CN109274690A - Group's data ciphering method - Google Patents
Group's data ciphering method Download PDFInfo
- Publication number
- CN109274690A CN109274690A CN201811326155.9A CN201811326155A CN109274690A CN 109274690 A CN109274690 A CN 109274690A CN 201811326155 A CN201811326155 A CN 201811326155A CN 109274690 A CN109274690 A CN 109274690A
- Authority
- CN
- China
- Prior art keywords
- key
- encryption
- group
- user
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/065—Network architectures or network communication protocols for network security for supporting key management in a packet data network for group communications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0825—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
Abstract
The disclosure provides a population data ciphering method, comprising: multiple telecommunication customer ends generate group chat group by communication server, and group chat group has group identification;Multiple telecommunication customer ends receive the group identification from communication server;And Key Management server receives the group identification authorization relationship from communication server, group identification authorization relationship is the authorization relationship of the user account of each telecommunication customer end and the group identification in multiple telecommunication customer ends.
Description
Technical field
The disclosure belongs to field of communication technology more particularly to a population data ciphering method.
Background technique
In various communication systems, how to realize the protection of interactive information between user, guarantee Content of Communication safety and
Secrecy needs emphasis to consider.Especially in mobile communication system, data are transmitted by communication server, communication garment
There is the security risk obtain, check, revealing user's chat data in business device end.
In the prior art, multiple users can carry out data interaction by way of group chat group, chatting in these group chats group
Day data equally faces issue noted above.
Summary of the invention
The disclosure is designed to provide a kind of new group's data ciphering method, come solve to mention in background above technology
Technical problem.The disclosure is achieved through the following technical solutions.
Group's data ciphering method, comprising:
Multiple telecommunication customer ends generate group chat group by communication server, and group chat group has group identification;
Multiple telecommunication customer ends receive the group identification from communication server;And
Key Management server receives the group identification authorization relationship from communication server, and group identification authorization relationship is multiple
The authorization relationship of the user account of each telecommunication customer end and group identification in telecommunication customer end.
According at least one embodiment of the disclosure, telecommunication customer end includes data module and encryption/decryption module, data
Module receives and/or sends data, the data encryption that encryption/decryption module sends data module, encryption and decryption via communication server
Module is to the received data deciphering of data module.
According at least one embodiment of the disclosure, the user key of each telecommunication customer end is by Key Management server
It generates.
According at least one embodiment of the disclosure, the user key of each telecommunication customer end is by each telecommunication customer end
Encryption/decryption module generate.
According at least one embodiment of the disclosure, Key Management server is that the data from telecommunication customer end generate
Encryption key, and using the user key of the telecommunication customer end to encryption keys.
According at least one embodiment of the disclosure, Key Management server generates encryption key indices, and records and add
The authorization relationship of close cipher key index and group identification.
According at least one embodiment of the disclosure, Key Management server includes user authentication module, user key
Management module, encryption key management module and cryptographic service module;
User authentication module uses the user information of each telecommunication customer end, carries out user's checking to each telecommunication customer end
It is bound with user account;
User key management module is managed the user key of each telecommunication customer end;
Encryption key management module creation encryption key;
Cryptographic service module encrypts encryption key using user key.
According at least one embodiment of the disclosure, user key includes public key and private key, and cryptographic service module uses
Public key encrypts encryption key.
According at least one embodiment of the disclosure, the cryptographic service module of Key Management server generates encryption key
Index, and the authorization relationship of recording of encrypted cipher key index and group identification.
According at least one embodiment of the disclosure, encryption/decryption module includes user authentication submodule, user key pipe
Manage submodule, data encryption submodule and data deciphering submodule;
User authentication submodule completes user identity authentication using user account;
User key manages submodule and saves user key;
Data encryption submodule is decrypted encryption key using user key, then with encryption key to the number to be sent
According to being encrypted;
Data deciphering submodule is decrypted encryption key using user key, then with encryption key to the number received
According to being decrypted.
According at least one embodiment of the disclosure, user key includes public key and private key, and data encryption submodule makes
It is decrypted with private key pair encryption key, then the data to be sent is encrypted with encryption key;Data deciphering submodule makes
It is decrypted with private key pair encryption key, then the data received is decrypted with encryption key.
According at least one embodiment of the disclosure, group identification is group's account.
