CN110035083A - Communication means, equipment and the computer readable storage medium of dialogue-based key - Google Patents
Communication means, equipment and the computer readable storage medium of dialogue-based key Download PDFInfo
- Publication number
- CN110035083A CN110035083A CN201910310731.9A CN201910310731A CN110035083A CN 110035083 A CN110035083 A CN 110035083A CN 201910310731 A CN201910310731 A CN 201910310731A CN 110035083 A CN110035083 A CN 110035083A
- Authority
- CN
- China
- Prior art keywords
- user terminal
- session key
- key
- block chain
- encrypted
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/14—Session management
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Power Engineering (AREA)
- Telephonic Communication Services (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The embodiment of the present invention provides communication means, equipment and the computer readable storage medium of a kind of dialogue-based key.The embodiment of the present invention is requested by the first user terminal in block chain network broadcast query, the IP address of second user terminal is obtained according to the domain name block chain of second user terminal mark or inquiry of the domain name, and connection is established by the IP address of the second user terminal and the second user terminal, since the information of the block chain account book record in block chain network can not distort, the information truth recorded in the block chain account book is reliable, therefore, the IP address for the second user terminal that first user terminal is got from the block chain account book is true and reliable, in addition, the second session key that the first session key and/or the second user terminal that first user terminal is generated according to first user terminal generate is communicated with the second user terminal, it improves and communicates between the first user terminal and second user terminal Safety.
Description
Technical field
The present embodiments relate to field of communication technology more particularly to a kind of communication means of dialogue-based key, equipment
And computer readable storage medium.
Background technique
In internet, party A-subscriber and party B-subscriber want to establish secure attachment in the environment of distrust, main at present logical
Cross graceful key exchange (English: Diffie-Hellman key exchange the is abbreviated as D-H) Lai Shixian of diffie-hellman.It can
To allow both sides to create a key by insecure channels under conditions of any information of absolutely not other side.This key can
To carry out encryption communication content as symmetric key in subsequent communication.
The graceful key exchange of diffie-hellman itself is not provided with the authentication service of communication two party, therefore it is easy to
By man-in-the-middle attack.One go-between carries out diffie-hellman graceful key exchange twice in the center of channel, for example, it is primary and
Alice carries out diffie-hellman graceful key exchange, another time and the graceful key exchange of Bob diffie-hellman, which can be at
Function is pretended oneself to be Bob to Alice, and vice versa.In addition, attacker can also decrypt and (read and store) anyone
Information and encryption information again, be then passed to another person.Therefore, cause the safety communicated between user lower.
Summary of the invention
The embodiment of the present invention provides communication means, equipment and the computer readable storage medium of a kind of dialogue-based key,
To improve the safety communicated between the first user terminal and second user terminal.
In a first aspect, the embodiment of the present invention provides a kind of communication means of dialogue-based key, comprising:
First user terminal is requested in block chain network broadcast query, and the inquiry request includes the domain of second user terminal
Name block chain identifies or domain name, and the block chain account book stored in the accounting nodes includes the domain name area of the second user terminal
Block chain mark or domain name, the IP address of the second user terminal, the second user terminal are in the block chain network
The title for the application program that public key, the second user terminal are supported and the service port number of the application program;
First user terminal receives the second user terminal of the transmission of the accounting nodes in the block chain network
Public key in the block chain network of IP address, the second user terminal, answering of being supported of the second user terminal
With the title of program and the service port number of the application program;
First user terminal is supported according to IP address, the second user terminal of the second user terminal
The service port number of the title of application program and the application program establishes connection with the second user terminal;
The first session key and/or described second that first user terminal is generated according to first user terminal are used
The second session key that family terminal generates is communicated with the second user terminal.
Second aspect, the embodiment of the present invention provide a kind of first user terminal, comprising:
Memory;
Processor;
Communication interface;And
Computer program;
Wherein, the computer program stores in the memory, and is configured as being executed by the processor following
Operation:
It is requested by the communication interface in block chain network broadcast query, the inquiry request includes second user terminal
Domain name block chain mark or domain name, the block chain account book stored in the accounting nodes includes the domain of the second user terminal
Name block chain mark or domain name, the IP address of the second user terminal, the second user terminal are in the block chain network
In public key, the title of application program that the second user terminal is supported and the application program service port number;
The second user terminal of the transmission of the accounting nodes in the block chain network is received by the communication interface
Public key in the block chain network of IP address, the second user terminal, answering of being supported of the second user terminal
With the title of program and the service port number of the application program;
The title for the application program supported according to the IP address of the second user terminal, the second user terminal and
The service port number of the application program establishes connection with the second user terminal;
Second generated according to the first session key of first user terminal generation and/or the second user terminal
Session key is communicated with the second user terminal.
The third aspect, the embodiment of the present invention provide a kind of computer readable storage medium, are stored thereon with computer program,
The computer program is executed by processor to realize method described in first aspect.
