CN109088810A - Communication means, device, relevant device, system and the storage medium of group message - Google Patents

Abstract

The invention discloses the communication means of group message, device, relevant device, system and storage medium, which includes: at least two user terminals, key server and instant communication server；Wherein, the method that key server executes includes: the session encryption request sent according to message sending end in group, carries out authentication to message sending end；If message sending end generates the message key corresponding to message to be encrypted in message sending end by authentication, and sends message key to message sending end, so that message sending end generates the encryption message of message to be encrypted；Receive that instant communication server sends with the associated message identifier of the message key, and be stored in message identifier and message key are corresponding in setting database.Above-mentioned technical proposal solves the problems, such as that the encryption of Multiuser group information, decryption safety are low, improves the anti-attack ability of group message encryption, ensure that the confidentiality of group message content.

Description

Communication means, device, relevant device, system and the storage medium of group message

Technical field

The present embodiments relate to the communication means of field of communication technology more particularly to group message, device, accordingly set Standby, system and storage medium.

Background technique

The high speed development of mobile Internet and the quick of intelligent mobile terminal are popularized, and government, enterprises and institutions is allowed to realize Real mobile can realize the instant messaging of multi-user group by mobile terminal.But because of mobile terminal and use environment Particularity, traditional safe practice can not solve the safety problem of reality, and mobile application need to face identity security, terminal A series of safety problems such as safety, communication security, data safety, mobile security problem have hindered the development of mobile application to walk It cuts down.

Although the ISP and developer of instant messaging have also issued some safe instantaneous communication systems, these Product master is to solve point-to-point cryptography issue, currently, the Instant Messenger encrypted specifically for multi-user's group message Believe that product is less, and the cryptographic security of these instant messaging products is often weaker, communication information is easy to be stolen by third party It takes.

Summary of the invention

The embodiment of the invention provides the communication means of group message, device, relevant device, system and storage mediums, real The coded communication for having showed group message improves the safety of group message coded communication.

In a first aspect, this method is applied in group the embodiment of the invention provides a kind of communication means of group message Message sending end, comprising:

Session encryption request is sent to key server；

Receive the message key corresponding to message to be encrypted that the key server is sent；

Encryption Algorithm based on the message key and setting is to the message encryption to be encrypted, and by encrypted encryption Message is sent to message sink end in group by instant communication server.

Second aspect, the embodiment of the invention provides a kind of communication means of group message, this method takes applied to key Business device, comprising:

The session encryption request sent according to message sending end in group, carries out authentication to the message sending end；

If the message sending end generates by authentication and corresponds to message to be encrypted in the message sending end Message key, and send the message key to the message sending end so that the message sending end generate it is described to be added The encryption message of close message；

Receive that instant communication server sends with the associated message identifier of the message key, and by the message identifier And corresponding be stored in of the message key sets in database.

The third aspect, the embodiment of the invention also provides a kind of communication means of group message, which is applied to Instant communication server, comprising:

The markup declaration message, message authentication code and encryption message that message sending end is sent in group are received respectively, it is described Mark of the markup declaration message comprising message to be encrypted corresponding to group number belonging to the encryption message and the encryption message Note value；

Timestamp field when receiving the encryption message is obtained, the timestamp field and the group number is true It is set to the message identifier of the encryption message；

It forms the mark comprising the mark value and the message identifier and determines information, and be sent to key server, with Message key associated with the message identifier is stored for the key server.

Into group, message sink end sends message identifier, message authentication code and the encryption of the encryption message respectively Message, so that message sink end group message key needed for the message identifier obtains decryption.

Fourth aspect, the embodiment of the present invention provide a kind of communication means of group message again, and the method is applied to group Message sink end in group, comprising:

Receive the message identifier of encryption message and the encryption message that instant communication server is sent；

It is included in the message identifier as encryption message identifier in session decoding request, and is sent to key server The session decoding request；

The message key for corresponding to the encryption message that the key server is sent is received, and close based on the message The encryption message is decrypted in key.

5th aspect, the embodiment of the invention provides a kind of communication device of group message, which is configured in group Message sending end, comprising:

CIPHERING REQUEST sending module, for sending session encryption request to key server；

Message key receiving module, it is close for receiving the message corresponding to message to be encrypted that the key server is sent Key；

Message encryption module adds the message to be encrypted for the Encryption Algorithm based on the message key and setting It is close, and encrypted encryption message is sent to message sink end in group by instant communication server.

6th aspect, the embodiment of the invention provides a kind of communication device of group message, which is configured at key clothes Business device, comprising:

Authentication module, the session encryption for being sent according to message sending end in group are requested, are sent out the message Sending end carries out authentication；

Key production module corresponds to message hair for generating when the message sending end passes through authentication The message key of message to be encrypted in sending end, and the message key is sent to the message sending end, so that the message is sent out Sending end generates the encryption message of the message to be encrypted.

Cipher key storage block, for receive instant communication server transmission with the associated message mark of the message key Know, and corresponding be stored in of the message identifier and the message key is set in database.

7th aspect, the embodiment of the invention also provides a kind of communication device of group message, which is configured at immediately Communication server, comprising:

Information receiving module, for receiving the markup declaration message, message authentication that message sending end is sent in group respectively Code and encryption message, the markup declaration message include that group number belonging to the encryption message and encryption message institute are right Answer the mark value of message to be encrypted；

Determining module is identified, the timestamp field when encryption message is received for obtaining, by the timestamp word Section and the group number are determined as the message identifier of the encryption message；

First sending module is used to form the mark comprising the mark value and the message identifier and determines information, concurrently It send to key server, to store message key associated with the message identifier for the key server；

Second sending module, for into group message sink end send respectively it is described encryption message message identifier, disappear Authentication code and the encryption message are ceased, so that message sink end group message needed for the message identifier obtains decryption is close Key.

Eighth aspect, the embodiment of the present invention provide a kind of communication device of group message again, which is configured at group In message sink end, comprising:

Information receiving module, for receiving the encryption message of instant communication server transmission and the message of the encryption message Mark；

Decoding request sending module, for being included in session decoding request for the message identifier as encryption message identifier In, and the session decoding request is sent to key server；

Message deciphering module, it is close for receiving the message for corresponding to the encryption message that the key server is sent Key, and the encryption message is decrypted based on the message key.

9th aspect, the embodiment of the invention provides a kind of user terminals, comprising:

One or more processors；

Storage device, for storing one or more programs,

When one or more of programs are executed by one or more of processors, so that one or more of processing Device realizes the communication means for the group message that first aspect of the embodiment of the present invention provides, and/or, realize the embodiment of the present invention the 4th The communication means for the group message that aspect provides.

Tenth aspect, the embodiment of the invention provides a kind of key servers, comprising:

One or more processors；

Storage device, for storing one or more programs,

When one or more of programs are executed by one or more of processors, so that one or more of processing Device realizes the communication means for the group message that second aspect of the embodiment of the present invention provides.

Tenth on the one hand, and the embodiment of the invention provides a kind of instant communication servers, comprising:

One or more processors；

Storage device, for storing one or more programs,

When one or more of programs are executed by one or more of processors, so that one or more of processing Device realizes the communication means for the group message that the third aspect of the embodiment of the present invention provides.

12nd aspect, the embodiment of the invention provides a kind of group message communication systems, comprising:

The user terminal of the 9th aspect offer of at least two embodiment of the present invention, the tenth aspect of the embodiment of the present invention provide On the one hand instant communication server that key server and the embodiment of the present invention the tenth provide, wherein the user is whole Hold as in group message sending end and/or message sink end.

13rd aspect, the embodiment of the invention provides a kind of computer readable storage mediums, are stored thereon with computer Program, the communication means for the group message that realization first aspect of the embodiment of the present invention provides when which is executed by processor, and/ Or, realizing the communication means for the group message that fourth aspect of the embodiment of the present invention provides.

