CN108337084A - A kind of key distribution system, method and device - Google Patents
A kind of key distribution system, method and device Download PDFInfo
- Publication number
- CN108337084A CN108337084A CN201710051861.6A CN201710051861A CN108337084A CN 108337084 A CN108337084 A CN 108337084A CN 201710051861 A CN201710051861 A CN 201710051861A CN 108337084 A CN108337084 A CN 108337084A
- Authority
- CN
- China
- Prior art keywords
- encryption
- session key
- relaying
- key
- sent
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0852—Quantum cryptography
- H04L9/0855—Quantum cryptography involving additional nodes, e.g. quantum relays, repeaters, intermediate nodes or remote nodes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0852—Quantum cryptography
- H04L9/0858—Details about key distillation or coding, e.g. reconciliation, error correction, privacy amplification, polarisation coding or phase coding
Abstract
This application involves mobile communication technology field more particularly to a kind of key distribution system, method and devices, to solve the problems, such as that session key is easy leakage when conversating cipher key delivery by relaying in the prior art;Key distribution system provided by the embodiments of the present application includes:Transmitting terminal is used to generate session key after confirming that needs conversate with receiving terminal;One be sent in N number of relaying after session key the first encryption of progress is relayed according to the first shared key and the first Encryption Algorithm negotiated in advance between receiving terminal;Session key after first encryption is sent to receiving terminal or next stage relays by N number of relaying for the session key after receiving the first encryption that transmitting terminal or upper level relaying are sent;Receiving terminal is used to receive the session key after the first encryption that a relaying in N number of relaying is sent, and is decrypted to obtain session key according to the first shared key and the first decipherment algorithm corresponding with the first Encryption Algorithm negotiated in advance.
Description
Technical field
This application involves field of communication technology more particularly to a kind of key distribution system, method and devices.
Background technology
Currently, quantum secret communication is the higher safety communication technology of safety, include mainly being based on quantum net
The session key distribution of network and two step of encrypted data transmission based on traditional network, wherein session key distribution is quantum secure
The committed step of communication.
In the prior art, it is relayed to realize that the session key distribution of long range usually requires to introduce in quantum network.
It introduces after relaying, for quantum network during the session key to session both sides is distributed, each relaying can
Session key is obtained, in this way, if there is insincere relaying, attacker can obtain the session key of session both sides easily,
And then steal the communication data of session both sides.
As it can be seen that for communicating pair when conversating cipher key delivery by relaying, there is session key appearances in the prior art
The problem of easily revealing.
Invention content
A kind of key distribution system of the embodiment of the present application offer, method and device, it is double to solve to communicate in the prior art
Side by relaying conversate cipher key delivery when, existing session key be easy leakage the problem of.
A kind of key distribution system provided by the embodiments of the present application, including:Transmitting terminal, N number of relaying and receiving terminal, N are big
In or equal to 1 integer, wherein;
Transmitting terminal, for after confirming that needs conversate with receiving terminal, generating session key;According between receiving terminal
The first shared key and the first Encryption Algorithm negotiated in advance carry out the first encryption to the session key, by the first encryption
Treated, and session key is sent to a relaying in N number of relaying;
N number of relaying, the upper level for receiving transmitting terminal or the relaying relay the session after the first encryption sent
Key, and the next stage that the session key after first encryption is sent to receiving terminal or is sent to the relaying relays;
Receiving terminal, the session key after the first encryption for receiving one in N number of relaying relaying transmission,
According to the first shared key and the first decipherment algorithm corresponding with the first Encryption Algorithm negotiated in advance, after the first encryption
Session key be decrypted, obtain session key, conversate with transmitting terminal to be based on the session key.
Optionally, transmitting terminal is specifically used for:
It is shared according to negotiate in advance between the first relaying second after the session key after obtaining the first encryption
Key and the second Encryption Algorithm are sent to this after carrying out the second encryption to the session key after the first encryption of progress
First relaying;Wherein, the first relaying is a relaying of the session key for receiving transmitting terminal transmission in N number of relaying;
Any relaying in N number of relaying is specifically used for:
Session key after the progress encryption twice sent to transmitting terminal or upper level relaying is decrypted, and obtains the
Session key after one encryption;Be sent to after session key after first encryption is encrypted receiving terminal or
The next stage of the relaying relays;
Receiving terminal is additionally operable to:
Before session key after first encryption is decrypted, the progress of (N)-relay transmission is being received twice
After session key after encryption, add according to the N+2 shared keys negotiated in advance between the (N)-relay and with N+2
The corresponding N+2 decipherment algorithms of close algorithm carry out N+2 decryption processings to carrying out the session key after N+2 encryptions, obtain
To the session key for carrying out the first encryption;Wherein, wherein (N)-relay is in N number of relaying for being sent to the receiving terminal
One relaying of session key.
A kind of cryptographic key distribution method provided by the embodiments of the present application, including:
Transmitting terminal generates session key after confirming that needs conversate with receiving terminal;
The is carried out to session key according to the first shared key and the first Encryption Algorithm negotiated in advance between receiving terminal
One encryption;
Session key after first encryption is sent to the first relaying, it will be at the first encryption will pass through the first relaying
Session key after reason is sent to receiving terminal.
Optionally, the session key after the first encryption is sent to the first relaying, including:
According to the second shared key and the second Encryption Algorithm negotiated in advance between the first relaying to carrying out the first encryption
After session key the second encryption of progress that treated, it is sent to the first relaying, so that first relaying will be at the second encryption
Session key after reason is sent to receiving terminal, or so that first relaying is relayed by other by the session after the second encryption
Key is sent to receiving terminal.
