CN108964904A - Group cipher method for managing security, device, electronic equipment and storage medium - Google Patents

Group cipher method for managing security, device, electronic equipment and storage medium Download PDF

Info

Publication number
CN108964904A
CN108964904A CN201810780127.8A CN201810780127A CN108964904A CN 108964904 A CN108964904 A CN 108964904A CN 201810780127 A CN201810780127 A CN 201810780127A CN 108964904 A CN108964904 A CN 108964904A
Authority
CN
China
Prior art keywords
group
user equipment
initialization
detecting
information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201810780127.8A
Other languages
Chinese (zh)
Other versions
CN108964904B (en
Inventor
陈建铭
王光杰
王景行
吴祖扬
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Graduate School Harbin Institute of Technology
Original Assignee
Shenzhen Graduate School Harbin Institute of Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Graduate School Harbin Institute of Technology filed Critical Shenzhen Graduate School Harbin Institute of Technology
Priority to CN201810780127.8A priority Critical patent/CN108964904B/en
Publication of CN108964904A publication Critical patent/CN108964904A/en
Application granted granted Critical
Publication of CN108964904B publication Critical patent/CN108964904B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0891Revocation or update of secret information, e.g. encryption key update or rekeying
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/083Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
    • H04L9/0833Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP] involving conference or group key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3066Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Small-Scale Networks (AREA)

Abstract

A kind of group cipher method for managing security, comprising: group key agreement and initialization are carried out to the user equipment in group;All user equipmenies group cipher after initialization being distributed in group;When the state for detecting the user equipment in group changes, group key agreement and initialization are carried out again, and the group cipher after initializing again is distributed to all user equipmenies in group.The present invention also provides a kind of group cipher security control apparatus, electronic equipment and storage mediums.The present invention can be when there is user equipment to leave or be added, group cipher is initialized, group cipher after initialization is redistributed to the user equipment in group, group cipher is avoided to be leaked, communication calculation amount is reduced while improving the safety of user equipment communication in group.