Fourteenth aspect, the embodiment of the invention provides a kind of computer readable storage mediums, are stored thereon with computer Program realizes the communication means for the group message that second aspect of the embodiment of the present invention provides when the program is executed by processor.

15th aspect, the embodiment of the invention provides a kind of computer readable storage mediums, are stored thereon with computer Program realizes the communication means for the group message that the third aspect of the embodiment of the present invention provides when the program is executed by processor.

Communication means, device, relevant device, system and the storage medium of group message are provided in the embodiment of the present invention, Based on the group message communication system carry out group message communication when, include message sending end first with the letter of key server Breath interaction, information exchange, instant communication server and the key server and message of message sending end and instant communication server Multiple information interactive process such as the information exchange of the information exchange of receiving end and message sink end and key server, finally Realize the coded communication to every group message in group.Above-mentioned technical proposal solves the encryption of Multiuser group information, solution The low problem of close safety, meanwhile, by the deployment that separates of group message and message key management, not only substantially increase message The safety of key, it is thus also avoided that group user updates the interference to coded communication, which thereby enhances anti-the attacking of group message encryption Ability is hit, ensure that the confidentiality of group message content.

Detailed description of the invention

Fig. 1 is a kind of architecture diagram for group message communication system that the embodiment of the present invention one provides；

Fig. 2 is a kind of flow diagram of the communication means for group message that the embodiment of the present invention one provides；

Fig. 3 is a kind of flow diagram of the communication means for group message that the embodiment of the present invention one provides；

Fig. 4 is a kind of flow diagram of the communication means for group message that the embodiment of the present invention one provides；

Fig. 5 is a kind of flow diagram of the communication means for group message that the embodiment of the present invention one provides；

Fig. 6 is that the interaction for carrying out group message communication based on group message communication system provided by Embodiment 2 of the present invention is shown Example diagram；

Fig. 7 a is a kind of structural block diagram of the communication device for group message that the embodiment of the present invention three provides；

Fig. 7 b gives a kind of structural block diagram of the communication device of group message of the offer of the embodiment of the present invention three；

Fig. 7 c gives a kind of hardware structural diagram of user terminal of the offer of the embodiment of the present invention three again；

Fig. 8 is a kind of structural block diagram of the communication device for group message that the embodiment of the present invention four provides；

Fig. 9 is a kind of structural block diagram of the communication device for group message that the embodiment of the present invention five provides.

Specific embodiment

The present invention is described in further detail with reference to the accompanying drawings and examples.It is understood that this place is retouched The specific embodiment stated is used only for explaining the present invention rather than limiting the invention.It also should be noted that in order to just Only the parts related to the present invention are shown in description, attached drawing rather than entire infrastructure.

Embodiment one

Fig. 1 is a kind of architecture diagram for group message communication system that the embodiment of the present invention one provides, as shown in Figure 1, the group Group message communication system includes: at least two user terminals 11, key server 12 and instant communication server 13.

It should be noted that multiple groups can be constructed by user terminal 11 in the group message communication system, respectively Group can independently realize the encryption and decryption communication of each group message in group, and each group based on the group message communication system Group message communicating is independent of each other, and generally, group message communication system can be distinguished group in each group by group number and be used The message that family (user terminal) is sent.

In the present embodiment, when carrying out group message communication, same user terminal 11 can exist simultaneously logical in group message In any group of letter system, and user terminal 11 both can be used as the message sending end in group, can also be used as in group Message sink end, message sending end corresponding operating procedure can be executed when as message sending end, as message sink end When can execute the corresponding operating procedure in message sink end.In addition, the quantity of user terminal 11 present in each group may be identical, It may also be different.

Generally speaking, the process that the group message communication system based on the present embodiment carries out group message communication can specifically be seen Make the process that user terminal 11 and key server 12 and instant communication server 13 carry out mutually information exchange, wherein extremely Few two user terminals 11 and key server 12 carry out information exchange, are encrypted or decrypted required message key；At least Two user terminals 11 and instant communication server 13 carry out information exchange, realize the instant messaging of group message；Cipher key service Device 12 and instant communication server 13 carry out information exchange, the separate storage of message key produced by realizing.

Group message communication system provided in this embodiment, realize each group message in group individually encrypt with And a message key is generated for every group message is corresponding, so that group chatting information can not be decoded integrally, in turn It ensure that the overall security of group message communication system.

Specifically, Fig. 2 is a kind of flow diagram of the communication means for group message that the embodiment of the present invention one provides, should Method is suitable for the case where message communicating is carried out between group user, and this method can be executed by the communication device of group message, Wherein the device can be by software and or hardware realization, and is typically integrated in the user terminal of group message communication system.

It is understood that the user terminal in group message communication system executes this as message sending end in group and leads to Letter method, as shown in Fig. 2, a kind of communication means for group message that the embodiment of the present invention one provides, specifically includes following operation:

S201, session encryption request is sent to key server.

It in the present embodiment, is the coded communication for guaranteeing group message, user terminal is first in group message communication system Information exchange, and the safety to guarantee user terminal and key server information exchange, this implementation are carried out with key server Example preferably carries out protocol initializing operation to the two, so as to be based on not staying record message association between user terminal and key server Discuss the transmission that (Off-the-Record Messaging protocol, OTR) carries out message.

Specifically, when user terminal is as message sending end, after carrying out protocol initializing with the key server, first Session encryption request is sent to key server based on OTR agreement, the session encryption request is particularly used in triggering key clothes Business device carries out authentication user terminal and generates message key described in user terminal progress message encryption.

S202, the message key corresponding to message to be encrypted that the key server is sent is received.

It is understood that key server can according to user terminal send session encryption request to user terminal into Message key is generated after row authentication and is sent to user terminal, and thus this step can receive disappearing for corresponding message to be encrypted Key is ceased, the message to be encrypted specifically can be regarded as the original that user terminal will be sent to other users terminal in group Beginning message, the present embodiment is to guarantee that every message all has confidentiality in group, then to each origination message to be sent It is encrypted.

S203, the Encryption Algorithm based on the message key and setting to the message encryption to be encrypted, and will encryption after Encryption message message sink end in group is sent to by instant communication server.

Wherein it is possible to realize the encryption of message to be encrypted using the operation of this step, specifically, the present embodiment is based on message Key and its selected Encryption Algorithm realize the encryption of message to be encrypted, it is preferable that the present embodiment is using most advanced at present 256 Advanced Encryption Standards (Advanced Encryption Standard, AES) algorithm realize the encryption of message to be encrypted Processing.In addition, encrypted encryption message is also sent to instant communication server by this step, to pass through instant communication server The encryption message is sent to the user terminal as message sink end.

In the communication means that the above-mentioned Fig. 2 of the present embodiment is provided, user terminal in group message communication system has been described in detail The concrete operations that message encryption is carried out as message sending end are obtained by the information exchange of message sending end and key server Message key needed for message to be encrypted, and encryption message has been determined based on message key, thereby ensure that group message adds The safety of close communication.

Further, on the basis of the method that the above-mentioned Fig. 2 of the present embodiment is provided, also optimization is increased: being disappeared based on described Key is ceased, generates the message authentication code for verifying the cryptographic message integrity, and by the message authentication code described in Instant communication server is sent to the message sink end.

Wherein, which executes before specifically can sending instant communication server after generating encryption message, for generating Verify the message authentication code of cryptographic message integrity.The generation of message authentication code can be real based on the relevant Hash operation strategy of key It is existing, it specifically, can be using the message key of acquisition and encrypted encryption message as the input of above-mentioned Hash operation strategy Parameter ultimately generates the message authentication code for corresponding to encryption message, it is to be understood that the message authentication code is equally sent to i.e. When communication server, and the user terminal as message sink end is transmitted to by instant communication server, so that message sink End group determines the integrality for receiving encryption message in message authentication code.