Another cryptographic key distribution method provided by the embodiments of the present application, including:
Receiving terminal receives the session key after the first encryption that (N)-relay is sent;Wherein, the first encryption refers to
Transmitting terminal is close according to the session that the first shared key and the first Encryption Algorithm negotiated in advance between receiving terminal generate itself
The encryption that key carries out;N indicates the relaying number undergone when the session key of transmitting terminal is transmitted to receiving terminal, to be more than
Or the integer equal to 1;
According to the first shared key and the first decipherment algorithm corresponding with the first Encryption Algorithm negotiated in advance, add to first
Close treated that session key is decrypted, and obtains session key, conversates with transmitting terminal to be based on the session key.
Optionally, before the session key after the first encryption being decrypted, further include:
According to the N+2 shared keys and N+2 corresponding with N+2 Encryption Algorithm negotiated in advance between (N)-relay
Decipherment algorithm carries out N+2 decryption processings to the session key after progress N+2 encryptions, obtains carrying out at the first encryption
The session key of reason.
A kind of key distribution device provided by the embodiments of the present application, including:
Generation module, for after confirming that needs conversate with receiving terminal, generating session key;
Encrypting module, for according to the first shared key and the first Encryption Algorithm negotiated in advance between receiving terminal to meeting
It talks about key and carries out the first encryption;
Sending module, for the session key after the first encryption to be sent to the first relaying, will pass through in first
After the session key after first encryption is sent to receiving terminal.
Optionally, sending module is specifically used for:
According to the second shared key and the second Encryption Algorithm negotiated in advance between the first relaying to carrying out the first encryption
After session key the second encryption of progress that treated, it is sent to the first relaying, so that first relaying will be at the second encryption
Session key after reason is sent to receiving terminal, or so that first relaying is relayed by other by the session after the second encryption
Key is sent to receiving terminal.
Another key distribution device provided by the embodiments of the present application, including:
Receiving module, the session key after the first encryption for receiving (N)-relay transmission;First encryption is
Refer to the session that transmitting terminal generates itself according to the first shared key and the first Encryption Algorithm negotiated in advance between receiving terminal
The encryption that key carries out;Wherein, N indicates the relaying undergone when the session key of transmitting terminal is transmitted to receiving terminal
Number, for the integer more than or equal to 1;
Deciphering module, for according to the first shared key and the first decryption corresponding with the first Encryption Algorithm negotiated in advance
Algorithm is decrypted the session key after the first encryption, obtains session key, to be based on the session key and to send
End conversates.
Optionally, deciphering module is additionally operable to:
According to the N+2 shared keys and N+2 corresponding with N+2 Encryption Algorithm negotiated in advance between (N)-relay
Decipherment algorithm carries out N+2 decryption processings to the session key after progress N+2 encryptions, obtains carrying out at the first encryption
The session key of reason.
Key distribution system provided by the embodiments of the present application, transmitting terminal generate after confirming that needs conversate with receiving terminal
Session key carries out first to session key according to the first shared key and the first Encryption Algorithm negotiated in advance with receiving terminal and adds
After close processing, one be sent in N number of relaying relays;N number of relaying is relayed for receiving the upper level of transmitting terminal or the relaying
Session key after the first encryption sent, and send it to receiving terminal or next stage relaying;Receiving terminal is for receiving N
Session key after the first encryption that a relaying in a relaying is sent, and add according to the first shared key and with first
Corresponding first decipherment algorithm of close algorithm, is decrypted the session key after the first encryption to obtain session key, in turn
It conversates with transmitting terminal.In the embodiment of the present application, transmitting terminal can use first before transmitting session key to relaying
The session key is encrypted in shared key and higher first Encryption Algorithm of security level, in this way, the first relaying is (straight
Receive the relaying of transmitting terminal session key) what is received is the session key after transmitting terminal is encrypted, the relaying is not
Know the first shared key used in transmitting terminal, can not also obtain the information of the first Encryption Algorithm, therefore transmission can not be obtained
The session key information of transmission is held, and follow-up each relay transmission is that transmitting terminal carries out the meeting after first time encryption
Key is talked about, the session key of transmitting terminal can not be obtained, therefore can ensure the safety of session key.In addition, even if in the presence of
Insincere relaying, attacker can only also obtain the session key after the first encryption, and can not obtain communication pair by relaying
The session key of side.
Description of the drawings
Fig. 1 is key distribution system schematic diagram provided by the embodiments of the present application;
Fig. 2 is that transmitting terminal provided by the embodiments of the present application is relayed by N number of by the process of session cipher key delivery to receiving terminal
Schematic diagram;
Fig. 3 is Three Party Communication schematic diagram provided by the embodiments of the present application;
Fig. 4 is multi-party communication schematic diagram provided by the embodiments of the present application;
Fig. 5 is cryptographic key distribution method flow chart provided by the embodiments of the present application;
Fig. 6 is another cryptographic key distribution method flow chart provided by the embodiments of the present application;
Fig. 7 is key distribution device structure chart provided by the embodiments of the present application;
Fig. 8 is another key distribution device structure chart provided by the embodiments of the present application.