Description

Group cipher method for managing security, device, electronic equipment and storage medium
Technical field
The present invention relates to technical field of network security, and in particular to a kind of group cipher method for managing security, device, electronics are set Standby and storage medium.
Background technique
Existing Group key management method is the key distribution management method based on Key Distribution Center mostly, in group User equipment need to send message two-by-two, larger so as to cause traffic, the traffic of this high complexity is resource-constrained Environment of internet of things under be difficult to meet actual demand.
In addition, group cipher can't occur when having new user equipment to be added in group or having user equipment to exit group Change, so easily leads to group cipher leakage, the safety of group cipher is lower, and the communication security of the user equipment in group cannot be protected Barrier.
Summary of the invention
In view of the foregoing, it is necessary to propose that a kind of group cipher method for managing security, device, electronic equipment and storage are situated between Matter can initialize group cipher, the group cipher after initialization is divided again when there is user equipment to leave or be added The user equipment in group is issued, group cipher is avoided to be leaked, is reduced while improving the safety of user equipment communication in group logical Interrogate calculation amount.
The first aspect of the present invention provides a kind of group cipher method for managing security, is applied in electronic equipment, the method Include:
Group key agreement and initialization are carried out to the user equipment in group;
All user equipmenies group cipher after initialization being distributed in group;
When the state for detecting the user equipment in group changes, group key agreement and initialization are carried out again, and Group cipher after initializing again is distributed to all user equipmenies in group.
Preferably, the user equipment in group carries out group key agreement and initialization includes:
11) according to the node u of user equipment N11, k1,2=s1P2Elliptic curve point k1,2=(x1,2, y1,2), successively calculateB1=h (u1||u2||t1,2)、NK1=B1And information m1={ NK1, node u1Send information m1To next section Point u2
12) node ui(i ∈ { 2,3..., n-1 }) receives the information m that previous node is senti-1After parse it is therein Information NKi-1, B is successively calculated according to step 11)iAnd information mi={ NKi, node uiSend miIt gives down One node ui+1
13) node unReceive information mn-1After parse information NK thereinn-1, successively calculate BnBn-1And information mn={ MKn, node unSend information mnGive node un-1
14) node ui(i ∈ { 2,3..., n-1 }) receives information mi+1After parse information MK thereini+1, successively count It calculatesBi-1And information mi={ MKi, node uiSend information mi={ MKiGive node ui-1;And
15) node u1Receive information m2Later, information MK is parsed2, and calculate
In above-mentioned steps 11) -15) in, n is the quantity of user equipment in network;S is Key Distribution Center;NiFor network In node;siFor user equipment NiPrivate key;piFor user equipment NiPublic key;uiFor user equipment NiIdentity information;U is User equipment identity information list in group;Q is big prime number;P is the rank of elliptic curve;G is the basic point of elliptic curve;| | connection Operation;For xor operation.
Preferably, the state for detecting the user equipment in group changes including including:
Whether the quantity of the user equipment in detecting group is reduced;
When the quantity for detecting the user equipment in group is reduced, determines and detect the state hair of the user equipment in group Changing;Or
When the quantity for detecting the user equipment in group is not reduced, whether the quantity for detecting the user equipment in group increases Add;
When detecting the quantity increase of the user equipment in group, determines and detect the state hair of the user equipment in group Changing;Or
When the quantity for detecting the user equipment in group does not increase, the user equipment detected in group identifies whether to send out Changing;
When the mark for detecting the user equipment in group changes, determines and detect the shape of the user equipment in group State changes.
Preferably, when the state for detecting user equipment changes to detect the quantity of user equipment and subtract When few, the progress group key agreement again and initialization include:
It carries out first to the user equipment identity information list in group to update, according to the first updated user equipment identity Information list carries out group key agreement and initialization.
Preferably, when the state for detecting user equipment changes to detect the quantity of user equipment and increase Added-time, the progress group key agreement again and initialization include:
Second is carried out to the nodal information of the user equipment in group to update, and group is carried out according to the second updated nodal information Key agreement and initialization.
Preferably, when the state for detecting user equipment changes to detect the quantity of user equipment and do not send out Changing but when the mark of user equipment changes, it is described to carry out group key agreement again and initialization includes:
Third update is carried out to the nodal information of the user equipment in group, group is carried out according to the updated nodal information of third Key agreement and initialization.
Preferably, shown after the group cipher by after initialization again is distributed to all user equipmenies in group Method further include:
Judge all the user equipmenies whether group cipher has successfully been distributed in group;
When determining transmission failure, group key agreement and initialization or retransmission are re-started.
The second aspect of the present invention provides a kind of group cipher security control apparatus, runs in electronic equipment, described device Include:
First initialization module carries out group cipher association to the user equipment in group for carrying out group key agreement and initialization Quotient and initialization;
First sending module, for the group cipher after initialization to be distributed to all user equipmenies in group;
Whether detecting module, the state for detecting the user equipment in group change;
Second initialization module, the state for detecting the user equipment in group when the detecting module change When, group key agreement and initialization are carried out again;
Second sending module, for the group cipher after initializing again to be distributed to all user equipmenies in group.
The third aspect of the present invention provides a kind of electronic equipment, and the electronic equipment includes processor, and the processor is used The group cipher method for managing security is realized when executing the computer program stored in memory.
The fourth aspect of the present invention provides a kind of computer readable storage medium, is stored thereon with computer program, described The group cipher method for managing security is realized when computer program is executed by processor.
The present invention solves the problems, such as carrying out safely and effectively group communication, energy under environment of internet of things between user equipment Enough so that being initialized to group cipher when there is user equipment to be added or leave, the group cipher after initialization being divided again The user equipment in group is issued, group cipher is avoided to be leaked, is reduced while improving the safety of user equipment communication in group logical Interrogate calculation amount.And due to the high efficiency of its communication, it can guarantee adaptability better for environment of internet of things, realize resource With the maximization of safety.
Detailed description of the invention