In addition, the above method provided in this embodiment, also optimization increase: sending and mark to the instant communication server Message is stated, to determine the message identifier of the encryption message for the instant communication server.

In the present embodiment, before message sending end sends encryption message to instant communication server, also taken to instant messaging Business device has sent a markup declaration message, and group belonging to encryption message is specifically contained in the markup declaration message and is compiled Number, while further comprising the mark value of message to be encrypted corresponding to the encryption message, the markup declaration message be particularly used in The identification information of the transmitted encryption message of instant communication server statement.

The communication means of group message provided in above-mentioned Fig. 2 is applied particularly to the use in group as message sending end In the terminal of family.Meanwhile Fig. 3 is a kind of flow diagram of the communication means for group message that the embodiment of the present invention one provides, In, the communication means that Fig. 3 is provided is equally applicable to the case where message communicating is carried out between group user, and this method can be by group The communication device of message executes, and wherein the device can be by software and or hardware realization, and is typically integrated in group message communication In the key server of system.

Specifically, as shown in figure 3, the communication means of the group message includes following operation:

S301, it is requested according to the session encryption that message sending end in group is sent, identity is carried out to the message sending end Certification.

This step, which can specifically be regarded as in group, carries out information friendship as the user terminal of message sending end and key server When mutual, wherein single stepping that key server is executed for information transmitted by message sending end.Specifically, this step is close Key server is requested according to the session encryption that message sending end is sent first, authentication is carried out to message sending end, with determination Whether message sending end is used to access the access authority of key server, thereby guarantees that user terminal in group message communication system Safety.Illustratively, Sigma's agreement (SIGMA protocol) can be used in this step and message sending end carries out identity Certification.

If S302, the message sending end by authentication, are generated corresponding to be added in the message sending end The message key of close message, and the message key is sent to the message sending end, so that the message sending end generates institute State the encryption message of message to be encrypted.

This step can specifically regard the operation that key server is carried out based on the implementing result of S301 as, it is to be understood that When message sending end is not over authentication, key server can terminate the information exchange with message sending end, quite In terminating message communicating of the message sending end in group；When message sending end passes through authentication, description messages are sent End has the access authority of access key server, and key server can generate in session encryption request triggering based on the received at this time Message key.Operation based on this step can be effectively prevented bad attacker and palm off the feelings that legitimate user steals group message Condition.

Specifically, message key generated in the present embodiment corresponds to a message to be encrypted of message sending end, In, the corresponding relationship of message key and message to be encrypted can specifically be requested by session encryption in carry for mark it is to be encrypted The mark value of message is established, that is, message to be encrypted corresponding to message key can be determined by acquired mark value.It is exemplary Ground, the present embodiment preferably use Key Exchange Protocol/algorithm (Diffie-Hellman, DH) to carry out message key generation.

After generating the corresponding message key of message to be encrypted in this step, which is sent to message sending end, So that message sending end is able to carry out above-mentioned S202 and its operation later, from there through the user as message sending end The information exchange of terminal and key server completes the encryption of message to be encrypted.

S303, receive that instant communication server sends with the associated message identifier of the message key, and disappear described Breath mark and corresponding be stored in of the message key set in database.

Key server has been described in detail to the storage management of generated message key, the above-mentioned S302 of the present embodiment in this step When generating the message key for corresponding to message to be encrypted, and it is not directly dependent on the mark value for marking message to be encrypted, but It, finally will message identifier associated with message key and message key pair according to the message identifier that instant communication server is sent It should be stored in setting database.

The operation of this step embodies the information exchange of key server and instant communication server, further, this reality Apply that example sends the reception instant communication server with the associated message identifier of the message key, and by the message mark Know and corresponding be stored in setting database of the message key specifically optimizes are as follows: receives what the instant communication server was sent It identifies and determines information, it is described to identify the mark value and predetermined message determined include in information for marking message to be encrypted Mark；If corresponding to the mark value and the mark value phase for identifying and determining in information of the message to be encrypted of the message key Together, it is determined that the message identifier is associated with the message key, and by the message identifier and the message key with key Value is stored in the setting database to form.

In the present embodiment, key server is by realizing depositing for message key with the information exchange of instant communication server Storage, specifically, the mark that key server receives instant communication server transmission first determine information, which determines in information The mark value for marking message to be encrypted is contained, while generating the message mark that encryption message has after containing encryption Know；Later, key server will receive identify determine information in mark value with it is to be added corresponding to message key to be stored When the mark value of close message is identical, determine that the message identifier identified in determining information is associated with message key；Finally, by phase Associated message identifier and message key are stored in the form of key-value pair.

It should be noted that the mark that instant communication server is sent to key server in the present embodiment determines information, The markup declaration message for being sent to instant communication server with specific reference to message sending end in above-mentioned Fig. 2 determines.In addition, this implementation When example key server stores message identifier and message key, the setting database stored is preferably in Redis Deposit data library, simultaneously as every group message has corresponding message key in the group message communication system, so needing Distribute storage of the sufficiently large memory space for message key.

However, being reached a certain level since the memory headroom of separate unit Redis memory database is limited in message key When, the storage performance of Redis memory database will sharply decline, and Redis memory database is likely occurred storage failure, will The acquisition of message key in group message communication is directly affected, in order to promote the storage performance and enhancing of Redis memory database Scalability, the present embodiment preferably by building Redis memory database cluster come meet demand, can improve entire group in this way and disappear The stability and scalability of message communication system.It should be noted that the Redis memory database cluster in the present embodiment is preferred The platform built belonging to key server on, be integrally formed with key server.

In addition, the present embodiment stores message key generated in the form of key-value pair (key-value), can will specifically connect The message identifier of receipts is determined as key, wherein group number and encryption belonging to encryption message are specifically contained in message identifier Message reaches timestamp field when instant communication server；The message key of generation can be determined as value later, finally It is stored in the Redis memory database node set.

It should be noted that each key-value pair information that Redis memory database is stored all has corresponding life cycle, Its life cycle is specifically based on historical experience value actual disposition before key-value pair information storage, if a key-value pair information exists Storage time in Redis memory database is more than configured life cycle, and the present embodiment is preferably to the key for being more than life cycle Value carries out delete operation to information, or directly updates new key-value pair information in the storage address, thereby ensures that setting The continuity in data-base content space uses.

The communication means of group message provided by the above-mentioned Fig. 3 of the present embodiment, is particularly applicable in group message communication system Key server on, the generation of message key needed for realizing group message coded communication, while realizing message key Separate storage, this mode for storing message key independently of setting database largely improve group message and lead to Safety when letter.

Further, the present embodiment is on the basis of the communication means of the provided group message of above-mentioned Fig. 3, for applying Communication means on key server, which also optimizes, includes: the session decoding request sent according to message sink end in group, right The message sink end carries out authentication；If the message sink end obtains the session decryption by authentication The encryption message identifier for including in request；The message to match with the encryption message identifier is searched in the setting database Mark, and the corresponding message key of the message identifier is sent to the message sink end, to be used for the message sink end The received encryption message of decryption institute.

In the present embodiment, the operating procedure of the increased communication means of above-mentioned optimization equally embodies group message communication system The information exchange of key server and user terminal in system, in the information exchange, the user terminal is specifically used as in group Message sink end, operating procedure specifically the user terminal as message sink end receive instant communication server send Encryption message after, to key server send session decoding request after triggering key key server execute.

Specifically, key server carries out body to message receiving end also according to the received session decoding request of institute, triggering Part verifying, to ensure that message sink end has the access authority of access key server；Determining that message sink end passes through identity After certification, the encryption message identifier for including in received session decoding request is just obtained, wherein the encryption message identifier is by i.e. When communication server be sent to message sink end, the encryption message identifier, which is specifically used for searching, receives that encrypt message corresponding Message key.