Specific implementation mode
Key distribution system provided by the embodiments of the present application, transmitting terminal generate after confirming that needs conversate with receiving terminal
Session key carries out first to session key according to the first shared key and the first Encryption Algorithm negotiated in advance with receiving terminal and adds
After close processing, one be sent in N number of relaying relays;N number of relaying is relayed for receiving the upper level of transmitting terminal or the relaying
Session key after the first encryption sent, and send it to receiving terminal or next stage relaying;Receiving terminal is for receiving N
Session key after the first encryption that a relaying in a relaying is sent, and add according to the first shared key and with first
Corresponding first decipherment algorithm of close algorithm, is decrypted the session key after the first encryption to obtain session key, in turn
It conversates with transmitting terminal.In the embodiment of the present application, transmitting terminal can use first before transmitting session key to relaying
The session key is encrypted in shared key and higher first Encryption Algorithm of security level, in this way, the first relaying connects
What is received is session key after transmitting terminal is encrypted, which is not aware that used in transmitting terminal that first is shared close
Key can not also obtain the information of the first Encryption Algorithm, therefore can not obtain the session key information of transmitting terminal transmission, and follow-up
Each relay transmission is that transmitting terminal carries out the session key after first time encryption, can not obtain the session of transmitting terminal
Key, therefore can ensure the safety of session key.In addition, even if there are can only obtain if insincere relaying attacker
Session key after one encryption, and the session key of communicating pair can not be obtained by relaying.
Embodiment one
As shown in Figure 1, be key distribution system schematic diagram 10 provided by the embodiments of the present application, including:Transmitting terminal, it is N number of in
After and receiving terminal, N be integer more than or equal to 1, wherein;
Transmitting terminal, for after confirming that needs conversate with receiving terminal, generating session key;According between receiving terminal
The first shared key and the first Encryption Algorithm negotiated in advance carry out the first encryption to session key, by the first encryption
Session key afterwards is sent to a relaying in N number of relaying.
Here, transmitting terminal can pass through physical noise source, pseudo random number is sent out after confirming that needs conversate with receiving terminal
The modes such as raw device, stream cipher generate session key.
Optionally, the distribution of the first shared key can be by safeguarding public private key pair, number between transmitting terminal and receiving terminal
Certificate, Diffie-Hellman Key Exchange Protocol, internet protocol security (Internet Protocol Security,
IPSec), the keys exchanged form such as internet key exchange protocol (Internet Key Exchange, IKE) is realized.Here,
In view of the long-term safety of shared key, transmitting terminal and receiving terminal can also pass through the rear quantum such as multivariable password, lattice password
The first shared key of cryptographic technique pair of safety is distributed, even because also not found under quantum calculation model at present
For effective attack pattern of these cryptographic techniques, generally believe that these emerging cryptographic techniques are capable of providing long-term can be used in the industry
Property and safety.
In addition, the first Encryption Algorithm can utilize symmetric cryptography, such as Advanced Encryption Standard (Advanced Encryption
Standard:AES)-cipher block chaining (Cipher-block chaining, CBC) higher algorithm of equal strength realizes,
It can also be realized using the cryptographic technique of the rear quantum safety such as multivariable password, lattice password, to ensure to add session key
Close intensity.Wherein, the first Encryption Algorithm relaying can not obtain, with this come ensure attacker can not by relay the meeting of being truncated to
Talk about key.
In specific implementation process, transmitting terminal after the session key after obtaining the first encryption, can also according to
The second shared key and the second Encryption Algorithm negotiated in advance between first relaying, it is close to the session after the first encryption of progress
After key carries out the second encryption, it is sent to first relaying;Wherein, the first relaying is in N number of relaying for receiving transmitting terminal
The relaying of the session key of transmission.
N number of relaying, the upper level for receiving transmitting terminal or the relaying relay the session after the first encryption sent
Key, and the next stage that the session key after first encryption is sent to receiving terminal or is sent to the relaying relays.
Optionally, transmitting terminal is relayed with the relaying of reception session key, the superior and the subordinate, is sent in session key to receiving terminal
After the shared key of oneself can be established between receiving terminal by quantum network, to ensure after carrying out the first encryption
Session key reliably can be transmitted to receiving terminal from transmitting terminal.Wherein, transmitting terminal and relaying, the superior and the subordinate for receiving session key
Relaying sends between the relaying and receiving terminal of session key that the shared key established respectively can be identical to receiving terminal, can also
Difference does not limit herein
In specific implementation process, carry out two of any relaying to transmitting terminal or upper level relaying transmission in N number of relaying
Session key after secondary encryption is decrypted, and obtains the session key after the first encryption, further, adds to first
It is close that treated is sent to receiving terminal or the next stage relaying of the relaying after session key is encrypted.
Receiving terminal, the session key after the first encryption for receiving one in N number of relaying relaying transmission, according to
And the first shared key of transmitting terminal negotiation and the first decipherment algorithm corresponding with the first Encryption Algorithm in advance, at the first encryption
Session key after reason is decrypted, and obtains session key, conversates with transmitting terminal to be based on the session key.
Optionally, before the session key after the first encryption of receiving terminal pair is decrypted, (N)-relay hair is being received
After session key after the progress encryption twice sent, it can also be total to according to the N+2 negotiated in advance between the (N)-relay
Enjoy key and N+2 decipherment algorithms corresponding with N+2 Encryption Algorithm, to carry out N+2 encryptions after session key into
Row N+2 decryption processings obtain the session key for carrying out the first encryption;Wherein, (N)-relay be N number of relaying in for
Receiving terminal sends the relaying of session key.