According at least one embodiment of the disclosure, communication server is instant communication server, and telecommunication customer end is
Instant communication client.
Detailed description of the invention
Attached drawing shows the illustrative embodiments of the disclosure, and it is bright together for explaining the principles of this disclosure,
Which includes these attached drawings to provide further understanding of the disclosure, and attached drawing is included in the description and constitutes this
Part of specification.
Fig. 1 is the overall knot for the data encryption system that group's data ciphering method of the disclosure at least one embodiment uses
Structure.
Fig. 2 is the specific knot for the data encryption system that group's data ciphering method of the disclosure at least one embodiment uses
Structure.
Specific embodiment
The disclosure is described in further detail with embodiment with reference to the accompanying drawing.It is understood that this place
The specific embodiment of description is only used for explaining related content, rather than the restriction to the disclosure.It also should be noted that being
Convenient for description, part relevant to the disclosure is illustrated only in attached drawing.
It should be noted that in the absence of conflict, the feature in embodiment and embodiment in the disclosure can
To be combined with each other.The disclosure is described in detail below with reference to the accompanying drawings and in conjunction with embodiment.
The data encryption system that group's data ciphering method that Fig. 1 shows the disclosure at least one embodiment uses it is total
Body structure, Fig. 2 shows the tools for the data encryption system that group's data ciphering method of the disclosure at least one embodiment uses
Body structure.
Group's data ciphering method, comprising:
Multiple telecommunication customer ends generate group chat group by communication server, and group chat group has group identification;
Multiple telecommunication customer ends receive the group identification from communication server;And
Key Management server receives the group identification authorization relationship from communication server, and group identification authorization relationship is multiple
The authorization relationship of the user account of each telecommunication customer end and group identification in telecommunication customer end.
Wherein, group identification can be group account.Communication server is instant communication server, and telecommunication customer end is Instant Messenger
Interrogate client.Telecommunication customer end may be mounted on such as mobile phone, personal computer, such as APP, and certain telecommunication customer end can also
To be present on such as mobile phone, personal computer in the form of a web page.Data above-mentioned can be word message, sound text
Part, picture file, video file etc..Communication server above-mentioned can be can be realized data communication in the prior art
Communication server.Fig. 1 shows two telecommunication customer ends (i.e. two users) for participating in group chat.
In at least one embodiment of the disclosure, telecommunication customer end includes data module and encryption/decryption module, data mould
Block receives and/or sends data, the data encryption that encryption/decryption module sends data module, encryption and decryption mould via communication server
Block is to the received data deciphering of data module.
Each telecommunication customer end is unable to get the clear data of other telecommunication customer ends.
In at least one embodiment of the disclosure, the user key of each telecommunication customer end is given birth to by Key Management server
At.
In at least one embodiment of the disclosure, the user key of each telecommunication customer end is by each telecommunication customer end
Encryption/decryption module generates.
In at least one embodiment of the disclosure, Key Management server is that the data generation from telecommunication customer end adds
Key, and using the user key of the telecommunication customer end to encryption keys.
In at least one embodiment of the disclosure, Key Management server generates encryption key indices, and recording of encrypted
The authorization relationship of cipher key index and group identification.
In at least one embodiment of the disclosure, Key Management server includes user authentication module, user key pipe
Manage module, encryption key management module and cryptographic service module;
User authentication module uses the user information of each telecommunication customer end, carries out user's checking to each telecommunication customer end
It is bound with user account;
User key management module is managed the user key of each telecommunication customer end;
Encryption key management module creation encryption key;
Cryptographic service module encrypts encryption key using user key.
Wherein, user key includes public key and private key.Encryption key is preferably random key, passes through the user key factor
And/or folk prescription or multi-party public key generate.The user key factor is based on user's unique identification and is generated by Key Management server, user
Unique identification is generated by telecommunication customer end.
In at least one embodiment of the disclosure, the user key of each telecommunication customer end is given birth to by Key Management server
At, user key management module generates the user key of each telecommunication customer end, to the user key of each telecommunication customer end into
Row management, is sent to each telecommunication customer end for corresponding user key.
In at least one embodiment of the disclosure, the user key of each telecommunication customer end is by each telecommunication customer end
End-to-end encryption/decryption module generates, and the user key management module of Key Management server is received from each telecommunication customer end
User key is managed the user key of each telecommunication customer end.
In at least one embodiment of the disclosure, cryptographic service module encrypts encryption key using public key.