The communication means of the provided group message of above-mentioned Fig. 2 and Fig. 3, shows in particular the user as message sending end The operating process of terminal and key server when group message communicates.Equally, Fig. 4 is one that the embodiment of the present invention one provides The flow diagram of the communication means of kind group message, wherein the communication means that Fig. 4 is provided is equally applicable between group user Carry out message communicating the case where, this method can be executed by the communication device of group message, wherein the device can by software with/ Or hardware realization, and be typically integrated in the instant communication server of group message communication system.

Specifically, as shown in figure 4, the communication means of the group message includes following operation:

S401, message sending end is sent in group markup declaration message, message authentication code and encryption message are received respectively, The markup declaration message includes message to be encrypted corresponding to group number belonging to the encryption message and the encryption message Mark value.

This step, which can specifically be regarded as to execute in group as the user terminal of message sending end, to be completed to mention in the present embodiment Fig. 2 After the communication means of confession, when instant communication server and message sending end carry out information exchange, instant communication server to be held Capable wherein single stepping.Specifically, the label sound that this step primary recipient is sent as the user terminal of message sending end Bright message, message authentication code and encryption message.

S402, acquisition receive the timestamp field when encryption message, by the timestamp field and the group Number is determined as the message identifier of the encryption message.

This step can specifically regard the operation that instant communication server is carried out based on the received information content of S401, Ke Yili as Solution, when receiving encryption message based on S401, instant communication server will will record the time received when encrypting message Stab field, the present embodiment by the timestamp field recorded and institute received encryption message belonging to group number be determined as add The message identifier of close message, wherein the message identifier is specifically provided to the storage behaviour that key server carries out message key Make, determines associated message key for received encryption message as the user terminal at message sink end alternatively, being supplied to.

S403, formation determine information comprising the mark of the mark value and the message identifier, and are sent to cipher key service Device, to store message key associated with the message identifier for the key server.

The operating process that message identifier is sent to key server has been described in detail in this step, is equivalent to instant messaging clothes The information exchange of business device and key server.It is appreciated that identified message identifier is together with the received mark value one of institute Determine that information is sent to key server with constituting to identify.

S404, into group, message sink end sends message identifier, message authentication code and the institute of the encryption message respectively Encryption message is stated, so that message sink end group message key needed for the message identifier obtains decryption.

This step, which has been described in detail, gives determined message identifier, message authentication code and encryption messaging to message sink end Operating process, be equivalent to instant communication server with as message sink end user terminal information exchange.

In the communication means of the above-mentioned Fig. 4 of the present embodiment, instant messaging service in group message communication system has been described in detail Device is that message encryption and message decrypt and provides the concrete operations of useful information as group message communication terminal, not only message Transmitting terminal carries out group message transfer to message sink end, further defines message key and stores necessary message identifier and message Necessary message key is decrypted, plays decisive role in the coded communication of group message communication system.

The communication means of group message provided in above-mentioned Fig. 4 is applied particularly to the Instant Messenger of group message communication system On inquiry server.In addition, Fig. 5 is a kind of flow diagram of the communication means for group message that the embodiment of the present invention one provides, Wherein, the communication means that Fig. 5 is provided is equally applicable to the case where carrying out message communicating before group user, and this method can be by group The communication device of group message executes, and wherein the device can be by software and or hardware realization, and it is logical to be typically integrated in group message In user terminal of the letter system as message sink end.

Specifically, as shown in figure 5, the communication means of the group message includes following operation:

S501, the message identifier for receiving encryption message and the encryption message that instant communication server is sent.

This step have been described in detail as message sink end user terminal receive encryption message and corresponding message mark Operating process is equivalent to the information exchange of instant communication server Yu message sink end.

S502, it is included in the message identifier as encryption message identifier in session decoding request, and to cipher key service Device sends the session decoding request.

After obtaining encryption message based on S501, need to be decrypted operation to receiving encryption message, decryption oprerations needs Corresponding message key when encryption, this step have been described in detail the formation of session decoding request and send operation, be equivalent to and disappear Cease the information exchange of receiving end and key server.

It is understood that the clear session decryption is asked based on the specific descriptions in the provided communication means of above-mentioned Fig. 3 Ask determining the grasping for carrying out authentication and triggering progress message key to message receiving end specifically for triggering key server Make, on the basis of this step communication means provided by above-mentioned Fig. 3, can be obtained by session decoding request to key server Message key needed for taking decryption message.

S503, the message key for corresponding to the encryption message that the key server is sent is received, and based on described The encryption message is decrypted in message key.

This step is equivalent to the information exchange of key server Yu message sink end, based on this step it is available with connect The encryption associated message key of message is received, to realize the decryption of encryption message based on acquired message key, and then most Group message is realized eventually by the entire coded communication of message sending end to message sink end.

Further, on the basis of above-mentioned Fig. 5 provided communication means, which is being based on the message key Also optimization increases before the encryption message is decrypted: the message authentication sent according to the instant communication server Code determines the integrality of the encryption message；If the encryption message is imperfect, terminate the decryption behaviour of the encryption message Make.

In the present embodiment, the decryption phase of group message communication needs to guarantee to be transmitted before the decryption of encryption message The integrality of message, the present embodiment can be ensured based on message sending end by the message authentication code that instant communication server is sent The integrality of message.

The embodiment of the present invention one proposes group message communication system, and has been described in detail based on group message communication system In each component carry out the communication means of group message communication, this implementation group involved in the entire group message communication process The ID authentication mechanism of user, the generation of message key and memory mechanism, the encryption and decryption mechanism of group message and message are complete Property authentication mechanism etc., the attack of third party illegal user can be effectively prevent, more preferably ensure that the safety of group message communication； Meanwhile in entire group message communication process each group user implementation expense difference it is smaller, it is logical to effectively reduce group message Believe the load to communication system；In addition, the acquisition modes of key are to must first go through authentication, could be obtained in encryption system Key, and the message key for encrypting message is provided only on key server, not in instant communication server, each user terminal And transmitted between key server, thus also substantially increase the safety of group message communication.

Embodiment two

Fig. 6 is that the interaction for carrying out group message communication based on group message communication system provided by Embodiment 2 of the present invention is shown Example diagram.Group message communication system provided in this embodiment is suitable for the different application scene of group message communication, and common answers Use scene to have: (1) founder of user terminal A as group creates a group C1 first, and then user terminal A invites user Group C1 is added in terminal B, currently there was only two group members of user terminal A and user terminal B, and user in formed group C1 Terminal A will carry out message communicating as message sending end and user terminal B in group C1, and Fig. 6 gives at this time based on this The group message communication system that inventive embodiments provide carries out the interactive examples figure of group message communication.

As shown in fig. 6, the specific interactive process of the corresponding group message communication of application scenarios (1) includes following operation:

S601, user terminal A send the system login request comprising account and encrypted message to instant communication server.

S602, instant communication server verify received account and password according to the verifying of external authentication script, and User terminal A is allowed to log in group's message communication system when being verified.

After S603, user terminal A determine successful log, group C1 is created, adds user terminal B.

S604, user terminal A and key server carry out protocol initializing, determine and carry out message transmission with OTR agreement.

It should be noted that all user terminals in this step key server and group realize protocol initializing, That is, determining that each user terminal all carries out message transmission with OTR agreement in key server and group.

S605, user terminal A send session encryption request to key server.

It is understood that this step, which is based on OTR agreement, sends session encryption request.

S606, key server carry out authentication to user terminal A using Sigma's agreement according to session encryption request.

S607, key server generate the message key of message to be encrypted after user terminal A is by authentication, and It is sent to user terminal A.