In specific implementation process, the relaying number of transmission session key is different between transmitting terminal and receiving terminal, transmission
The process of session key is different, is exemplified below.
Situation one:That is, there is a relaying in N=1.
In specific implementation process, it can execute according to the following steps:
1.1) transmitting terminal is after generating session key, according to the first shared key negotiated in advance between receiving terminal and
One Encryption Algorithm carries out the first encryption to session key;Before being sent to relaying, further according to being assisted in advance between relaying
The second shared key and the second Encryption Algorithm of quotient carries out at the second encryption the session key after the first encryption of progress
Session key after the second encryption of progress is sent to relaying by reason.
1.2) the second shared key and corresponding with the second Encryption Algorithm second that relaying basis and transmitting terminal are negotiated in advance
Decipherment algorithm carries out the second decryption processing to the session key after the second encryption of progress, obtains carrying out the first encryption
Session key, then further according to the third shared key and third Encryption Algorithm negotiated in advance between receiving terminal, to carrying out
Session key after first encryption carries out third encryption, and the session key after progress third encryption is sent to
Receiving terminal.
1.3) receiving terminal is corresponding according to the third shared key negotiated in advance between the relaying and with third Encryption Algorithm
Third decipherment algorithm, to carry out third encryption after session key carry out third decryption processing, obtain carry out first plus
The session key of close processing, further according to and the first shared key and corresponding with the first Encryption Algorithm for negotiating in advance of receiving terminal
The session key after the first encryption of progress is decrypted in one decipherment algorithm, obtains session key, and then be based on the session
Key is communicated with transmitting terminal.
Situation two:N=2, that is, exist two relaying, it is assumed that be respectively first relaying and second relaying, for ease of description with
Lower abbreviation relaying 1 and relaying 2.
In specific implementation process, it can execute according to the following steps:
2.1) transmitting terminal is after generating session key, according to the first shared key negotiated in advance between receiving terminal and
One Encryption Algorithm carries out the first encryption to session key;Before being sent to relaying 1, further according to advance between relaying 1
The second shared key and the second Encryption Algorithm negotiated carry out at the second encryption the session key after the first encryption of progress
Session key after the second encryption of progress is sent to relaying 1 by reason.
2.2) the second shared key and corresponding with the second Encryption Algorithm second that 1 basis of relaying and transmitting terminal are negotiated in advance
Decipherment algorithm carries out the second decryption processing to the session key after the second encryption of progress, obtains carrying out the first encryption
Session key, then further according to the third shared key negotiated in advance and third Encryption Algorithm between relaying 2, to carrying out the
Session key after one encryption carries out third encryption, during the session key after progress third encryption is sent to
After 2.
2.3) the third shared key and third corresponding with third Encryption Algorithm that 2 basis of relaying and relaying 1 are negotiated in advance
Decipherment algorithm carries out third decryption processing to the session key after progress third encryption, obtains carrying out the first encryption
Session key, then further according to the 4th shared key negotiated in advance between receiving terminal and the 4th Encryption Algorithm, to carrying out
Session key after first encryption carries out the 4th encryption, and the session key after the 4th encryption of progress is sent to
Receiving terminal.
2.4) receiving terminal is according to the 4th shared key negotiated in advance between relaying 2 and corresponding with the 4th Encryption Algorithm
4th decipherment algorithm carries out the 4th decryption processing to the session key after the 4th encryption of progress, obtains carrying out the first encryption
The session key of processing, further according to and the first shared key and corresponding with the first Encryption Algorithm first for negotiating in advance of receiving terminal
The session key after the first encryption of progress is decrypted in decipherment algorithm, obtains session key, and then close based on the session
Key is communicated with transmitting terminal.
Situation three:N>2, i.e., it is relayed in the presence of three or more.
As shown in Fig. 2, passing through N (N for transmitting terminal>2) a to relay the schematic diagram of session cipher key delivery to receiving terminal.Assuming that
The first shared key negotiated in advance between transmitting terminal and receiving terminal is K, and the session key that transmitting terminal generates is Ks, and F indicates the
One Encryption Algorithm, G indicate decipherment algorithm corresponding with the first Encryption Algorithm.The shared key negotiated between transmitting terminal and relaying 1
For K1, the shared key negotiated is K between relaying 1 and relaying 22... relaying the shared key negotiated between N-1 and relaying N is
Kn, the shared key negotiated is K between relaying N and receiving terminaln+1.Transmitting terminal and relaying 1, relaying 1 and relaying are assumed simultaneously
2 ... the Encryption Algorithm P negotiated between relaying N-1 and relaying N, relaying N and receiving terminal is identical, and Q is that decryption corresponding with P is calculated
Method.Here, P, Q can be realized using AES-CBC algorithms, can also be realized using fairly simple logical operation, such as with,
Exclusive or etc..
In specific implementation process, it can execute according to the following steps:
3.1) transmitting terminal carries out the first encryption after generating Ks using Kt=F (Ks, K), obtains carrying out the first encryption
Treated session key Kt before Kt is sent to relaying 1, recycles K1t=P (Kt, K1) the second encryption is carried out to Kt
Obtain K1t, by K1tIt is sent to relaying 1.
3.2) relaying 1 receives K1tAfterwards, Kt=Q (K are utilized1t, K1) to K1tBe decrypted to obtain Kt, then further according to
K2t=P (Kt, K2) Kt is encrypted to obtain K2t, by K2tIt is sent to relaying 2.