In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, to embodiment or will show below There is attached drawing needed in technical description to be briefly described, it should be apparent that, the accompanying drawings in the following description is only this The embodiment of invention for those of ordinary skill in the art without creative efforts, can also basis The attached drawing of offer obtains other attached drawings.
Fig. 1 is the flow chart for the group cipher method for managing security that the embodiment of the present invention one provides.
Fig. 2 is the Signalling exchange schematic diagram of the process of the group cipher initialization in the embodiment of the present invention.
Fig. 3 is the structure chart of group cipher security control apparatus provided by Embodiment 2 of the present invention.
Fig. 4 is the schematic diagram for the electronic equipment that the embodiment of the present invention three provides.
The present invention that the following detailed description will be further explained with reference to the above drawings.
Specific embodiment
To better understand the objects, features and advantages of the present invention, with reference to the accompanying drawing and specific real Applying example, the present invention will be described in detail.It should be noted that in the absence of conflict, the embodiment of the present invention and embodiment In feature can be combined with each other.
Preferably, group cipher method for managing security of the invention is applied in one or more electronic equipment.The electricity Sub- equipment is that one kind can be according to the instruction for being previously set or storing, the automatic equipment for carrying out numerical value calculating and/or information processing, Its hardware includes but is not limited to microprocessor, specific integrated circuit, programmable gate array, embedded device etc..
The electronic equipment can be desktop PC or cloud server etc. and calculate equipment.The electronic equipment can be with Human-computer interaction is carried out by modes such as keyboard, mouse, remote controler, touch tablet or voice-operated devices with user.
The group cipher method for managing security also can be applied to by electronic equipment and by network and the electronic equipment In the hardware environment that the server being attached is constituted.Network includes but is not limited to: wide area network, Metropolitan Area Network (MAN) or local area network.This The group cipher method for managing security of inventive embodiments can be executed by server, can also be executed by electronic equipment, may be used also Being executed jointly by server and electronic equipment.
For example, can directly collect cost on an electronic device for the electronic equipment for needing to carry out group cipher safety management Group cipher safety management function provided by the method for invention, or installation is for realizing the client of method of the invention.Again Such as, method provided by the present invention can be in the form of Software Development Kit (Software Development Kit, SDK) Operate in the equipment such as server, in the form of SDK provide group cipher safety management function interface, electronic equipment or other set The safety management to group cipher can be realized in the standby interface by providing.
Embodiment one
Fig. 1 is the flow chart for the group cipher method for managing security that the embodiment of the present invention one provides.The group cipher bursting tube Reason method is applied to electronic equipment.The execution sequence in flow chart shown in Fig. 1 can change according to different requirements, Mou Xiebu Suddenly it can be omitted.
As shown in Figure 1, the group cipher method for managing security specifically includes the following steps:
Step 101: group key agreement and initialization are carried out to the user equipment in group.
In the present embodiment, the electronic equipment can receive institute in group before group cipher is held consultation and initialized There is the registration request of user equipment;The user equipment that registration request is verified is registered.
It is the Signalling exchange signal of the process of the group cipher initialization in the embodiment of the present invention shown in referring to Figure 2 together Figure.In the present embodiment, the detailed process that the electronic equipment carries out group key agreement and initialization to the user equipment in group can To include:
11) according to the node u of user equipment N11, k1,2=s1P2Elliptic curve point k1,2=(x1,2, y1,2), successively calculateB1=h (u1||u2||t1,2)、NK1=B1And information m1={ NK1, node u1Send information m1To next section Point u2
12) node ui(i ∈ { 2,3..., n-1 }) receives the information m that previous node is senti-1After parse it is therein Information NKi-1, B is successively calculated according to step 11)iAnd information mi={ NKi, node uiSend miIt gives down One node ui+1
13) node unReceive information mn-1After parse information NK thereinn-1, successively calculate BnBn-1And information mn={ MKn, node unSend information mnGive node un-1
14) node ui(i ∈ { 2,3..., n-1 }) receives information mi+1After parse information MK thereini+1, successively count It calculatesBi-1And information mi={ MKi, node uiSend information mi={ MKiGive node ui-1;And
15) node u1Receive information m2Later, information MK is parsed2, and calculate
In above-mentioned steps 11) -15) in, n is the quantity of user equipment in network;S is Key Distribution Center;NiFor network In node;siFor user equipment NiPrivate key;piFor user equipment NiPublic key;uiFor user equipment NiIdentity information;U is User equipment identity information list in group;Q is big prime number;P is the rank of elliptic curve;G is the basic point of elliptic curve;| | connection Operation;For xor operation.
It should be understood that a node is equivalent to a user equipment, the i.e. corresponding node of a user equipment.
Step 102: all user equipmenies group cipher after initialization being distributed in group.
In the present embodiment, can a Key Distribution Center be arranged for the main group in advance in the electronic equipment.In Internet of Things Under net environment, distribution and pipe that a trusted entity carries out main group key as Key Distribution Center can be set for main group Reason.Group cipher is distributed to each user equipment by Key Distribution Center by the electronic equipment, between all user equipmenies The same group cipher is shared, the group cipher is used to guarantee the safety of the communication between user equipment and user equipment.
Step 103: when the state for detecting the user equipment in group changes, again carry out group key agreement and just Beginningization, and the group cipher after initializing again is distributed to all user equipmenies in group.
In the present embodiment, the state of the user equipment in the group change may include one or more of group Close: the quantity of the user equipment in group changes;The mark of user equipment in group changes.The present invention, which does not do this, to be had Body limits, and any variation, which occurs, can think that the state of the user equipment in group is changed.
In the present embodiment, the quantity of the user equipment in the group change include: user equipment in group quantity Increase or reduces.The quantity of user equipment in the group increases the user equipment for indicating new and is added in group.In the group User equipment quantity reduction indicate that user equipment has exited group.
Further, the state for detecting the user equipment in group change include: detect group in user set Whether standby quantity is reduced;When the quantity for detecting the user equipment in group is reduced, determine that the user detected in group sets Standby state changes;When the quantity for detecting the user equipment in group is not reduced, the user equipment in group is detected Whether quantity increases;When detecting the quantity increase of the user equipment in group, the user equipment detected in group is determined State changes;When the quantity for detecting the user equipment in group does not increase, the mark of the user equipment in group is detected Whether change;When the mark for detecting the user equipment in group changes, determine that the user detected in group sets Standby state changes.