It should be noted that key server only needs to carry out an identity to the group user in each group in the present embodiment It authenticates, after one-time identity authentication, as long as group user (no matter as message sending end or message sink end) does not exit group Group message communication system, is not necessarily to authentication, can the directly generation of session encryption request progress message key based on the received Operation.

S608, user terminal A are based on message key and form encryption message using ASE256 Encryption Algorithm, are formed simultaneously and disappear Authentication code and markup declaration message are ceased, and message authentication code, markup declaration message and encryption message are respectively sent to immediately Communication server.

S609, instant communication server obtain timestamp field when receiving the encryption message, and by the timestamp Group number belonging to message is encrypted in field and markup declaration message is determined as message identifier.

S610, instant communication server by the mark value for being used to mark message to be encrypted in markup declaration message and described disappear Breath mark is determined as identifying determining information, is sent to key server.

S611, instant communication server sent respectively to user terminal B the encryption message identifier of message, message authentication code and The encryption message.

S612, key server, which will receive to identify, determines that the mark value in information is corresponding with generated message key to be added The mark value of close message is compared, and when the two is identical, will identify the message identifier in determining information and message key with key Value is stored in Redis memory database to form.

Received message is identified and is included in session decoding request as encryption message identifier by S613, user terminal B, to Key server sends the session decoding request.

It is understood that user terminal B is equally conversated the transmission of decoding request based on OTR agreement.

S614, key server carry out identity to user terminal B using Sigma's agreement and recognize according to the session decoding request Card.

, can direct basis it can also be appreciated that as long as group message communication system is not exited at message sink end The lookup and matching operation of session decoding request progress subsequent message key.This kind operation of the present embodiment can effectively save information Interactive resource consumption, and the communication speed of group message can be accelerated.

S615, key server obtain the encryption message in session decoding request after user terminal B is by authentication Mark.

S616, key server search the message to match with the encryption message identifier in Redis memory database Mark, and the corresponding message key of the message identifier is sent to the user terminal B.

S617, user terminal B are based on received message after the encryption of message authentication code verifying based on the received message is complete The received encryption message of key pair is decrypted.

Application scenarios described in the present embodiment (1) can be realized user terminal according to above-mentioned interaction flow shown in fig. 6 Coded communication of the A and user terminal B in the group C1 of group message communication system.Meanwhile the group message of the present embodiment is logical Letter system applies also for common application scenarios (2), wherein application scenarios (2) are specifically expressed as follows: user terminal A both belonged to In group C2, and belong to group C3, wherein there are multidigit (no less than 3 big) group users in group C2 and group C3, and use The message communicating of two group C2 and C3 is simultaneously participated in after family terminal A login group's message communication system.

For scene described in application scenarios (2), user terminal A can equally be based on above-mentioned S601 and S602 login group Group message communication system, thinks that user terminal A can obtain corresponding group information by instant communication server, such as group at this time Other attributes of the pet name, head portrait and group etc..When user terminal A is as the message sending end of group C2 and group C3, equally The coded communication of group message can be realized based on the interaction flow that above-mentioned Fig. 6 is provided；Compared with application scenarios (1), applied field It is not necessarily to execute when the difference is that only application scenarios (2) when scape (2) carries out group message communication based on the interaction flow of Fig. 6 The group creating of S603 operates, meanwhile, other group users in group C2 and group C3 can regard user terminal B (message as Receiving end), and letter is carried out by the description of S611 in Fig. 6 and S613~S617 and instant communication server and key server Breath interaction.It is understood that user may be implemented according to the communication mechanism of the provided group message communication system of the present embodiment Message encryption communication of the terminal A in group C2 and group C3 is mutually indepedent, does not interfere with each other.

In addition, the present embodiment also proposed the application scenarios (3) suitable for group message communication system, application scenarios (3) Specifically be expressed as follows: user terminal A belongs to group C4, and user terminal A continuously transmits in group C4 to other group members A plurality of group message.Under conditions of application scenarios (3), user terminal A can equally be based on above-mentioned S601 and S602 login group Group message communication system, also thinks that user terminal A can obtain corresponding group information by instant communication server, such as group at this time The pet name, head portrait and other attributes of group etc..And user terminal A can regard the message sending end in group C4 as, and based on above-mentioned The interaction flow that Fig. 6 is provided realizes the coded communication of group message.

It should be noted that under application scenarios (3), the every transmission a piece of news of user terminal A can execute a Fig. 6 The interaction flow provided, and when interaction flow based on Fig. 6 carries out group message communication every time, the difference with application scenarios (1) Place is equally: the group creating without executing S603 operates, meanwhile, other group users in group C4 can regard use as Family terminal B (message sink end) and by description and instant communication server in the S611 and S613~S617 in Fig. 6 and Key server carries out information exchange.

Embodiment three

Fig. 7 a is a kind of structural block diagram of the communication device for group message that the embodiment of the present invention three provides.The communication device Suitable between group user carry out message communicating the case where, wherein the communication device can by software and or hardware realization, and It is typically integrated in the user terminal of group message communication system.

It should be noted that the communication device for the group message that three Fig. 7 a of the embodiment of the present invention is provided is specifically in user terminal As being used when message sending end in group.

Communication device as shown in Figure 7a, comprising: CIPHERING REQUEST sending module 71, message key receiving module 72 and disappear Encryption for information module 73.

Wherein, CIPHERING REQUEST sending module 71, for sending session encryption request to key server；

Message key receiving module 72, the message corresponding to message to be encrypted sent for receiving the key server Key；

Message encryption module 73 adds the message to be encrypted for the Encryption Algorithm based on the message key and setting It is close, and encrypted encryption message is sent to message sink end in group by instant communication server.

The communication device that Fig. 7 a is provided in the embodiment of the present invention three, can be every when user terminal is as message sending end Group message forms encryption message, thereby ensures that the safety of group message coded communication.

Further, the communication device that Fig. 7 a is provided, further comprises:

Authentication code generation module 74 is generated for being based on the message key for verifying the cryptographic message integrity Message authentication code, and the message authentication code is sent to the message sink end by the instant communication server.

On the basis of above-mentioned optimization, the communication device that Fig. 7 a is provided is further comprised: markup declaration sending module 75, to The instant communication server sends markup declaration message, to determine the encryption message for the instant communication server Message identifier.

Meanwhile Fig. 7 b gives a kind of structural frames of the communication device of group message of the offer of the embodiment of the present invention three Figure, the communication device be suitable for group user between carry out message communicating the case where, wherein the communication device can by software and/ Or hardware realization, and be typically integrated in the user terminal of group message communication system.

It should be noted that the communication device for the group message that three Fig. 7 b of the embodiment of the present invention is provided is specifically in user terminal It is used when as message sink end in group.

The communication device provided such as Fig. 7 b, comprising: information receiving module 710, decoding request sending module 711 and message Deciphering module 713.

Wherein, information receiving module 710, encryption message and the encryption for receiving instant communication server transmission disappear The message identifier of breath；

Decoding request sending module 711, for being decrypted using the message identifier as encryption message identifier included in session In request, and the session decoding request is sent to key server；

Message deciphering module 712, the message for corresponding to the encryption message sent for receiving the key server Key, and the encryption message is decrypted based on the message key.

The communication device that Fig. 7 b is provided in the embodiment of the present invention three, can be when user terminal be as message sink end to institute Operation is decrypted in received every group message, thus equally ensure that the safety of group message coded communication.

Further, the communication device that Fig. 7 b is provided, further comprises:

Integrity verification module 714, for before the encryption message being decrypted based on the message key, root According to the message authentication code that the instant communication server is sent, the integrality of the encryption message is determined, and when the encryption disappears When ceasing imperfect, terminate the decryption oprerations of the encryption message.

The communication device that Fig. 7 a and Fig. 7 b based on the embodiment of the present invention three is provided is it is found that in group message communication system User terminal be communication device when being integrated with as message sending end, communication dress when being also integrated with as message sink end It sets.Above-mentioned two communication device can be performed simultaneously (as transmitting terminal is receiving end again), can also be performed separately, the two is mutually only It is vertical, it does not interfere with each other.