3.3) relaying 2 executes according to the following steps to relaying N-1.
A) relaying j (2≤j≤N-1) receives higher level and relays the K sentjt, utilize Kt=Q (Kjt,Kj) to KjtIt is decrypted
Obtain Kt.
B) relaying j recycles K(j+1)t=P (Kt, Kj+1) Kt is encrypted to obtain K(j+1)t, by K(j+1)tIt is sent to subordinate
Relaying.
3.4) relaying N receives the K that relaying N-1 is sentntAfterwards, Kt=Q (K are utilizednt,Kn) to KntIt is decrypted to obtain Kt,
Utilize K(n+1)t=P (Kt, Kn+1) Kt is encrypted to obtain K(n+1)t, by K(n+1)tIt is sent to receiving terminal.
3.50 receiving terminals receive K(n+1)tAfterwards, Kt=Q (K are utilized(n+1)t,Kn+1) to K(n+1)tIt is decrypted to obtain Kt, then
Kt is decrypted using Ks=G (Kt, K) to obtain Ks.
In addition, as shown in figure 3, method provided by the embodiments of the present application and Elliptic Curve Cryptography (Elliptic Curve
Cryptography, ECC) it is combined the distribution of the first shared key between communication tripartite (A, B, C) may be implemented.Such as Fig. 4 institutes
Show, method provided by the embodiments of the present application is combined with polyteny equity cryptography cutting edge technology and may be implemented in many ways end to end
Session key distribution, at this point, can be rapidly completed between multiple communication entities (A, B, C, D ...) using polyteny peer to peer technology
Without holding consultation two-by-two, while there is amount reachable mutually between this multiple communication entity in the negotiation of one shared key
When sub-network, so that it may to realize the distribution to multi-party end-to-end conversation cryptographic key based on Quantum Secure Communication.
Key distribution system provided by the embodiments of the present application, transmitting terminal generate after confirming that needs conversate with receiving terminal
Session key carries out first to session key according to the first shared key and the first Encryption Algorithm negotiated in advance with receiving terminal and adds
After close processing, one be sent in N number of relaying relays;N number of relaying is relayed for receiving the upper level of transmitting terminal or the relaying
Session key after the first encryption sent, and send it to receiving terminal or next stage relaying;Receiving terminal is for receiving N
Session key after the first encryption that a relaying in a relaying is sent, and add according to the first shared key and with first
Corresponding first decipherment algorithm of close algorithm, is decrypted the session key after the first encryption to obtain session key, in turn
It conversates with transmitting terminal.In the embodiment of the present application, transmitting terminal can use first before transmitting session key to relaying
The session key is encrypted in shared key and higher first Encryption Algorithm of security level, in this way, the first relaying connects
What is received is session key after transmitting terminal is encrypted, which is not aware that used in transmitting terminal that first is shared close
Key can not also obtain the information of the first Encryption Algorithm, therefore can not obtain the session key information of transmitting terminal transmission, in addition, the
One relaying and it is subsequent it is each relaying transmit carry out first time encryption after session key during, can also to its into
Row is encrypted again, to better ensure that the session that any relaying can not all obtain transmitting terminal during transmitting session key is close
Key, and then ensure the safety of session key.
Embodiment two
As shown in figure 5, being cryptographic key distribution method flow chart provided by the embodiments of the present application, include the following steps:
S501:Transmitting terminal generates session key after confirming that needs conversate with receiving terminal.
S502:According to the first shared key and the first Encryption Algorithm negotiated in advance between receiving terminal to session key into
The first encryption of row.
S503:Session key after first encryption is sent to the first relaying, will pass through the first relaying by first
Session key after encryption is sent to receiving terminal.
Optionally, before the session key after the first encryption being sent to the first relaying, transmitting terminal can also basis
The second shared key and the second Encryption Algorithm negotiated in advance between the first relaying are to the session after carrying out the first encryption
After key carries out the second encryption, it is sent to the first relaying, so that first relaying is close by the session after the second encryption
Key is sent to receiving terminal, or is connect so that the session key after the second encryption is sent to by first relaying by other relayings
Receiving end.
As shown in fig. 6, being another cryptographic key distribution method flow chart provided by the embodiments of the present application, include the following steps:
S601:Receiving terminal receives the session key after the first encryption that (N)-relay is sent.
Here, the first encryption refers to transmitting terminal according to the first shared key negotiated in advance between receiving terminal and
The encryption that one Encryption Algorithm carries out the session key itself generated;The session key of transmitting terminal is transmitted to by N expressions to be connect
The relaying number undergone when receiving end, for the integer more than or equal to 1.
S602:It is right according to the first shared key and the first decipherment algorithm corresponding with the first Encryption Algorithm negotiated in advance
Session key after first encryption is decrypted, and obtains session key, is carried out with transmitting terminal to be based on the session key
Session.
Optionally, before the session key after the first encryption being decrypted, receiving terminal can also according to in N
The N+2 shared keys negotiated in advance between and N+2 decipherment algorithms corresponding with N+2 Encryption Algorithm, to carrying out N+2
Session key after encryption carries out N+2 decryption processings, obtains the session key for carrying out the first encryption.
Embodiment three
Based on same inventive concept, a kind of key point corresponding with cryptographic key distribution method is additionally provided in the embodiment of the present application
Transmitting apparatus, since the principle that the device solves the problems, such as is similar to the embodiment of the present application cryptographic key distribution method, the reality of the device
The implementation for the method for may refer to is applied, overlaps will not be repeated.