Whether the quantity by first detecting the user equipment in group, which is reduced, judges whether the state of the user equipment in group is sent out Changing;Whether increase and judge in group when quantification is not reduced, then through the quantity of the user equipment in detecting group Whether the state of user equipment changes;Finally when quantification does not also increase, pass through the user equipment in detecting group The state for identifying whether to change to judge the user equipment in group whether change.It so can guarantee and work as original use Family equipment exit group cause user equipment in group quantity reduce when, can first time discovery group in user equipment shape State is changed, and timely carries out group key agreement and initialization, it is ensured that the user equipment for exiting group will not be by group cipher It leaks out.Secondly, carrying out group cipher when there is new user equipment that the quantity increase for causing user equipment in group is added in group Negotiate and initialize, it is ensured that the user equipment being newly added can not know original group cipher, guarantee original user equipment in group Communication safety.Finally to there is new user equipment to be added in group, while original user equipment exits group and causes in group Number of user equipment is constant but group in the mark of user equipment when changing, carry out group key agreement and initialization group cipher. In addition, quantity changes more can intuitively react the state of the user equipment in group and changed than identifying to change, Thus, whether the preferential quantity for detecting user equipment changes, then detects user equipment and identify whether to change, and saves detecting Time, reduce calculation amount.
Further, when the state for detecting user equipment changes to detect the quantity of user equipment and reduce When, it is described to carry out group key agreement again and initialization may include: to carry out the to the user equipment identity information list in group One updates, and carries out group key agreement and initialization according to the first updated user equipment identity information list.
For example, working as user equipment uiWhen exiting group, according to user equipment uiNode location redistribute the user in group and set Standby identity information list U={ u1, u2..., un-1, according to the U={ u redistributed1, u2..., un-1According to step 12)- 15) group key agreement and initialization are carried out.
Further, when the state for detecting user equipment changes to detect the quantity of user equipment and increase When, it is described to carry out group key agreement again and initialize to may include: to carry out second to the nodal information of the user equipment in group It updates, group key agreement and initialization is carried out according to the second updated nodal information.
For example, working as user equipment uiWhen being added in group, according to user equipment uiNode location redistribute the user in group Equipment identity information list U={ u1, u2..., un, un+1};According to the U={ u redistributed1, u2..., un, un+1According to step Rapid 12) -15) group key agreement and initialization are carried out.
Further, when the state for detecting user equipment change for detect the quantity of user equipment there is no It is described to carry out group key agreement again and initialize to may include: in group when the mark of variation but user equipment changes The nodal information of user equipment carry out third update, group key agreement and initial is carried out according to the updated nodal information of third Change.
For example, working as user equipment uiExit group, and user equipment ujWhen being added in group, according to user equipment uiAnd ujSection Redistribute the user equipment identity information list U={ u in group in point position1, u2..., un};According to the U={ u redistributed1, u2..., unAccording to step 12) -15) carry out group key agreement and initialization.
Preferably, after group cipher after by initializing again is distributed to all user equipmenies in group, shown method It can also include: all user equipmenies for judging the group cipher and whether being successfully distributed in group, send failure determining When, re-start group key agreement and initialization or retransmission.
Group cipher method for managing security described in the embodiment of the present invention, in group user equipment carry out group key agreement and Initialization;All user equipmenies group cipher after initialization being distributed in group;When the shape for detecting the user equipment in group When state changes, group key agreement and initialization are carried out again, and the group cipher after initializing again is distributed in group All user equipmenies.The present invention, which solves, is carrying out asking for safely and effectively group communication between user equipment under environment of internet of things Topic enables to initialize group cipher, when there is user equipment to be added or leave by the group cipher weight after initialization The user equipment being newly distributed in group, avoids group cipher from being leaked, and drops while improving the safety of user equipment communication in group Low pass interrogates calculation amount.And due to the high efficiency of its communication, it can guarantee adaptability better for environment of internet of things, realize The maximization of resource and safety.
Above-mentioned Fig. 1-2 describes group cipher method for managing security of the invention in detail, right respectively below with reference to the 3rd~4 figure It realizes the functional module of the software systems of the group cipher method for managing security and realizes the group cipher method for managing security Hardware system structure be introduced.
It should be appreciated that the embodiment is only purposes of discussion, do not limited by this structure in patent claim.
Embodiment two
Fig. 3 is the functional block diagram of group cipher security control apparatus provided by Embodiment 2 of the present invention.
Group cipher security control apparatus 30 is run in electronic equipment.The group cipher security control apparatus 30 may include Multiple functional modules as composed by program code segments.The program of each program segment in the group cipher security control apparatus 30 Code can store in the memory of the electronic equipment, and as performed by least one processor of the electronic equipment, To execute distribution and management to group cipher.
In the present embodiment, function of the group cipher security control apparatus 30 according to performed by it can be divided into more A functional module.The functional module may include: the first initialization module 301, the first sending module 302, detecting module 303, the second initialization module 304, the second sending module 305, the first update module 306, the second update module 307 and third be more New module 308.It is communicated between above-mentioned modules by least one communication bus.It invents so-called module and refers to that one kind can Performed by processor and the series of computation machine program segment of fixed function can be completed, storage is in memory.At this In embodiment, the function about each module will be described in detail in subsequent embodiment.
First initialization module 301, for carrying out group key agreement and initialization to the user equipment in group.
In the present embodiment, the electronic equipment can receive institute in group before group cipher is held consultation and initialized There is the registration request of user equipment;The user equipment that registration request is verified is registered.