In addition, Fig. 7 c gives a kind of hardware structural diagram of user terminal of the offer of the embodiment of the present invention three again.Such as Shown in Fig. 7 c, the user terminal of the offer of the embodiment of the present invention three, comprising: processor 720 and storage device 721.The user terminal In processor can be one or more, the processor in Fig. 7 c by taking a processor 720 as an example, in the user terminal 720 can be connected with storage device 721 by bus or other modes, in Fig. 7 c for being connected by bus.

It is understood that the user terminal can be with electricity such as mobile phone, tablet computer, notebook or stationary computers Sub- equipment.

Storage device 721 in the user terminal is used as a kind of computer readable storage medium, can be used for storing one or Multiple programs, described program can be software program, computer executable program and module, in the above embodiment of the present invention Corresponding program instruction/the module of the communication means of group message is (for example, in the communication device of group message shown in attached drawing 7a Module, comprising: CIPHERING REQUEST sending module 71, message key receiving module 72 and message encryption module 73；For another example, attached drawing 7b Module in the communication device of shown group message, comprising: information receiving module 710, decoding request sending module 711 and disappear Cease deciphering module 713).Software program, instruction and the module that processor 720 is stored in storage device 721 by operation, from And execute the various function application and data processing of user terminal, i.e. Fig. 2 and/or Fig. 5 in realization above method embodiment one The communication means of the group message of offer.

Storage device 721 may include storing program area and storage data area, wherein storing program area can store operation system Application program needed for system, at least one function；Storage data area, which can be stored, uses created data etc. according to equipment.This Outside, storage device 721 may include high-speed random access memory, can also include nonvolatile memory, for example, at least one A disk memory, flush memory device or other non-volatile solid state memory parts.In some instances, storage device 721 can It further comprise the memory remotely located relative to processor 720, these remote memories can be by network connection to setting It is standby.The example of above-mentioned network includes but is not limited to internet, intranet, local area network, mobile radio communication and combinations thereof.

Also, when one or more included program of above-mentioned user terminal is by one or more of processors 720 When execution, program is proceeded as follows:

Session encryption request is sent to key server；Receive the key server transmission corresponds to message to be encrypted Message key；Encryption Algorithm based on the message key and setting, and will be encrypted to the message encryption to be encrypted It encrypts message and message sink end in group is sent to by instant communication server.

And/or program proceeds as follows:

Receive the message identifier of encryption message and the encryption message that instant communication server is sent；By the message mark Know and be included in session decoding request as encryption message identifier, and sends the session decoding request to key server；It connects The message key for corresponding to the encryption message that the key server is sent is received, and is added based on the message key to described Close message is decrypted.

Further, the embodiment of the present invention also provides a kind of computer readable storage medium, is stored thereon with computer journey Sequence, the program controlled device execute the communication means for the group message that Fig. 2 and/or Fig. 5 is provided in embodiment one, and Fig. 2 is mentioned The communication means of confession includes: to send session encryption request to key server；Receive corresponding to for the key server transmission The message key of message to be encrypted；Encryption Algorithm based on the message key and setting to the message encryption to be encrypted, and Encrypted encryption message is sent to message sink end in group by instant communication server.Communication party provided by Fig. 5 Method includes: to receive the message identifier of encryption message and the encryption message that instant communication server is sent；By the message mark Know and be included in session decoding request as encryption message identifier, and sends the session decoding request to key server；It connects The message key for corresponding to the encryption message that the key server is sent is received, and is added based on the message key to described Close message is decrypted.

Example IV

Fig. 8 is a kind of structural block diagram of the communication device for group message that the embodiment of the present invention four provides.The communication device It is equally applicable to the case where message communicating is carried out between group user, wherein the communication device can be by software and/or hardware reality It is existing, and be typically integrated in the key server of group message communication system.As shown in figure 8, the communication device includes: that identity is recognized Demonstrate,prove module 81, key production module 82 and cipher key storage block 83.

Wherein, authentication module 81, the session encryption for being sent according to message sending end in group is requested, to described Message sending end carries out authentication；

Key production module 82, for generating and corresponding to the message when the message sending end passes through authentication The message key of message to be encrypted in transmitting terminal, and the message key is sent to the message sending end, so that the message Transmitting terminal generates the encryption message of the message to be encrypted.

Cipher key storage block 83, for receive instant communication server transmission with the associated message mark of the message key Know, and corresponding be stored in of the message identifier and the message key is set in database.

A kind of communication device for group message that the embodiment of the present invention four provides, concrete configuration and group message communication system Key server on, the generation of message key needed for realizing group message coded communication, while realizing message key Separate storage, this mode for storing message key independently of setting database largely improve group message and lead to Safety when letter.

Further, cipher key storage block 83 are specifically used for:

It receives the mark that the instant communication server is sent and determines that information, the mark determine that in information include for marking Remember the mark value and predetermined message identifier of message to be encrypted；If corresponding to the message to be encrypted of the message key Mark value determines that the mark value in information is identical with described identify, it is determined that the message identifier is related to the message key Connection, and the message identifier and the message key are stored in the setting database in the form of key-value pair.

On the basis of above-mentioned optimization, authentication module 81 is also used to the meeting sent according to message sink end in group Decoding request is talked about, authentication is carried out to the message sink end.

Correspondingly, the communication device further comprises:

Identifier acquisition module 84 is asked for when the message sink end passes through authentication, obtaining the session decryption The encryption message identifier for including in asking；

Matching module 85 is identified, is disappeared for being searched in the setting database with what the encryption message identifier matched Breath mark, and the corresponding message key of the message identifier is sent to the message sink end, to be used for the message sink The received encryption message of end decryption institute.

Meanwhile the embodiment of the present invention four additionally provides a kind of key server, the hardware configuration of the key server includes: Processor and storage device.Processor in the key server can be one or more, 41 processors of the present embodiment For be illustrated, the processor in the key server can be connected with storage device by bus or other modes, this reality Example four is applied to be illustrated for connecting by bus.It should be noted that in the present embodiment four key server hardware knot Structure is similar to the hardware configuration that user terminal has in the present embodiment three, and therefore, the present embodiment four does not repeat to show cipher key service The hardware structure diagram of device.

Storage device in the key server can be used for storing one or more as a kind of computer readable storage medium A program, described program can be software program, computer executable program and module, such as group in the above embodiment of the present invention Corresponding program instruction/the module of communication means of group message is (for example, the mould in the communication device of attached group message shown in Fig. 8 Block, comprising: authentication module 81, key production module 82 and cipher key storage block 83).Processor is stored in by operation Software program, instruction and module in storage device, at the various function application and data of key server Reason, i.e., the communication means for the group message that Fig. 3 is provided in realization above method embodiment one.

Storage device may include storing program area and storage data area, wherein storing program area can storage program area, extremely Application program needed for a few function；Storage data area, which can be stored, uses created data etc. according to equipment.In addition, depositing Storage device may include high-speed random access memory, can also include nonvolatile memory, and a for example, at least disk is deposited Memory device, flush memory device or other non-volatile solid state memory parts.In some instances, storage device can further comprise The memory remotely located relative to processor, these remote memories can pass through network connection to equipment.Above-mentioned network Example includes but is not limited to internet, intranet, local area network, mobile radio communication and combinations thereof.

Also, when one or more included program of above-mentioned key server is held by one or more of processors When row, program is proceeded as follows:

The session encryption request sent according to message sending end in group, carries out authentication to the message sending end； If the message sending end by authentication, generates close corresponding to the message of message to be encrypted in the message sending end Key, and the message key is sent to the message sending end, so that the message sending end generates the message to be encrypted Encrypt message；Receive that instant communication server sends with the associated message identifier of the message key, and by the message mark Know and corresponding be stored in of the message key sets in database.