In at least one embodiment of the disclosure, the cryptographic service module of Key Management server generates encryption key rope
Draw, and the authorization relationship of recording of encrypted cipher key index and group identification.
In at least one embodiment of the disclosure, encryption/decryption module includes user authentication submodule, user key management
Submodule, data encryption submodule and data deciphering submodule;
User authentication submodule completes user identity authentication using user account;
User key manages submodule and saves user key;
Data encryption submodule is decrypted encryption key using user key, then with encryption key to the number to be sent
According to being encrypted;
Data deciphering submodule is decrypted encryption key using user key, then with encryption key to the number received
According to being decrypted.
In at least one embodiment of the disclosure, the user key of each telecommunication customer end is given birth to by Key Management server
Receive the user key from Key Management server at the user key management submodule of, each telecommunication customer end, and to
Family key is saved.
In at least one embodiment of the disclosure, the user key of each telecommunication customer end is by each telecommunication customer end
End-to-end encryption/decryption module generates, and user key is generated by the user key management submodule of end-to-end encryption/decryption module, and will
User key is sent to Key Management server.
In at least one embodiment of the disclosure, the user key of telecommunication customer end is added by the end-to-end of telecommunication customer end
The user key management submodule of deciphering module generates, and user key includes public key and private key, and the end-to-end of telecommunication customer end adds
The user key management submodule of deciphering module saves public key and private key, and public key is sent to cipher key management services
The user key management module of device, Key Management server receives the public key from telecommunication customer end, to the public affairs of telecommunication customer end
Key is managed (for example including saving).
In at least one embodiment of the disclosure, data encryption submodule is decrypted using private key pair encryption key,
The data to be sent are encrypted with encryption key again;Data deciphering submodule is decrypted using private key pair encryption key,
The data received are decrypted with encryption key again.
In at least one embodiment of the disclosure, the first user using the first telecommunication customer end create group chat group, first
Telecommunication customer end sends creation group chat group request to communication server, and communication server is generated based on the request has group's account
(group's account can be the unique identification of group chat group to group chat group;Group chat group can also include group's information, such as group's title), communication garment
Group chat group with group's account is returned to the first telecommunication customer end by business device, and the first telecommunication customer end saves group chat group.
Other group members of communication server into group chat group such as the second telecommunication customer end (by second user use) hair
It send and builds group's notice, the second telecommunication customer end preservation group chat group (or whether prompt is added using the second user of the second telecommunication customer end
Enter and/or save group chat group), communication server sends group's account authorization relationship (i.e. each communication visitor to Key Management server
The user account at family end and the corresponding relationship of group's account), Key Management server saves this group of account authorization relationships, as group chat group
When interior group members change, which is sent to Key Management server, Key Management server pair by communication server
Group's account authorization relationship is updated.
First user sends data in group (such as text information, picture, table by the first telecommunication customer end in group chat group
Feelings, file etc.), the encryption/decryption module of the first telecommunication customer end i.e. the first encryption/decryption module is passed into the use of the first telecommunication customer end
Family account, group's account and data content, the first encryption/decryption module, which is generated to Key Management server request based on group's account, to be added
Key, Key Management server generates encryption key and encryption key indices, recording of encrypted cipher key index are awarded with group's account
Power relationship.Key Management server using the first telecommunication customer end user account public key to encryption key generated above into
Row encryption, is sent to the first encryption/decryption module for encrypted encryption key and encryption key indices, the first encryption/decryption module makes
Be decrypted with the private key pair encryption key of the user account of the first telecommunication customer end, reuse encryption key to data content into
Row encryption, is packaged into encrypted data volume.It include encryption key indices in encrypted data volume.
Encrypted data volume is transferred to the number of data module i.e. first of the first telecommunication customer end by the first encryption/decryption module
According to module, the first data module issues encrypted data volume in group.
Second data module of the second telecommunication customer end receives the encrypted data volume in group, the second data module
The encrypted data volume is sent to encryption/decryption module i.e. the second encryption/decryption module of second telecommunication customer end, second
Encryption/decryption module sends the user account and encryption key rope of group's account, the second telecommunication customer end to Key Management server
Draw, request inquires encryption key based on encryption key indices.