It is the Signalling exchange signal of the process of the group cipher initialization in the embodiment of the present invention shown in referring to Figure 2 together Figure.In the present embodiment, the user equipment in first initialization module, 301 couples of groups carries out the tool of group key agreement and initialization Body process may include:
11) according to the node u of user equipment N11, k1,2=s1P2Elliptic curve point k1,2=(x1,2, y1,2), successively calculateB1=h (u1||u2||t1,2)、NK1=B1And information m1={ NK1, node u1Send information m1To next section Point u2
12) node ui(i ∈ { 2,3..., n-1 }) receives the information m that previous node is senti-1After parse it is therein Information NKi-1, B is successively calculated according to step 11)iAnd information mi={ NKi, node uiSend miIt gives down One node ui+1
13) node unReceive information mn-1After parse information NK thereinn-1, successively calculate BnBn-1And information mn={ MKn, node unSend information mnGive node un-1
14) node ui(i ∈ { 2,3..., n-1 }) receives information mi+1After parse information MK thereini+1, successively count It calculatesBi-1And information mi={ MKi, node uiSend information mi={ MKiGive node ui-1;And
15) node u1Receive information m2Later, information MK is parsed2, and calculate
In above-mentioned steps 11) -15) in, n is the quantity of user equipment in network;S is Key Distribution Center;NiFor network In node;siFor user equipment NiPrivate key;piFor user equipment NiPublic key;uiFor user equipment NiIdentity information;U is User equipment identity information list in group;Q is big prime number;P is the rank of elliptic curve;G is the basic point of elliptic curve;| | connection Operation;For xor operation.
It should be understood that a node is equivalent to a user equipment, the i.e. corresponding node of a user equipment.
First sending module 302, for the group cipher after initialization to be distributed to all user equipmenies in group.
In the present embodiment, can a Key Distribution Center be arranged for the main group in advance in the electronic equipment.In Internet of Things Under net environment, distribution and pipe that a trusted entity carries out main group key as Key Distribution Center can be set for main group Reason.Group cipher is distributed to each user equipment by Key Distribution Center by the electronic equipment, between all user equipmenies The same group cipher is shared, the group cipher is used to guarantee the safety of the communication between user equipment and user equipment.
Whether detecting module 303, the state for detecting the user equipment in group change.
Second initialization module 304, the state for detecting the user equipment in group when the detecting module 303 occur When variation, group key agreement and initialization are carried out again.
Second sending module 305, for the group cipher after initializing again to be distributed to all user equipmenies in group.
In the present embodiment, the state of the user equipment in the group change may include one or more of group Close: the quantity of the user equipment in group changes;The mark of user equipment in group changes.The present invention, which does not do this, to be had Body limits, and any variation, which occurs, can think that the state of the user equipment in group is changed.
In the present embodiment, the quantity of the user equipment in the group change include: user equipment in group quantity Increase or reduces.The quantity of user equipment in the group increases the user equipment for indicating new and is added in group.In the group User equipment quantity reduction indicate that user equipment has exited group.
Further, whether the quantity that the detecting module 303 can be also used for the user equipment in detecting group is reduced;When When the quantity that detecting module 303 detects the user equipment in group is reduced, determines and detect the state of the user equipment in group It changes;When the quantity that detecting module 303 detects the user equipment in group is not reduced, the user equipment in group is detected Quantity whether increase;When detecting module 303 detects the quantity increase of the user equipment in group, determination is detected in group The state of user equipment change;When the quantity that detecting module 303 detects the user equipment in group does not increase, detect The user equipment surveyed in group identifies whether to change;When detecting module 303 detects the mark hair of the user equipment in group When changing, determine that the state for detecting the user equipment in group changes.
Whether the quantity by first detecting the user equipment in group, which is reduced, judges whether the state of the user equipment in group is sent out Changing;Whether increase and judge in group when quantification is not reduced, then through the quantity of the user equipment in detecting group Whether the state of user equipment changes;Finally when quantification does not also increase, pass through the user equipment in detecting group The state for identifying whether to change to judge the user equipment in group whether change.It so can guarantee and work as original use Family equipment exit group cause user equipment in group quantity reduce when, can first time discovery group in user equipment shape State is changed, and timely carries out group key agreement and initialization, it is ensured that the user equipment for exiting group will not be by group cipher It leaks out.Secondly, carrying out group cipher when there is new user equipment that the quantity increase for causing user equipment in group is added in group Negotiate and initialize, it is ensured that the user equipment being newly added can not know original group cipher, guarantee original user equipment in group Communication safety.Finally to there is new user equipment to be added in group, while original user equipment exits group and causes in group Number of user equipment is constant but group in the mark of user equipment when changing, carry out group key agreement and initialization group cipher. In addition, quantity changes more can intuitively react the state of the user equipment in group and changed than identifying to change, Thus, whether the preferential quantity for detecting user equipment changes, then detects user equipment and identify whether to change, and saves detecting Time, reduce calculation amount.
Further, the group cipher security control apparatus 30 can also include the first update module 306, for when detecting The state that module 303 detects user equipment changes when reducing to detect the quantity of user equipment, in group User equipment identity information list carries out first and updates, and second initialization module 304 is also used to updated according to first User equipment identity information list carries out group key agreement and initialization.
For example, working as user equipment uiWhen exiting group, according to user equipment uiNode location redistribute the user in group and set Standby identity information list U={ u1, u2..., un-1, according to the U={ u redistributed1, u2..., un-1According to step 12)- 15) group key agreement and initialization are carried out.
Further, the group cipher security control apparatus 30 can also include the second update module 307, for when detecting The state that module 303 detects user equipment changes when increasing to detect the quantity of user equipment, in group The nodal information of user equipment carries out second and updates, and second initialization module 304 is also used to according to the second updated section Point information carries out group key agreement and initialization.
For example, working as user equipment uiWhen being added in group, according to user equipment uiNode location redistribute the user in group Equipment identity information list U={ u1, u2..., un, un+1};According to the U={ u redistributed1, u2..., un, un+1According to step Rapid 12) -15) group key agreement and initialization are carried out.