In addition, the embodiment of the present invention also provides a kind of computer readable storage medium, it is stored thereon with computer program, it should Program controlled device executes the communication means for the group message that Fig. 3 is provided in embodiment one, communication means packet provided by Fig. 3 It includes: being requested according to the session encryption that message sending end in group is sent, authentication is carried out to the message sending end；If institute Message sending end is stated by authentication, then generates the message key corresponding to message to be encrypted in the message sending end, and The message key is sent to the message sending end, so that the encryption that the message sending end generates the message to be encrypted disappears Breath；Receive that instant communication server sends with the associated message identifier of the message key, and by the message identifier and institute Corresponding be stored in of message key is stated to set in database.

Embodiment five

Fig. 9 is a kind of structural block diagram of the communication device for group message that the embodiment of the present invention five provides.The communication device It is equally applicable to the case where message communicating is carried out between group user, wherein the communication device can be by software and/or hardware reality It is existing, and be typically integrated in the instant communication server of group message communication system.As shown in figure 9, the communication device includes: letter Cease receiving module 91, mark determining module 92, the first sending module 93 and the second sending module 94.

Wherein, information receiving module 91, for receiving the markup declaration message of message sending end transmission in group respectively, disappearing Authentication code and encryption message are ceased, the markup declaration message includes that group number belonging to the encryption message and the encryption disappear Cease the mark value of corresponding message to be encrypted；

Determining module 92 is identified, the timestamp field when encryption message is received for obtaining, by the timestamp Field and the group number are determined as the message identifier of the encryption message；

First sending module 93 is used to form the mark comprising the mark value and the message identifier and determines information, and It is sent to key server, to store message key associated with the message identifier for the key server；

Second sending module 94, for into group message sink end send respectively it is described encryption message message identifier, Message authentication code and the encryption message, so that message sink end group message needed for the message identifier obtains decryption Key.

A kind of communication device for group message that the embodiment of the present invention five provides, has been described in detail group message communication system Middle instant communication server communicates terminal as group message and provides the communication of useful information for message encryption and message decryption Device, only it is necessary not further define message key storage to the progress group message transfer of message sink end for message sending end Message identifier and message decrypt necessary message key, play in the coded communication of group message communication system decisive Effect.

Meanwhile the embodiment of the present invention five additionally provides a kind of instant communication server, the hardware of the instant communication server Structure includes: processor and storage device.Processor in the instant communication server can be one or more, the present embodiment Be illustrated for May Day processor, the processor and storage device in the instant communication server can by bus or its He connects mode, and the present embodiment five is illustrated for being connected by bus.It should be noted that in the present embodiment five immediately The hardware configuration of communication server is also similarly to the hardware configuration that user terminal has in the present embodiment three, therefore, this implementation Example five does not repeat to show the hardware structure diagram of instant communication server.

Storage device in the instant communication server can be used for storing one as a kind of computer readable storage medium Or multiple programs, described program can be software program, computer executable program and module, such as the above embodiment of the present invention In group message the corresponding program instruction/module of communication means (for example, in the communication device of attached group message shown in Fig. 9 Module, comprising: information receiving module 91, mark determining module 92, the first sending module 93 and the second sending module 94). Software program, instruction and module of the processor by operation storage in the storage device, thereby executing instant communication server Various function application and data processing, i.e., realization above method embodiment one in Fig. 4 provide group message communication party Method.

Storage device may include storing program area and storage data area, wherein storing program area can storage program area, extremely Application program needed for a few function；Storage data area, which can be stored, uses created data etc. according to equipment.In addition, depositing Storage device may include high-speed random access memory, can also include nonvolatile memory, and a for example, at least disk is deposited Memory device, flush memory device or other non-volatile solid state memory parts.In some instances, storage device can further comprise The memory remotely located relative to processor, these remote memories can pass through network connection to equipment.Above-mentioned network Example includes but is not limited to internet, intranet, local area network, mobile radio communication and combinations thereof.

Also, when one or more included program of above-mentioned instant communication server is by one or more of processing When device executes, program is proceeded as follows:

The markup declaration message, message authentication code and encryption message that message sending end is sent in group are received respectively, it is described Mark of the markup declaration message comprising message to be encrypted corresponding to group number belonging to the encryption message and the encryption message Note value；Timestamp field when receiving the encryption message is obtained, the timestamp field and the group number are determined For the message identifier of the encryption message；It forms the mark comprising the mark value and the message identifier and determines information, concurrently It send to key server, to store message key associated with the message identifier for the key server；To group Middle message sink end sends message identifier, message authentication code and the encryption message of the encryption message respectively, so that described Message sink end group message key needed for the message identifier obtains decryption.

In addition, the embodiment of the present invention also provides a kind of computer readable storage medium, it is stored thereon with computer program, it should Program controlled device executes the communication means for the group message that Fig. 3 is provided in embodiment one, communication means packet provided by Fig. 4 It includes: receiving the markup declaration message, message authentication code and encryption message that message sending end is sent in group, the label sound respectively Mark value of the bright message comprising message to be encrypted corresponding to group number belonging to the encryption message and the encryption message；It obtains Timestamp field when receiving the encryption message is taken, the timestamp field and the group number are determined as described add The message identifier of close message；It forms the mark comprising the mark value and the message identifier and determines information, and be sent to key Server, to store message key associated with the message identifier for the key server；Into group, message is connect Receiving end sends message identifier, message authentication code and the encryption message of the encryption message respectively, so that the message sink End group message key needed for the message identifier obtains decryption.

By the description above with respect to embodiment, it is apparent to those skilled in the art that, the present invention It can be realized by software and required common hardware, naturally it is also possible to which by hardware realization, but in many cases, the former is more Good embodiment.Based on this understanding, technical solution of the present invention substantially in other words contributes to the prior art Part can be embodied in the form of software products, which can store in computer readable storage medium In, floppy disk, read-only memory (Read-Only Memory, ROM), random access memory (Random such as computer Access Memory, RAM), flash memory (FLASH), hard disk or CD etc., including some instructions are with so that a computer is set Standby (can be personal computer, server or the network equipment etc.) executes method described in each embodiment of the present invention.

Note that the above is only a better embodiment of the present invention and the applied technical principle.It will be appreciated by those skilled in the art that The invention is not limited to the specific embodiments described herein, be able to carry out for a person skilled in the art it is various it is apparent variation, It readjusts and substitutes without departing from protection scope of the present invention.Therefore, although being carried out by above embodiments to the present invention It is described in further detail, but the present invention is not limited to the above embodiments only, without departing from the inventive concept, also It may include more other equivalent embodiments, and the scope of the invention is determined by the scope of the appended claims.

Claims (25)

1. a kind of communication means of group message, which is characterized in that the method is applied to the message sending end in group, packet It includes:

Session encryption request is sent to key server；

Receive the message key corresponding to message to be encrypted that the key server is sent；

Encryption Algorithm based on the message key and setting is to the message encryption to be encrypted, and by encrypted encryption message Message sink end in group is sent to by instant communication server.

2. the method according to claim 1, wherein further include:

Based on the message key, the message authentication code for verifying the cryptographic message integrity is generated, and by the message Authentication code is sent to the message sink end by the instant communication server.

3. the method according to claim 1, wherein further include:

Markup declaration message is sent to the instant communication server, to determine the encryption for the instant communication server The message identifier of message.

4. a kind of communication means of group message, which is characterized in that the method is applied to key server, comprising:

The session encryption request sent according to message sending end in group, carries out authentication to the message sending end；

If the message sending end, which by authentication, generates, corresponds to disappearing for message to be encrypted in the message sending end Key is ceased, and sends the message key to the message sending end, so that the message sending end generates described to be encrypted disappear The encryption message of breath；

Receive that instant communication server sends with the associated message identifier of the message key, and by the message identifier and institute Corresponding be stored in of message key is stated to set in database.

