2^respNot identified by all the key pools of USER1, then description ID2^respIt is not a legal ID for USER1, and this exception is denoted EXP 2. At this point, USER1 directly discards the packet and the process ends. Otherwise, USER1 finds PID ═ ID2^respLocal key pool U1 to proceed to the next step.

3.11.2U 1 decrypts and analyzes the RESP using the information of C, and determines whether or not the RESP fails. If the error code RESPERR can be read directly and the message authentication is successful, U1 sets C for failure₊₁And if the number is null, reporting the synchronization failure of the application layer, and ending the process. Otherwise, it indicates that the U1 received a RESP that was not a synchronization failure, and proceeds to the next step.

3.11.3 checks to see if U1 received a RESP for which synchronization was successful. By C₊₁The information of (3) decrypts, analyzes and compares variables of the RESP. C resolved as expected from U1₊₁Information of' except RS₊₁' RSB, the rest with C₊₁And the consistency is maintained. If the result of the processing of the RESP does not meet the expectations of U1, a synchronization failure is indicated. Otherwise, the synchronization is successful.

3.12U 1 sending ACK (i.e. synchronous feedback)

U1 executes the steps similar to step 3.4 according to the result of 3.11.3 synchronization success or synchronization failure and stores C therein₊₁Instead of an ACK result, a MEACK is generated, where the MEACK is an encrypted key synchronization ACK message. The ACK result may be ACKOK or ACKERR; ACKOK is an agreed ACK string or identifier indicating successful synchronization; ACKERR may have a variety of possibilities for agreed ACK strings or identifiers indicating synchronization failures. The ID1 and the MEACK are assembled and sent to U2, namely ACK.

If the synchronization is successful, an update of C is performed in U1, namely: let C be C₊₁，C₊₁Empty. And reporting the success of the synchronization of the application layer.

If the synchronization fails, the update of C is abandoned in U1, namely: making C unchanged, C₊₁Empty. And reporting the synchronization failure of the application layer.

3.13U 2 receives ACK

3.13.1 found U2: similarly 3.6, USER2 resolves ID1 upon receipt of the ACK^ackAnd MEACK^ack. Since ID1 and MEACK are transmitted through the network and may be modified when they arrive, ID1 is used^ackAnd MEACK^ackAnd (4) showing. If ID1^ackNot identified by all the key pools of USER2, then description ID1^ackIt is not a legal ID for USER2, and this exception is denoted EXP 3. At this point, USER2 directly discards the packet and the process ends. Otherwise, USER2 finds PID ═ ID1^ackLocal key pool U2 to proceed to the next step.

3.13.2U 2 uses C₊₁' the information decrypts and parses the ACK. According to the expectation of U2, ACKOK or ACKERR should be resolved and the message is verified. If the processing result of the ACK does not meet the expectation of the U2, the ACK is confirmed to fail, the U2 reports the synchronization failure of the application layer, and the process is ended. Otherwise, the ACK synchronization is confirmed to be successful or failed.

If ACKOK indicates that the synchronization is successful, an update of C' is performed in U2, that is: let C ═ C₊₁’，C₊₁' -empty. And reporting the success of the synchronization of the application layer.

If it is ACKERR, indicating that the synchronization fails, U2 abandons the update of C', i.e.: making C' unchanged, C₊₁' -empty. And reporting the synchronization failure of the application layer.

This is the end of the PC.

4. Handling of synchronous exceptions

The messages sent and received between the active synchronizer and the passive synchronizer can be synchronization requests, synchronization responses or synchronization feedback, and if slight packet loss occurs between U1 and U2 in the synchronization process, the success of synchronization is not affected in general due to the fact that the active synchronizer and the passive synchronizer are provided with signaling retransmission mechanisms respectively. For example, U1 may not receive RESP after sending the INVITE, and may resend the INVITE until the maximum number of sending INVITE is reached and the attempt is aborted; the U2, which fails to receive an ACK after sending a RESP with successful synchronization, retransmits the RESP until the maximum number of RESP transmissions is reached and the attempt is aborted. Generally, success is achieved before the maximum number of transmissions is reached.

If a situation of heavy packet loss or even network disconnection between U1 and U2 occurs in the synchronization process, a synchronization exception is caused, and the situation is called EC.