As shown in fig. 7, be 70 structure chart of key distribution device provided by the embodiments of the present application, including:
Generation module 701, for after confirming that needs conversate with receiving terminal, generating session key;
Encrypting module 702, for according to the first shared key and the first Encryption Algorithm negotiated in advance between receiving terminal
First encryption is carried out to session key;
Sending module 703, for the session key after the first encryption to be sent to the first relaying, will pass through first
Session key after first encryption is sent to receiving terminal by relaying.
Optionally, sending module 703 is specifically used for:
According to the second shared key and the second Encryption Algorithm negotiated in advance between the first relaying to carrying out the first encryption
After session key the second encryption of progress that treated, it is sent to the first relaying, so that first relaying will be at the second encryption
Session key after reason is sent to receiving terminal, or so that first relaying is relayed by other by the session after the second encryption
Key is sent to receiving terminal.
As shown in figure 8, be 80 structure chart of another key distribution device provided by the embodiments of the present application, including:
Receiving module 801, the session key after the first encryption for receiving (N)-relay transmission;At first encryption
Reason refers to that transmitting terminal generates itself according to the first shared key and the first Encryption Algorithm negotiated in advance between receiving terminal
The encryption that session key carries out;Wherein, N indicates the relaying undergone when the session key of transmitting terminal is transmitted to receiving terminal
Number, for the integer more than or equal to 1;
Deciphering module 802, for according to the first shared key and corresponding with the first Encryption Algorithm first negotiated in advance
Decipherment algorithm is decrypted the session key after the first encryption, obtains session key, so as to be based on the session key with
Transmitting terminal conversates.
Optionally, deciphering module 802 is additionally operable to:
According to the N+2 shared keys and N+2 corresponding with N+2 Encryption Algorithm negotiated in advance between (N)-relay
Decipherment algorithm carries out N+2 decryption processings to the session key after progress N+2 encryptions, obtains carrying out at the first encryption
The session key of reason.
It should be understood by those skilled in the art that, embodiments herein can be provided as method, system or computer program
Product.Therefore, complete hardware embodiment, complete software embodiment or reality combining software and hardware aspects can be used in the application
Apply the form of example.Moreover, the application can be used in one or more wherein include computer usable program code computer
The computer program production implemented in usable storage medium (including but not limited to magnetic disk storage, CD-ROM, optical memory etc.)
The form of product.
The application is flow of the reference according to method, apparatus (system) and computer program product of the embodiment of the present application
Figure and/or block diagram describe.It should be understood that can be realized by computer program instructions every first-class in flowchart and/or the block diagram
The combination of flow and/or box in journey and/or box and flowchart and/or the block diagram.These computer programs can be provided
Instruct the processor of all-purpose computer, special purpose computer, Embedded Processor or other programmable data processing devices to produce
A raw machine so that the instruction executed by computer or the processor of other programmable data processing devices is generated for real
The device for the function of being specified in present one flow of flow chart or one box of multiple flows and/or block diagram or multiple boxes.
These computer program instructions, which may also be stored in, can guide computer or other programmable data processing devices with spy
Determine in the computer-readable memory that mode works so that instruction generation stored in the computer readable memory includes referring to
Enable the manufacture of device, the command device realize in one flow of flow chart or multiple flows and/or one box of block diagram or
The function of being specified in multiple boxes.
These computer program instructions also can be loaded onto a computer or other programmable data processing device so that count
Series of operation steps are executed on calculation machine or other programmable devices to generate computer implemented processing, in computer or
The instruction executed on other programmable devices is provided for realizing in one flow of flow chart or multiple flows and/or block diagram one
The step of function of being specified in a box or multiple boxes.
Although the preferred embodiment of the application has been described, created once a person skilled in the art knows basic
Property concept, then additional changes and modifications may be made to these embodiments.So it includes excellent that the following claims are intended to be interpreted as
It selects embodiment and falls into all change and modification of the application range.
Obviously, those skilled in the art can carry out the application essence of the various modification and variations without departing from the application
God and range.In this way, if these modifications and variations of the application belong to the range of the application claim and its equivalent technologies
Within, then the application is also intended to include these modifications and variations.
Claims (10)
1. a kind of key distribution system, which is characterized in that including:Transmitting terminal, N number of relaying and receiving terminal, N are more than or equal to 1
Integer, wherein;
The transmitting terminal, for after confirming that needs conversate with the receiving terminal, generating session key;According to receiving terminal
Between the first shared key for negotiating in advance and the first Encryption Algorithm the first encryption is carried out to the session key, by first
Session key after encryption is sent to a relaying in N number of relaying;
N number of relaying, after the upper level for receiving the transmitting terminal or the relaying relays the first encryption sent
Session key, and the session key after first encryption is sent to receiving terminal or is sent in the next stage of the relaying
After;
The receiving terminal, the session key after the first encryption for receiving one in N number of relaying relaying transmission,
According to first shared key negotiated in advance and the first decipherment algorithm corresponding with first Encryption Algorithm, to described
Session key after one encryption is decrypted to obtain the session key.