5. according to the method described in claim 4, it is characterized in that, described receive disappearing with described for instant communication server transmission The message identifier of cipher key associated is ceased, and corresponding be stored in of the message identifier and the message key is set in database, packet It includes:

Receive the mark that the instant communication server is sent and determine information, the mark determine in information include for label to Encrypt the mark value and predetermined message identifier of message；

If corresponding to the mark value and the mark value phase for identifying and determining in information of the message to be encrypted of the message key Together, it is determined that the message identifier is associated with the message key, and by the message identifier and the message key with key Value is stored in the setting database to form.

6. according to the method described in claim 4, it is characterized by further comprising:

According to the session decoding request that message sink end in group is sent, authentication is carried out to the message sink end；

If the message sink end obtains the encryption message mark for including in the session decoding request by authentication Know；

Searched in the setting database with the message identifier that matches of encryption message identifier, and by the message identifier Corresponding message key is sent to the message sink end, for the received encryption message of message sink end decryption institute.

7. a kind of communication means of group message, which is characterized in that the method is applied to instant communication server, comprising:

The markup declaration message, message authentication code and encryption message that message sending end is sent in group, the label are received respectively State mark value of the message comprising message to be encrypted corresponding to group number belonging to the encryption message and the encryption message；

Timestamp field when receiving the encryption message is obtained, the timestamp field and the group number are determined as The message identifier of the encryption message；

It forms the mark comprising the mark value and the message identifier and determines information, and be sent to key server, to be used for The key server stores message key associated with the message identifier；

Message identifier, message authentication code and the encryption that message sink end sends the encryption message respectively into group disappear Breath, so that message sink end group message key needed for the message identifier obtains decryption.

8. a kind of communication means of group message, which is characterized in that the method is applied to the message sink end in group, packet It includes:

Receive the message identifier of encryption message and the encryption message that instant communication server is sent；

It is included in the message identifier as encryption message identifier in session decoding request, and to described in key server transmission Session decoding request；

The message key for corresponding to the encryption message that the key server is sent is received, and based on the message key pair The encryption message is decrypted.

9. according to the method described in claim 8, it is characterized in that, being carried out based on the message key to the encryption message Before decryption, further includes:

According to the message authentication code that the instant communication server is sent, the integrality of the encryption message is determined；

If the encryption message is imperfect, terminate the decryption oprerations of the encryption message.

10. a kind of communication device of group message, which is characterized in that described device is configured at the message sending end in group, packet It includes:

CIPHERING REQUEST sending module, for sending session encryption request to key server；

Message key receiving module, the message key corresponding to message to be encrypted sent for receiving the key server；

Message encryption module, for the Encryption Algorithm based on the message key and setting to the message encryption to be encrypted, and Encrypted encryption message is sent to message sink end in group by instant communication server.

11. device according to claim 10, which is characterized in that further include:

Authentication code generation module generates the message for verifying the cryptographic message integrity for being based on the message key Authentication code, and the message authentication code is sent to the message sink end by the instant communication server.

12. device according to claim 10, which is characterized in that further include:

Markup declaration sending module sends markup declaration message to the instant communication server, to be used for the instant messaging Server determines the message identifier of the encryption message.

13. a kind of communication device of group message, which is characterized in that described device is configured at key server, comprising:

Authentication module, the session encryption for being sent according to message sending end in group is requested, to the message sending end Carry out authentication；

Key production module, for generating and corresponding to the message sending end when the message sending end passes through authentication In message to be encrypted message key, and send the message key to the message sending end, so that the message sending end Generate the encryption message of the message to be encrypted；

Cipher key storage block, for receive instant communication server transmission with the associated message identifier of the message key, and Corresponding be stored in of the message identifier and the message key is set in database.

14. device according to claim 13, which is characterized in that the cipher key storage block is specifically used for:

Receive the mark that the instant communication server is sent and determine information, the mark determine in information include for label to Encrypt the mark value and predetermined message identifier of message；

If corresponding to the mark value and the mark value phase for identifying and determining in information of the message to be encrypted of the message key Together, it is determined that the message identifier is associated with the message key, and by the message identifier and the message key with key Value is stored in the setting database to form.

15. device according to claim 13, which is characterized in that the authentication module is also used to according in group The session decoding request that message sink end is sent carries out authentication to the message sink end；

Correspondingly, described device further include:

Identifier acquisition module, for obtaining and being wrapped in the session decoding request when the message sink end passes through authentication The encryption message identifier contained；

Matching module is identified, for searching the message mark to match with the encryption message identifier in the setting database Know, and the corresponding message key of the message identifier is sent to the message sink end, to be solved for the message sink end The close received encryption message of institute.

16. a kind of communication device of group message, which is characterized in that described device is configured at instant communication server, comprising:

Information receiving module, for receive respectively markup declaration message, message authentication code that message sending end in group sends and Encrypt message, the markup declaration message include corresponding to group number and the encryption message belonging to the encryption message to Encrypt the mark value of message；

Identify determining module, for obtains receive it is described encrypt message when timestamp field, by the timestamp field and The group number is determined as the message identifier of the encryption message；

First sending module is used to form the mark comprising the mark value and the message identifier and determines information, and is sent to Key server, to store message key associated with the message identifier for the key server；

Second sending module is recognized for message identifier, message that into group, message sink end sends the encryption message respectively Code and the encryption message are demonstrate,proved, so that message sink end group message key needed for the message identifier obtains decryption.

17. a kind of communication device of group message, which is characterized in that described device is configured at the message sink end in group, packet It includes:

Information receiving module, for receiving the encryption message of instant communication server transmission and the message mark of the encryption message Know；

Decoding request sending module, for being included in the message identifier as encryption message identifier in session decoding request, And the session decoding request is sent to key server；

Message deciphering module, the message key for corresponding to the encryption message sent for receiving the key server, and The encryption message is decrypted based on the message key.

18. device according to claim 17, which is characterized in that further include:

Integrity verification module, for before the encryption message being decrypted based on the message key, according to described The message authentication code that instant communication server is sent determines the integrality of the encryption message, and when the encryption message is endless When whole, terminate the decryption oprerations of the encryption message.

19. a kind of user terminal characterized by comprising

One or more processors；

Storage device, for storing one or more programs,

When one or more of programs are executed by one or more of processors, so that one or more of processors are real The communication means of existing group message as described in any one of claims 1-3, and/or, realize group described in claim 8 or 9 The communication means of group message.

20. a kind of key server characterized by comprising

One or more processors；

Storage device, for storing one or more programs,

When one or more of programs are executed by one or more of processors, so that one or more of processors are real Now such as the communication means of the described in any item group messages of claim 4-6.

21. a kind of instant communication server characterized by comprising

One or more processors；

Storage device, for storing one or more programs,

When one or more of programs are executed by one or more of processors, so that one or more of processors are real The now communication means of group message as claimed in claim 7.

22. a kind of group message communication system characterized by comprising user terminal described at least two claims 19, Instant communication server described in key server described in claim 20 and claim 21；

Wherein, the user terminal as in group message sending end and/or message sink end.

23. a kind of computer readable storage medium, is stored thereon with computer program, which is characterized in that the program is by processor The communication means of group message as described in any one of claims 1-3 is realized when execution, and/or, realize claim 8 or 9 The communication means of the group message.

24. a kind of computer readable storage medium, is stored thereon with computer program, which is characterized in that the program is by processor The communication means such as the described in any item group messages of claim 4-6 is realized when execution.

25. a kind of computer readable storage medium, is stored thereon with computer program, which is characterized in that the program is by processor The communication means of group message as claimed in claim 7 is realized when execution.