When U1 and U2 are in EC, key synchronization has been suspended, C₊₁And C₊₁' at least one is not empty; cryptographic applications at the application layer also do not work properly: the party who has not completed synchronization cannot perform the key fetching operation, and even if the party who has completed synchronization can fetch the key, the application using the key cannot transmit the authentication or encryption packet to the other party and cannot receive any response from the other party. When the EC returns to normal, the key pools of the two parties cannot directly detect the change, but the key synchronization is triggered to continue through another request of the application layer.

For example, U1 is in a synchronization state, its application layer needs to take the key, and it must wait until the synchronization is completed to take the key, checked by U1, and then it triggers U1 to continue to complete the previous failed key synchronization.

For another example, if the U1 is in the synchronization completion state, the application layer thereof needs to fetch the key, and then successfully fetches the key KUA using the information of C, and then the application layer sends the data of the authenticated or encrypted service to the U2, the application layer of the U2 necessarily needs to fetch the key to the U2 to cope with the key, and if the U2 is in the synchronization state at this time, the U2 is triggered to continue to complete the key synchronization which failed the previous time.

In summary, when U1 and U2 are in EC, the previous failed key synchronization can always be continued by being triggered by the application layer: either U1 or U2 is triggered.

The case in EC as the master is named ECA. The case in EC as the passive is named ECB. Various aspects of EC and its specific flow are as follows:

(1) INVITE (Sync request) loss

It appears that U1 never received RESP. At this time U1 is at ECA; u2 atThe synchronization is completed. Namely: c₊₁Is not empty; c₊₁' is empty. In EXP1, there is a case where the ID of the INVITE is tampered with, and similarly to this case, the following method can be used to solve.

(1-1) U1 is triggered

When the active synchronizer is triggered to synchronize next time, the synchronous request is regenerated by using the synchronized key control entry obtained by precalculation in the unfinished last synchronous flow so as to continue the unfinished last synchronous flow.

U1 performs PE: PC execution starts from 3.4.

(1-2) U2 is triggered

When the passive synchronizer is triggered to perform the next synchronization (the passive synchronizer which is used as the synchronization exception changes the role into the active synchronizer when the next synchronization is triggered), the active synchronizer and the passive synchronizer can receive the synchronization response of the synchronization exception from the other side, and the other side uses the synchronized key control entry pre-calculated in the incomplete last synchronization flow to regenerate the synchronization request so as to continue the incomplete last synchronization flow.

U2 gets to SR to execute PC, and after sending INVITE, U1 uses C and C₊₁None correspond to success, so a failed RESP is replied to, the ECA is placed in the RESPERR and triggered to prepare for resolving the ECA. The corresponding success of the two key control entries means that CA is equal and CI is equal. The difference from the normal case is that in the case of ECA, the message encryption and message authentication keys used by the failed RESP come from C of U1₊₁. Upon receiving the U1 failed RESP, U2 resolves the other party as ECA with C ' (U2 starts with an attempt to decrypt with C +1 ' and then fails; the attempt to decrypt with C ' succeeds), whereupon the PC of U2 is rolled back, i.e., C of U2₊₁Is nulled and the SR of U2 is temporarily recorded. U1 executes the PE at this point (U1 initiates the PE flow upon issuing a failed RESP). After the PE flow is normally finished, namely the synchronization between U1 and U2 is successful, U2 starts the PC according to the SR.

(2) ACK (synchronization feedback) loss

Performance ofNo ACK is received for U2. At this point U1 is in sync completion; u2 is in ECB. Namely: c₊₁Is empty; c₊₁' not empty. In EXP3, there is a case where the ID of ACK is falsified, and similarly to this case, the following method can be used to solve this problem.

(2-1) U2 is triggered

The active synchronizer and the passive synchronizer have synchronization abnormity caused by synchronization feedback loss, when the passive synchronizer is triggered to synchronize next time, the passive synchronizer sends synchronization response of the synchronization abnormity to the opposite side, and after receiving the synchronization response, the opposite side regenerates a synchronization request by using a synchronized key control entry obtained by precalculation in the unfinished last synchronization flow so as to continue the unfinished last synchronization flow.

U2 sends a failed RESP, placing the ECB in the RESPERR. The difference from normal is that in the case of ECB, the encryption and authentication keys used by the failed RESP come from C of U2₊₁'. U1 resolves the other party to be ECB with C, so U1 makes C₊₁C, and PE is performed.