Key Management server is based on the group's account received, the user account and encryption key of the second telecommunication customer end
Index checks group's account authorization relationship, and group's account authorization relationship is correct, then using the public affairs of the user account of the second telecommunication customer end
Key encrypts encryption key, and encrypted encryption key is sent to the second encryption/decryption module.
Second encryption/decryption module is decrypted using the private key pair encryption key of the user account of the second telecommunication customer end, the
Two encryption/decryption modules are decrypted data volume using the encryption key after decryption, and the data volume after decryption, that is, clear data is passed
It is defeated by the user account of the second telecommunication customer end.
It will be understood by those of skill in the art that above embodiment is used for the purpose of clearly demonstrating the disclosure, and simultaneously
Non- be defined to the scope of the present disclosure.For those skilled in the art, may be used also on the basis of disclosed above
To make other variations or modification, and these variations or modification are still in the scope of the present disclosure.
Claims (10)
1. a population data ciphering method characterized by comprising
Multiple telecommunication customer ends generate group chat group by communication server, and the group chat group has group identification;
The multiple telecommunication customer end receives the group identification from communication server;And
Key Management server receives the group identification authorization relationship from communication server, and the group identification authorization relationship is described
The authorization relationship of the user account of each telecommunication customer end and the group identification in multiple telecommunication customer ends.
2. according to claim 1 group of data ciphering methods, which is characterized in that the telecommunication customer end includes data module
And encryption/decryption module, the data module receive and/or send data, the encryption/decryption module pair via the communication server
The data encryption that the data module is sent, the encryption/decryption module is to the received data deciphering of the data module.
3. according to claim 1 or 2 group of data ciphering methods, which is characterized in that the user of each telecommunication customer end is close
Key is generated by the Key Management server.
4. according to claim 2 group of data ciphering methods, which is characterized in that the user key of each telecommunication customer end by
The encryption/decryption module of each telecommunication customer end generates.
5. according to claim 3 or 4 group of data ciphering methods, which is characterized in that the Key Management server is next
Encryption key is generated from the data of telecommunication customer end, and using the user key of the telecommunication customer end to encryption keys.
6. according to claim 5 group of data ciphering methods, which is characterized in that the Key Management server generates encryption
Cipher key index, and the authorization relationship of recording of encrypted cipher key index and group identification.
7. according to claim 5 or 6 group of data ciphering methods, which is characterized in that the Key Management server includes
User authentication module, user key management module, encryption key management module and cryptographic service module;
The user authentication module uses the user information of each telecommunication customer end, carries out user's checking to each telecommunication customer end
It is bound with user account;
The user key management module is managed the user key of each telecommunication customer end;
The encryption key management module creation encryption key;
The cryptographic service module encrypts the encryption key using the user key.
8. according to claim 7 group of data ciphering methods, which is characterized in that the user key includes public key and private
Key, the cryptographic service module encrypt the encryption key using the public key.
9. according to claim 7 group of data ciphering methods, which is characterized in that the encryption of the Key Management server takes
Module of being engaged in generates encryption key indices, and the authorization relationship of recording of encrypted cipher key index and group identification.
10. according to claim 3 or 4 group of data ciphering methods, which is characterized in that the encryption/decryption module includes user
Authentication sub module, user key management submodule, data encryption submodule and data deciphering submodule;
The user authentication submodule completes user identity authentication using user account;
The user key management submodule saves user key;
The data encryption submodule is decrypted encryption key using user key, then with encryption key to the number to be sent
According to being encrypted;
The data deciphering submodule is decrypted encryption key using user key, then with encryption key to the number received