Further, the group cipher security control apparatus 30 can also include third update module 308, for when detecting The state that module 303 detects user equipment change for detect the quantity of user equipment there is no variation but user set When standby mark changes, third update, second initialization module are carried out to the nodal information of the user equipment in group 304 are also used to carry out group key agreement and initialization according to the updated nodal information of third.
For example, working as user equipment uiExit group, and user equipment ujWhen being added in group, according to user equipment uiAnd ujSection Redistribute the user equipment identity information list U={ u in group in point position1, u2..., un};According to the U={ u redistributed1, u2..., unAccording to step 12) -15) carry out group key agreement and initialization.
Preferably, the detecting module 303 can be also used for judging whether the group cipher has successfully been distributed in group All user equipmenies, determine send failure when, re-start group key agreement and initialization or retransmission.
Group cipher security control apparatus described in the embodiment of the present invention, in group user equipment carry out group key agreement and Initialization;All user equipmenies group cipher after initialization being distributed in group;When the shape for detecting the user equipment in group When state changes, group key agreement and initialization are carried out again, and the group cipher after initializing again is distributed in group All user equipmenies.The present invention, which solves, is carrying out asking for safely and effectively group communication between user equipment under environment of internet of things Topic enables to initialize group cipher, when there is user equipment to be added or leave by the group cipher weight after initialization The user equipment being newly distributed in group, avoids group cipher from being leaked, and drops while improving the safety of user equipment communication in group Low pass interrogates calculation amount.And due to the high efficiency of its communication, it can guarantee adaptability better for environment of internet of things, realize The maximization of resource and safety.
Embodiment three
Fig. 4 is the schematic diagram for the electronic equipment 4 that the embodiment of the present invention three provides.The electronic equipment 4 include memory 20, Processor 30, the computer program 40 and at least one that is stored in the memory 20 and can be run on the processor 30 Communication bus 60.The processor 30 realizes above-mentioned group cipher method for managing security when executing the computer program 40.Alternatively, The processor 30 realizes the function of each module/unit in above-mentioned apparatus embodiment when executing the computer program 40.
Illustratively, the computer program 40 can be divided into one or more module/units, it is one or Multiple module/units are stored in the memory 20, and are executed by the processor 30.One or more of modules/ Unit can be the series of computation machine program instruction section that can complete specific function, and the instruction segment is for describing the computer Implementation procedure of the program 40 in the electronic equipment 4.
The electronic equipment 4 can be the calculating such as desktop PC, notebook, palm PC and cloud server and set It is standby.It will be understood by those skilled in the art that the schematic diagram 4 is only the example of electronic equipment 4, do not constitute to electronic equipment 4 restriction may include perhaps combining certain components or different components, such as institute than illustrating more or fewer components Stating electronic equipment 4 can also include input-output equipment, network access equipment, bus etc..
Alleged processor 30 can be central processing unit, can also be other general processors, digital signal processor, Specific integrated circuit, ready-made programmable gate array or other programmable logic device, discrete gate or transistor logic, Discrete hardware components etc..General processor can be microprocessor or the processor 30 is also possible to any conventional processor Deng the processor 30 is the control centre of the electronic equipment 4, utilizes various interfaces and the entire electronic equipment 4 of connection Various pieces.
The memory 20 can be used for storing the computer program 40 and/or module/unit, and the processor 30 passes through Operation executes the computer program and/or module/unit being stored in the memory 20, and calls and be stored in memory Data in 20 realize the various functions of the electronic equipment 4.The memory 20 can mainly include storing program area and storage Data field, wherein storing program area can application program needed for storage program area, at least one function (for example sound plays Function, image player function etc.) etc.;Storage data area, which can be stored, uses created data (such as sound according to electronic equipment 4 Frequency evidence, phone directory etc.) etc..In addition, memory 20 may include high-speed random access memory, it can also include non-volatile Memory, such as hard disk, memory, plug-in type hard disk, intelligent memory card, safe digital card, flash card, at least one disk storage Device, flush memory device or other volatile solid-state parts.
If the integrated module/unit of the electronic equipment 4 is realized in the form of SFU software functional unit and as independent Product when selling or using, can store in a computer readable storage medium.Based on this understanding, the present invention is real All or part of the process in existing above-described embodiment method, can also instruct relevant hardware come complete by computer program At the computer program can be stored in a computer readable storage medium, which is being executed by processor When, it can be achieved that the step of above-mentioned each embodiment of the method.Wherein, the computer program includes computer program code, described Computer program code can be source code form, object identification code form, executable file or certain intermediate forms etc..The meter Calculation machine readable medium may include: can carry the computer program code any entity or device, recording medium, USB flash disk, Mobile hard disk, magnetic disk, CD, computer storage, read-only memory, random access memory, electric carrier signal, telecommunication signal And software distribution medium etc..It should be noted that the content that the computer-readable medium includes can be according to the jurisdiction of courts Legislation and the requirement of patent practice carry out increase and decrease appropriate in area, such as in certain jurisdictions, according to legislation and patent reality It tramples, computer-readable medium does not include electric carrier signal and telecommunication signal.
In several embodiments provided by the present invention, it should be understood that disclosed electronic equipment and method, Ke Yitong Other modes are crossed to realize.For example, electronic equipment embodiment described above is only schematical, for example, the unit Division, only a kind of logical function partition, there may be another division manner in actual implementation.
It, can also be in addition, each functional unit in each embodiment of the present invention can integrate in same treatment unit It is that each unit physically exists alone, can also be integrated in same unit with two or more units.Above-mentioned integrated list Member both can take the form of hardware realization, can also realize in the form of hardware adds software function module.
Finally it should be noted that the above examples are only used to illustrate the technical scheme of the present invention and are not limiting, although reference Preferred embodiment describes the invention in detail, those skilled in the art should understand that, it can be to of the invention Technical solution is modified or equivalent replacement, without departing from the spirit and scope of the technical solution of the present invention.