(2-2) U1 is triggered

The active synchronizer and the passive synchronizer have synchronization abnormity caused by synchronization feedback loss, when the active synchronizer is triggered to synchronize next time, the active synchronizer can receive synchronization response of synchronization abnormity from the other side, and the active synchronizer utilizes a synchronized key control entry pre-calculated in an incomplete last synchronization flow to regenerate a synchronization request so as to continue the incomplete last synchronization flow.

U1 gets to SR to execute PC, and after sending INVITE, U2 uses C' and C₊₁' neither can correspond to success, so a failed RESP is replied to, and the ECB is placed in RESPERR. The difference from normal is that in the case of ECB, the encryption and authentication keys used by the failed RESP come from C of U2₊₁'. After receiving the failed RESP of U2, U1 resolves that the other party is in ECB with C, so that the PC of U1 is rolled back, namely C of U1₊₁Is nulled and the SR of U1 is temporarily recorded. C of U1₊₁Set to C, perform PE. After the PE flow is normally finished, namely the synchronization between U1 and U2 is successful, U1 starts the PC according to the SR.

(3) RESP (synchronous response) loss

It appears that U1 has not received RESP and U2 has not received ACK. At this time U1 is at ECA; u2 is in ECB. Namely: c₊₁Is not empty; c₊₁' not empty. In EXP2, there is a case where the ID of the RESP is falsified, and similarly to this case, the following method can be used to solve this problem.

(3-1) U1 is triggered

When the active synchronizer and the passive synchronizer generate synchronization abnormity caused by synchronization response loss, and the active synchronizer is triggered to synchronize next time, the synchronous request is regenerated by using the synchronized key control entry obtained by precalculation in the unfinished last synchronization flow so as to continue the unfinished last synchronization flow.

U1 performs PE.

(3-2) U2 is triggered

The active synchronizer and the passive synchronizer have synchronization abnormity caused by synchronization response loss, when the passive synchronizer is triggered to synchronize next time, the passive synchronizer sends synchronization response of the synchronization abnormity to the opposite side, and after receiving the synchronization response, the opposite side regenerates a synchronization request by using a synchronized key control entry obtained by precalculation in the unfinished last synchronization flow so as to continue the unfinished last synchronization flow.

U2 sends a failed RESP, placing the ECB in the RESPERR. The difference from normal is that in the case of ECB, the encryption and authentication keys used by the failed RESP come from C of U2₊₁'. U1 with C₊₁Resolve that the counterpart is in ECB, and U1 executes PE.

The symmetric key pool synchronization may cause a problem that one or both parties are not synchronized, which may result in the failure of subsequent key pairs to continue matching, and consequently, the key pool is invalidated. The invention processes the abnormal condition, can ensure that the symmetric key pool can still work normally after the abnormal condition occurs, and does not cause key waste.

The above disclosure is only an embodiment of the present invention, but the present invention is not limited thereto, and those skilled in the art can make various changes and modifications to the present invention without departing from the spirit and scope of the present invention. It is to be understood that such changes and modifications are intended to be included within the scope of the appended claims. Furthermore, although specific terms are employed herein, they are used in a generic and descriptive sense only and not for purposes of limitation.

Claims

1. A key synchronization method based on symmetric key pool is implemented in an active synchronizer, and is characterized in that messages transmitted and received between the active synchronizer and a passive synchronizer are all in a ciphertext mode, and the messages are provided with authentication information for the other party to authenticate;

the key synchronization method specifically comprises the following steps:

sending a synchronous request comprising an identity, secret key synchronous information in a cryptograph form and a message authentication code in the cryptograph form to a passive synchronous party;

wherein, the active synchronization side sends the synchronization feedback to the passive synchronization side according to the judgment result, namely:

when the judgment result is that the presynchronization of the passive synchronizer fails, the synchronous feedback of the failure is sent;

the successful synchronization feedback generation process is as follows:

assembling the identity identification and the ciphertext to obtain the synchronous feedback which is successfully judged;

the generation process of the failed synchronous feedback comprises the following steps:

2. A key synchronization method based on a symmetric key pool is implemented on a passive synchronization party and is characterized in that messages transmitted and received between the passive synchronization party and an active synchronization party are all in a ciphertext mode, and the messages are provided with authentication information for the other party to authenticate;

the key synchronization method specifically comprises the following steps:

receiving a synchronous request which comprises an identity identifier, secret key synchronous information in a cryptograph form and a message authentication code in a cryptograph form from an active synchronous party, judging whether to be presynchronized, and sending a synchronous response to the active synchronous party according to a judgment result, wherein the synchronous response is used for synchronous judgment of the active synchronous party;

the successful synchronization feedback generation process is as follows:

3. A key synchronization method based on a symmetric key pool is implemented between two synchronous parties with the symmetric key pool, and is characterized in that the two synchronous parties both use a ciphertext mode when sending messages, and the messages have authentication information for the other party to authenticate;

the key synchronization method based on the symmetric key pool specifically comprises the following steps:

the active synchronization side sends a synchronization request comprising an identity, secret key synchronization information in a cryptograph form and a message authentication code in the cryptograph form to the passive synchronization side;

the passive synchronization party receives the synchronization feedback and correspondingly synchronizes at the own party;

the successful synchronization feedback generation process is as follows:

4. The key synchronization method based on the symmetric key pool as claimed in claim 1, 2 or 3, wherein the active synchronizer sends a corresponding synchronization request to the passive synchronizer according to the related information of the key required by the application layer.

5. The symmetric key pool-based key synchronization method of claim 4, wherein the active synchronizer pre-computes the synchronized key control entry and assembles the key control entry and the corresponding timestamp into the key synchronization information.

6. The method for key synchronization based on symmetric key pool according to claim 5, wherein the key control entry comprises a key address and a length, respectively corresponding to:

7. The key synchronization method based on the symmetric key pool as claimed in claim 6, wherein the key synchronization method is synchronous refresh or synchronous replacement and is recorded in the key control entry, and the active synchronizer determines the key synchronization method of this time and pre-calculates the synchronized key control entry accordingly.

8. The key synchronization method based on the symmetric key pool according to claim 7, wherein if the key synchronization mode is synchronous refresh, and the active synchronization party pre-computes the synchronized key control entries, the application layer key, the message authentication key and the message encryption key are assigned by using the related information before synchronization;

9. The key synchronization method based on the symmetric key pool of claim 8, wherein the determining whether the passive synchronization party performs presynchronization comprises:

10. The key synchronization method based on the symmetric key pool as claimed in claim 9, wherein in step a, the determining whether to perform synchronous refresh comprises:

11. The method for key synchronization based on symmetric key pool according to claim 10, wherein in step b, said determining whether to perform synchronous replacement comprises:

b1, the passive synchronization party obtains the next message encryption key in the corresponding key pool according to the identity in the synchronization request, and obtains the key synchronization information and the message authentication code in the form of plaintext by decrypting the synchronization request;

12. The method for key synchronization based on a symmetric key pool according to claim 11, wherein the failed synchronization response generation procedure is:

13. The symmetric key pool-based key synchronization method of claim 12, wherein the successful synchronization response generation procedure is:

14. The key synchronization method based on the symmetric key pool as claimed in claim 13, wherein the process of performing synchronization judgment after the active synchronizer receives the synchronization response comprises:

15. The key synchronization method based on the symmetric key pool as claimed in claim 14, wherein the passive synchronization party receives the synchronization feedback, and correspondingly decrypts and authenticates the synchronization feedback by using the next message encryption key and the next message authentication key, respectively, if the judgment success identifier or the judgment failure identifier can be successfully read, the corresponding processing is performed, otherwise, the process is finished;

when the passive synchronization party successfully reads the identification which is successfully judged, the passive synchronization party correspondingly synchronizes at the own party, namely, the next key control item is used for assigning values to the key control item before synchronization, and the key synchronization is completed;

16. A key synchronization apparatus based on a symmetric key pool as an active synchronization party, comprising a processor and a memory, wherein the memory is used for storing the following instructions and loaded and executed by the processor:

the successful synchronization feedback generation process is as follows:

obtaining failed synchronous feedback by assembling the identity identification and the ciphertext

17. A key synchronization apparatus based on a symmetric key pool as a passive synchronization party, comprising a processor and a memory, wherein the memory is used for storing the following instructions and loaded and executed by the processor:

the successful synchronization feedback generation process is as follows:

18. A key synchronization system comprising the symmetric key pool-based key synchronization apparatus of claim 16 as an active synchronization party and the symmetric key pool-based key synchronization apparatus of claim 17 as a passive synchronization party.