2. the system as claimed in claim 1, which is characterized in that the transmitting terminal is specifically used for:
It is shared according to negotiate in advance between the first relaying second after the session key after obtaining first encryption
Key and the second Encryption Algorithm are sent after carrying out the second encryption to the session key after progress first encryption
Give first relaying;First relaying is one for receiving the session key that the transmitting terminal is sent in N number of relaying
A relaying;
Any relaying in N number of relaying is specifically used for:
Session key after the progress encryption twice sent to the transmitting terminal or upper level relaying is decrypted, and obtains institute
State the session key after the first encryption;It is sent to after session key after first encryption is encrypted
The next stage of the receiving terminal or the relaying relays;
The receiving terminal is additionally operable to:
Before session key after first encryption is decrypted, the progress of (N)-relay transmission is being received twice
After session key after encryption, add according to the N+2 shared keys negotiated in advance between the (N)-relay and with N+2
The corresponding N+2 decipherment algorithms of close algorithm carry out N+2 decryption processings to carrying out the session key after N+2 encryptions, obtain
To the session key for carrying out the first encryption;Wherein, the (N)-relay is to be used for the receiving terminal in N number of relaying
Send a relaying of session key.
3. a kind of cryptographic key distribution method, which is characterized in that including:
Transmitting terminal generates session key after confirming that needs conversate with receiving terminal;
The is carried out to the session key according to the first shared key and the first Encryption Algorithm negotiated in advance between receiving terminal
One encryption;
Session key after first encryption is sent to the first relaying.
4. method as claimed in claim 3, which is characterized in that the session key by after the first encryption is sent to
One relaying, including:
According to the second shared key and the second Encryption Algorithm negotiated in advance between first relaying to carrying out described first
After session key after encryption carries out the second encryption, it is sent to first relaying.
5. a kind of cryptographic key distribution method, which is characterized in that including:
Receiving terminal receives the session key after the first encryption that (N)-relay is sent;First encryption refers to described
Transmitting terminal is close according to the session that the first shared key and the first Encryption Algorithm negotiated in advance between receiving terminal generate itself
The encryption that key carries out;Wherein, in being undergone when the session key of the transmitting terminal is transmitted to the receiving terminal by N expressions
After number, for the integer more than or equal to 1;
According to first shared key negotiated in advance and the first decipherment algorithm corresponding with first Encryption Algorithm, to institute
It states the session key after the first encryption to be decrypted, obtains the session key.
6. method as claimed in claim 5, which is characterized in that the session key after first encryption is decrypted
Before, further include:
According to the N+2 shared keys and N+2 corresponding with N+2 Encryption Algorithm negotiated in advance between the (N)-relay
Decipherment algorithm carries out N+2 decryption processings to the session key after progress N+2 encryptions, obtains carrying out at the first encryption
The session key of reason.
7. a kind of key distribution device, which is characterized in that including:
Generation module, for after confirming that needs conversate with receiving terminal, generating session key;
Encrypting module, for according to the first shared key and the first Encryption Algorithm negotiated in advance between receiving terminal to the meeting
It talks about key and carries out the first encryption;
Sending module, for the session key after the first encryption to be sent to the first relaying.
8. device as claimed in claim 7, which is characterized in that the sending module is specifically used for:
According to the second shared key and the second Encryption Algorithm negotiated in advance between first relaying to carrying out described first
After session key after encryption carries out the second encryption, it is sent to first relaying.
9. a kind of cryptographic key distribution method device, which is characterized in that including:
Receiving module, the session key after the first encryption for receiving (N)-relay transmission;First encryption is
Refer to what the transmitting terminal generated itself according to the first shared key and the first Encryption Algorithm negotiated in advance between receiving terminal
The encryption that session key carries out;Wherein, it is passed through when the session key of the transmitting terminal is transmitted to the receiving terminal by N expressions
The relaying number gone through, for the integer more than or equal to 1;
Deciphering module, for according to first shared key negotiated in advance and with first Encryption Algorithm corresponding first
Decipherment algorithm is decrypted the session key after first encryption, obtains the session key.
10. device as claimed in claim 9, which is characterized in that the deciphering module is additionally operable to:
According to the N+2 shared keys and N+2 corresponding with N+2 Encryption Algorithm negotiated in advance between the (N)-relay
Decipherment algorithm carries out N+2 decryption processings to the session key after progress N+2 encryptions, obtains carrying out at the first encryption
The session key of reason.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710051861.6A CN108337084A (en) | 2017-01-20 | 2017-01-20 | A kind of key distribution system, method and device |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710051861.6A CN108337084A (en) | 2017-01-20 | 2017-01-20 | A kind of key distribution system, method and device |
Publications (1)
Publication Number | Publication Date |
---|---|
CN108337084A true CN108337084A (en) | 2018-07-27 |
Family
ID=62921945