Claims (10)

1. a kind of group cipher method for managing security is applied in electronic equipment, which is characterized in that the described method includes:
Group key agreement and initialization are carried out to the user equipment in group;
All user equipmenies group cipher after initialization being distributed in group;
When the state for detecting the user equipment in group changes, group key agreement and initialization are carried out again, and will again Group cipher after secondary initialization is distributed to all user equipmenies in group.
2. the method as described in claim 1, which is characterized in that the user equipment in group carries out group key agreement and just Beginningization includes:
11) according to the node u of user equipment N11, k1,2=s1P2Elliptic curve point k1,2=(x1,2, y1,2), successively calculateB1=h (u1||u2||t1,2)、NK1=B1And information m1={ NK1, node u1Send information m1To next A node u2
12) node ui(i ∈ { 2,3..., n-1 }) receives the information m that previous node is senti-1After parse information therein NKi-1, successively calculated according to step 11)And information mi={ NKi, node uiSend miTo next A node ui+1
13) node unReceive information mn-1After parse information NK thereinn-1, successively calculate And information mn={ MKn, node unSend information mnTo node un-1
14) node ui(i ∈ { 2,3..., n-1 }) receives information mi+1After parse information MK thereini+1, successively calculateAnd information mi={ MKi, node uiSend information mi={ MKiGive node ui-1;And
15) node u1Receive information m2Later, information MK is parsed2, and calculate
In above-mentioned steps 11) -15) in, n is the quantity of user equipment in network;S is Key Distribution Center;NiFor the section in network Point;siFor user equipment NiPrivate key;piFor user equipment NiPublic key;uiFor user equipment NiIdentity information;U is in group User equipment identity information list;Q is big prime number;P is the rank of elliptic curve;G is the basic point of elliptic curve;| | attended operation;For xor operation.
3. method according to claim 2, which is characterized in that the state for detecting the user equipment in group changes Include:
Whether the quantity of the user equipment in detecting group is reduced;
When the quantity for detecting the user equipment in group is reduced, determine that the state for detecting the user equipment in group becomes Change;Or
When the quantity for detecting the user equipment in group is not reduced, whether the quantity for detecting the user equipment in group increases;
When detecting the quantity increase of the user equipment in group, determine that the state for detecting the user equipment in group becomes Change;Or
When the quantity for detecting the user equipment in group does not increase, the user equipment detected in group identifies whether to become Change;
When the mark for detecting the user equipment in group changes, determines and detect the state hair of the user equipment in group Changing.
4. method as claimed in claim 3, which is characterized in that when the state for detecting user equipment changes to detect It is described to carry out group key agreement again and initialization includes: when measuring the quantity of user equipment and reducing
It carries out first to the user equipment identity information list in group to update, according to the first updated user equipment identity information List carries out group key agreement and initialization.
5. method as claimed in claim 3, which is characterized in that when the state for detecting user equipment changes to detect It is described to carry out group key agreement again and initialization includes: when measuring the quantity of user equipment and increasing
Second is carried out to the nodal information of the user equipment in group to update, and group cipher is carried out according to the second updated nodal information Negotiate and initializes.
6. method as claimed in claim 3, which is characterized in that when the state for detecting user equipment changes to detect It is described to carry out group cipher association again when measuring the quantity of user equipment and changing there is no the mark of variation but user equipment Quotient and initialization include:
Third update is carried out to the nodal information of the user equipment in group, group cipher is carried out according to the updated nodal information of third Negotiate and initializes.
7. the method as described in any one of claim 1 to 6, which is characterized in that as the group by after initialization again Key is distributed to after all user equipmenies in group, shown method further include:
Judge all the user equipmenies whether group cipher has successfully been distributed in group;
When determining transmission failure, group key agreement and initialization or retransmission are re-started.
8. a kind of group cipher security control apparatus, runs in electronic equipment, which is characterized in that described device includes:
First initialization module, for carry out group key agreement and initialization in group user equipment carry out group key agreement and Initialization;
First sending module, for the group cipher after initialization to be distributed to all user equipmenies in group;
Whether detecting module, the state for detecting the user equipment in group change;
Second initialization module, when the state for detecting the user equipment in group when the detecting module changes, then Secondary progress group key agreement and initialization;
Second sending module, for the group cipher after initializing again to be distributed to all user equipmenies in group.
9. a kind of electronic equipment, it is characterised in that: the electronic equipment includes processor, and the processor is for executing memory The group cipher method for managing security as described in any one of claims 1 to 7 is realized when the computer program of middle storage.
10. a kind of computer readable storage medium, is stored thereon with computer program, it is characterised in that: the computer program The group cipher method for managing security as described in any one of claims 1 to 7 is realized when being executed by processor.
CN201810780127.8A 2018-07-16 2018-07-16 Group key security management method and device, electronic equipment and storage medium Expired - Fee Related CN108964904B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810780127.8A CN108964904B (en) 2018-07-16 2018-07-16 Group key security management method and device, electronic equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810780127.8A CN108964904B (en) 2018-07-16 2018-07-16 Group key security management method and device, electronic equipment and storage medium