According to being decrypted.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811326155.9A CN109274690A (en) | 2018-11-08 | 2018-11-08 | Group's data ciphering method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811326155.9A CN109274690A (en) | 2018-11-08 | 2018-11-08 | Group's data ciphering method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN109274690A true CN109274690A (en) | 2019-01-25 |
Family
ID=65192613
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811326155.9A Pending CN109274690A (en) | 2018-11-08 | 2018-11-08 | Group's data ciphering method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109274690A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109981663A (en) * | 2019-03-31 | 2019-07-05 | 杭州复杂美科技有限公司 | A kind of privacy group chat method, equipment and storage medium |
| CN112804133A (en) * | 2020-12-25 | 2021-05-14 | 江苏通付盾区块链科技有限公司 | Encrypted group chat method and system based on block chain technology |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101479984A (en) * | 2006-04-25 | 2009-07-08 | 斯蒂芬·L.·博伦 | Dynamic distributed key system and method for identity management, authentication servers, data security and preventing man-in-the-middle attacks |
| CN104717232A (en) * | 2015-04-09 | 2015-06-17 | 武汉理工大学 | Cryptosystem facing to group |
| CN106603504A (en) * | 2016-11-23 | 2017-04-26 | 深圳市金立通信设备有限公司 | VoIP (Voice over Internet Protocol) encrypting and monitoring methods and VoIP encrypting and monitoring devices |
| CN106935242A (en) * | 2015-12-30 | 2017-07-07 | 北京明朝万达科技股份有限公司 | A kind of voice communication encryption system and method |
| WO2017133485A1 (en) * | 2016-02-02 | 2017-08-10 | 阿里巴巴集团控股有限公司 | Method of establishing communication between apparatuses, device, and system |
-
2018
- 2018-11-08 CN CN201811326155.9A patent/CN109274690A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101479984A (en) * | 2006-04-25 | 2009-07-08 | 斯蒂芬·L.·博伦 | Dynamic distributed key system and method for identity management, authentication servers, data security and preventing man-in-the-middle attacks |
| CN104717232A (en) * | 2015-04-09 | 2015-06-17 | 武汉理工大学 | Cryptosystem facing to group |
| CN106935242A (en) * | 2015-12-30 | 2017-07-07 | 北京明朝万达科技股份有限公司 | A kind of voice communication encryption system and method |
| WO2017133485A1 (en) * | 2016-02-02 | 2017-08-10 | 阿里巴巴集团控股有限公司 | Method of establishing communication between apparatuses, device, and system |
| CN106603504A (en) * | 2016-11-23 | 2017-04-26 | 深圳市金立通信设备有限公司 | VoIP (Voice over Internet Protocol) encrypting and monitoring methods and VoIP encrypting and monitoring devices |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109981663A (en) * | 2019-03-31 | 2019-07-05 | 杭州复杂美科技有限公司 | A kind of privacy group chat method, equipment and storage medium |
| CN112804133A (en) * | 2020-12-25 | 2021-05-14 | 江苏通付盾区块链科技有限公司 | Encrypted group chat method and system based on block chain technology |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110474893A (en) | A kind of isomery is across the close state data safety sharing method of trust domain and system | |
| CN101677269B (en) | Method and system for transmitting keys | |
| CN103401949B (en) | A kind of system and method shared for the personal data safety of mobile phone | |
| CN101340443A (en) | Session key negotiating method, system and server in communication network | |
| CN109543434B (en) | Block chain information encryption method, decryption method, storage method and device | |
| CN107483505A (en) | The method and system that a kind of privacy of user in Video chat is protected | |
| CN107094156A (en) | A kind of safety communicating method and system based on P2P patterns | |
| CN107666395A (en) | One population file management method, user terminal, group chat system | |
| CN106656490A (en) | Quantum whiteboard data storage method | |
| CN102404337A (en) | Data encryption method and device | |
| CN109525388A (en) | A kind of combined ciphering method and system of cipher key separation | |
| CN103997405B (en) | A kind of key generation method and device | |
| CN109274690A (en) | Group's data ciphering method | |
| CN106211146B (en) | Adding method, information communicating method and call method and system are recorded in safety communication | |
| CN111368271A (en) | Method and system for realizing password management based on multiple encryption | |
| KR102191111B1 (en) | System and method of providing anonymity message service using block chain | |
| CN106059767A (en) | Terminal private data protection system and method based on Internet | |
| CN111698203A (en) | Cloud data encryption method | |
| CN109726583A (en) | Cloud data base encryption server system | |
| CN110266483A (en) | Based on unsymmetrical key pond to and the quantum communications service station cryptographic key negotiation method of QKD, system, equipment | |
| JP2014527786A (en) | Communication system for authentication by fingerprint information and use thereof | |
| KR101760376B1 (en) | Terminal and method for providing secure messenger service | |
| CN103986640A (en) | Instant messaging method and system capable of guaranteeing safety of user communication content | |
| CN215186781U (en) | Quantum computing resistant mobile communication system based on quantum secret communication network | |
| CN111539032B (en) | Electronic signature application system resistant to quantum computing disruption and implementation method thereof |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20190125 |
|
| RJ01 | Rejection of invention patent application after publication |