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710051861.6A Pending CN108337084A (en) | 2017-01-20 | 2017-01-20 | A kind of key distribution system, method and device |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108337084A (en) |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108900552A (en) * | 2018-08-16 | 2018-11-27 | 北京海泰方圆科技股份有限公司 | Cryptographic key distribution method and device, key acquisition method and device |
CN111404672A (en) * | 2019-01-02 | 2020-07-10 | 中国移动通信有限公司研究院 | Quantum key distribution method and device |
CN112242977A (en) * | 2019-07-18 | 2021-01-19 | 深圳市文鼎创数据科技有限公司 | Data transmission method and data transmission system |
CN117254913A (en) * | 2023-11-17 | 2023-12-19 | 央视频融媒体发展有限公司 | Interactive data identification method and device |
Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101534236A (en) * | 2008-03-11 | 2009-09-16 | 华为技术有限公司 | Encryption method and device for relay station communication |
US20090262942A1 (en) * | 2008-04-22 | 2009-10-22 | Nec Corporation | Method and system for managing shared random numbers in secret communication network |
CN102394745A (en) * | 2011-11-15 | 2012-03-28 | 北京邮电大学 | Quality of service realization method applied to quantum key distribution network |
WO2012139174A1 (en) * | 2011-04-15 | 2012-10-18 | Quintessencelabs Pty Ltd | Qkd key management system |
CN102811440A (en) * | 2011-06-03 | 2012-12-05 | 苏州两江科技有限公司 | Wireless sensor network safety transmission method based on watermarking technology |
CN103905389A (en) * | 2012-12-26 | 2014-07-02 | 华为终端有限公司 | Relay equipment-based security association, data transmission method, device and system |
CN105915337A (en) * | 2016-05-27 | 2016-08-31 | 安徽问天量子科技股份有限公司 | Quantum encryption microwave relay communication system and quantum encryption microwave relay communication method |
US20160366115A1 (en) * | 2015-06-09 | 2016-12-15 | Verizon Patent And Licensing Inc. | Call encryption systems and methods |
-
2017
- 2017-01-20 CN CN201710051861.6A patent/CN108337084A/en active Pending
Patent Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101534236A (en) * | 2008-03-11 | 2009-09-16 | 华为技术有限公司 | Encryption method and device for relay station communication |
US20090262942A1 (en) * | 2008-04-22 | 2009-10-22 | Nec Corporation | Method and system for managing shared random numbers in secret communication network |
WO2012139174A1 (en) * | 2011-04-15 | 2012-10-18 | Quintessencelabs Pty Ltd | Qkd key management system |
CN102811440A (en) * | 2011-06-03 | 2012-12-05 | 苏州两江科技有限公司 | Wireless sensor network safety transmission method based on watermarking technology |
CN102394745A (en) * | 2011-11-15 | 2012-03-28 | 北京邮电大学 | Quality of service realization method applied to quantum key distribution network |
CN103905389A (en) * | 2012-12-26 | 2014-07-02 | 华为终端有限公司 | Relay equipment-based security association, data transmission method, device and system |
US20160366115A1 (en) * | 2015-06-09 | 2016-12-15 | Verizon Patent And Licensing Inc. | Call encryption systems and methods |
CN105915337A (en) * | 2016-05-27 | 2016-08-31 | 安徽问天量子科技股份有限公司 | Quantum encryption microwave relay communication system and quantum encryption microwave relay communication method |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108900552A (en) * | 2018-08-16 | 2018-11-27 | 北京海泰方圆科技股份有限公司 | Cryptographic key distribution method and device, key acquisition method and device |
CN111404672A (en) * | 2019-01-02 | 2020-07-10 | 中国移动通信有限公司研究院 | Quantum key distribution method and device |
CN111404672B (en) * | 2019-01-02 | 2023-05-09 | 中国移动通信有限公司研究院 | Quantum key distribution method and device |
CN112242977A (en) * | 2019-07-18 | 2021-01-19 | 深圳市文鼎创数据科技有限公司 | Data transmission method and data transmission system |
CN117254913A (en) * | 2023-11-17 | 2023-12-19 | 央视频融媒体发展有限公司 | Interactive data identification method and device |
CN117254913B (en) * | 2023-11-17 | 2024-01-30 | 央视频融媒体发展有限公司 | Interactive data identification method and device |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
JP5349619B2 (en) | Identity-based authentication key agreement protocol | |
CN105306492B (en) | A kind of asynchronous cryptographic key negotiation method and device for security instant communication | |
US20100042841A1 (en) | Updating and Distributing Encryption Keys | |
CN106878016A (en) | Data is activation, method of reseptance and device | |
Ahmed et al. | Diffie-Hellman and its application in security protocols | |
CN109274502B (en) | Method and device for creating public key encryption and key signature and readable storage medium | |
CN110087240B (en) | Wireless network security data transmission method and system based on WPA2-PSK mode | |
Liu et al. | Improved group off-the-record messaging | |
CN108337084A (en) | A kind of key distribution system, method and device | |
CN113852460B (en) | Implementation method and system for enhancing working key security based on quantum key | |
CN104901803A (en) | Data interaction safety protection method based on CPK identity authentication technology | |
CN113242122B (en) | Encryption method based on DH and RSA encryption algorithm | |
CN113014386B (en) | Cryptographic system based on multiparty collaborative computing | |
CN108075879A (en) | The method, apparatus and system of a kind of data encryption and decryption | |
CN111416712B (en) | Quantum secret communication identity authentication system and method based on multiple mobile devices | |
CN109845184A (en) | A kind of data ciphering method and device of instant messaging | |
CN108337087A (en) | Diffie-Hellman Encryption Algorithm based on crypto vector and Fibonacci matrix | |
KR100456624B1 (en) | Authentication and key agreement scheme for mobile network | |
JP2006140743A (en) | Method for delivering common key | |
CN113242129B (en) | End-to-end data confidentiality and integrity protection method based on lattice encryption | |
CN106330430B (en) | A kind of third party's method of mobile payment based on NTRU | |
JP2006262425A (en) | Mutual authentication on network by public key cryptosystem, and mutual exchange system of public key | |
WO2022185328A1 (en) | System and method for identity-based key agreement for secure communication | |
CA3204279A1 (en) | System and method for key establishment | |
CN110365482B (en) | Data communication method and device |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20180727 |