Publications (2)

Publication Number Publication Date
CN108964904A true CN108964904A (en) 2018-12-07
CN108964904B CN108964904B (en) 2020-12-22

Family

ID=64496040

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810780127.8A Expired - Fee Related CN108964904B (en) 2018-07-16 2018-07-16 Group key security management method and device, electronic equipment and storage medium

Country Status (1)

Country Link
CN (1) CN108964904B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110784318A (en) * 2019-10-31 2020-02-11 广州华多网络科技有限公司 Group key updating method, device, electronic equipment, storage medium and communication system
CN111756524A (en) * 2019-03-26 2020-10-09 深圳市网安计算机安全检测技术有限公司 Dynamic group key generation method and device, computer equipment and storage medium

Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050086470A1 (en) * 2003-10-15 2005-04-21 International Business Machines Corporation Group key exchanges with failures
CN101119364A (en) * 2007-09-13 2008-02-06 上海大学 Authenticating Ad Hoc group cipher key negotiation protocol
US20080175387A1 (en) * 2007-01-18 2008-07-24 Matsushita Electric Works, Ltd. Systems and methods for rejoining a second group of nodes with a first group of nodes using a shared group key
CN101399660A (en) * 2007-09-28 2009-04-01 华为技术有限公司 Method and device for negotiating group cipher
US20110213977A1 (en) * 2010-02-26 2011-09-01 Research In Motion Limited Methods and devices for computing a shared encryption key
CN103023653A (en) * 2012-12-07 2013-04-03 哈尔滨工业大学深圳研究生院 Low-power-consumption communication method and device for safety group of internet of things
CN103731825A (en) * 2013-12-20 2014-04-16 北京理工大学 Bridge-type-based wireless sensing network key management scheme
CN104868963A (en) * 2015-05-11 2015-08-26 电子科技大学 Broadcast encryption scheme based on multi-linear mapping
CN105812349A (en) * 2016-01-20 2016-07-27 杭州安恒信息技术有限公司 Asymmetric secret key distribution and message encryption method based on identity information
CN107360571A (en) * 2017-09-08 2017-11-17 哈尔滨工业大学深圳研究生院 Anonymity in a mobile network is mutually authenticated and key agreement protocol

Patent Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050086470A1 (en) * 2003-10-15 2005-04-21 International Business Machines Corporation Group key exchanges with failures
US20080175387A1 (en) * 2007-01-18 2008-07-24 Matsushita Electric Works, Ltd. Systems and methods for rejoining a second group of nodes with a first group of nodes using a shared group key
CN101119364A (en) * 2007-09-13 2008-02-06 上海大学 Authenticating Ad Hoc group cipher key negotiation protocol
CN101399660A (en) * 2007-09-28 2009-04-01 华为技术有限公司 Method and device for negotiating group cipher
US20110213977A1 (en) * 2010-02-26 2011-09-01 Research In Motion Limited Methods and devices for computing a shared encryption key
CN103023653A (en) * 2012-12-07 2013-04-03 哈尔滨工业大学深圳研究生院 Low-power-consumption communication method and device for safety group of internet of things
CN103731825A (en) * 2013-12-20 2014-04-16 北京理工大学 Bridge-type-based wireless sensing network key management scheme
CN104868963A (en) * 2015-05-11 2015-08-26 电子科技大学 Broadcast encryption scheme based on multi-linear mapping
CN105812349A (en) * 2016-01-20 2016-07-27 杭州安恒信息技术有限公司 Asymmetric secret key distribution and message encryption method based on identity information
CN107360571A (en) * 2017-09-08 2017-11-17 哈尔滨工业大学深圳研究生院 Anonymity in a mobile network is mutually authenticated and key agreement protocol

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
YANG XIAO: ""A survey of key management schemes in wireless sensor networks"", 《COMPUTER COMMUNICATIONS》 *
张晓洁: ""非集中式社交网络隐私保护的研究"", 《中国优秀硕士学位论文全文数据库》 *
林巧民: ""物联网安全及隐私保护中若干关键技术研究"", 《中国博士学位论文全文数据库》 *

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111756524A (en) * 2019-03-26 2020-10-09 深圳市网安计算机安全检测技术有限公司 Dynamic group key generation method and device, computer equipment and storage medium
CN110784318A (en) * 2019-10-31 2020-02-11 广州华多网络科技有限公司 Group key updating method, device, electronic equipment, storage medium and communication system

Also Published As

Publication number Publication date
CN108964904B (en) 2020-12-22

Similar Documents

Publication Publication Date Title
CN101657804B (en) Extensible and programmable multi-tenant service architecture
US9418146B2 (en) Optimizing a clustered virtual computing environment
US9465641B2 (en) Selecting cloud computing resource based on fault tolerance and network efficiency
CN104395889A (en) Application enhancement using edge data center
US11017387B2 (en) Cryptographically assured zero-knowledge cloud services for elemental transactions
CN112396521B (en) Method and system for reducing risk of intelligent contracts in blockchain
US11005718B2 (en) Determining capabilities of cognitive entities in a distributed network based on application of cognitive protocols
CN106170763A (en) A kind of software check method and apparatus
CN103927216A (en) Method And System For Managing Virtual Devices
CN114124968B (en) Load balancing method, device, equipment and medium based on market data
CN113890712A (en) Data transmission method and device, electronic equipment and readable storage medium
CN108964904A (en) Group cipher method for managing security, device, electronic equipment and storage medium
CN115118784A (en) Computing resource scheduling method, device and system
CN114070847B (en) Method, device, equipment and storage medium for limiting current of server
US10430488B2 (en) Managing systems hosted at data centers
CN115495256A (en) Service calling method and device, electronic equipment and storage medium
CN115695210A (en) Cloud server deployment method and device, electronic equipment and storage medium
CN113986995A (en) Request distribution method and device, storage medium and electronic equipment
CN107707383B (en) Put-through processing method and device, first network element and second network element
KR20210027011A (en) Peer node, method for processing information executed on peer node and blockchain platform system
CN111125187A (en) Data management method and device based on block chain
CN114860390B (en) Container data management method, device, program product, medium and electronic equipment
CN118132010B (en) Data storage method and device
CN108989028A (en) Group cipher distribution management method, apparatus, electronic equipment and storage medium
CN116455756B (en) Bandwidth equalization method, device and medium based on market push and inquiry

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20201222

Termination date: 20210716