Communication means, equipment and the computer readable storage medium of dialogue-based key provided in an embodiment of the present invention lead to
It crosses the first user terminal to request in block chain network broadcast query, according to the domain name block chain of second user terminal mark or domain name
Inquiry obtains the IP address of second user terminal, and is established by the IP address of the second user terminal and the second user terminal
Connection is recorded since the information of the block chain account book record in block chain network can not distort in the block chain account book
Information truth it is reliable, therefore, the IP address for the second user terminal that the first user terminal is got from the block chain account book
It is true and reliable, in addition, the first session key that the first user terminal is generated according to first user terminal and/or described
Second user terminal generate the second session key communicated with the second user terminal, improve the first user terminal with
The safety communicated between second user terminal.
Detailed description of the invention
Fig. 1 is a kind of schematic diagram of application scenarios provided in an embodiment of the present invention;
Fig. 2 is the communication means flow chart of dialogue-based key provided in an embodiment of the present invention;
Fig. 3 be another embodiment of the present invention provides dialogue-based key communication means flow chart;
Fig. 4 be another embodiment of the present invention provides dialogue-based key communication means flow chart;
Fig. 5 be another embodiment of the present invention provides dialogue-based key communication means flow chart;
Fig. 6 be another embodiment of the present invention provides dialogue-based key communication means flow chart;
Fig. 7 is the structural schematic diagram of the first user terminal provided in an embodiment of the present invention.
Through the above attached drawings, it has been shown that the specific embodiment of the disclosure will be hereinafter described in more detail.These attached drawings
It is not intended to limit the scope of this disclosure concept by any means with verbal description, but is by referring to specific embodiments
Those skilled in the art illustrate the concept of the disclosure.
Specific embodiment
Example embodiments are described in detail here, and the example is illustrated in the accompanying drawings.Following description is related to
When attached drawing, unless otherwise indicated, the same numbers in different drawings indicate the same or similar elements.Following exemplary embodiment
Described in embodiment do not represent all implementations consistent with this disclosure.On the contrary, they be only with it is such as appended
The example of the consistent device and method of some aspects be described in detail in claims, the disclosure.
The communication means of dialogue-based key provided in an embodiment of the present invention, can be adapted for communication system shown in FIG. 1.
As shown in Figure 1, the communication system includes: node 1- node 7.The communication system specifically can be block chain network, node 1- section
Point 7 is the node in the block chain network respectively.It only schematically illustrates herein, does not limit the structure of the block chain network,
The node of the block chain network is not limited yet.Wherein, node specifically can be the equipment such as terminal device, server.Optionally, should
Block chain network specifically can be domain name block chain network described in following example.In addition, only schematically illustrate herein,
The structure and the node number in the domain name block chain network for not limiting the domain name block chain network.
The communication means of dialogue-based key provided in an embodiment of the present invention, it is intended to which the technology as above for solving the prior art is asked
Topic.
How to be solved with technical solution of the specifically embodiment to technical solution of the present invention and the application below above-mentioned
Technical problem is described in detail.These specific embodiments can be combined with each other below, for the same or similar concept
Or process may repeat no more in certain embodiments.Below in conjunction with attached drawing, the embodiment of the present invention is described.
Fig. 2 is the communication means flow chart of dialogue-based key provided in an embodiment of the present invention.The embodiment of the present invention is directed to
The technical problem as above of the prior art provides the communication means of dialogue-based key, and specific step is as follows for this method:
Step 201, the first user terminal are requested in block chain network broadcast query, and the inquiry request includes second user
The domain name block chain of terminal identifies or domain name, and the block chain account book stored in the accounting nodes includes the second user terminal
Domain name block chain mark or domain name, the IP address of the second user terminal, the second user terminal in the block chain
The title for the application program that public key, the second user terminal in network are supported and the serve port of the application program
Number.
The first user terminal and second user terminal in the present embodiment specifically can be block chain network as shown in Figure 1
In node.First user terminal and second user terminal needs are registered in the block chain network, in registration process, first
User terminal and second user terminal need to carry out authentication, that is to say, that each user terminal is in the block chain network
There are unique public key and private key.Optionally, which is that some externally provides the application program of service
The service provider of (Application, APP), the first user terminal need to access second user terminal, that is to say, that first
User terminal is needed using service provided by second user terminal.First user terminal and second user terminal are pacified
Full communication.Firstly, the first user terminal can obtain the domain name block of second user terminal by the approach of non-domain name block chain
Chain mark or domain name.First user terminal is identified according to the domain name block chain of second user terminal or domain name is in the block chain network
Middle broadcast query request, the inquiry request include the domain name block chain mark or domain name of second user terminal.Specifically, first uses
Family terminal is broadcast in the block chain network again after being signed using the private key of oneself to the inquiry request.The block chain network
In accounting nodes can receive the inquiry request.The accounting nodes are stored with block chain account book, can in the block chain account book
Record has the information such as domain name block chain mark or domain name, IP address, the public key of each node in the block chain network.It is herein
It schematically illustrates, does not limit the specifying information recorded in the block chain account book.In other embodiments, in the block chain account book
The Transaction Information between each node can also be recorded.
Specifically, record has the domain name block chain mark or domain name, institute of the second user terminal in the block chain account book
State public key in the block chain network of the IP address, the second user terminal of second user terminal, the second user
The service port number of the title for the application program that terminal is supported and the application program.When the accounting nodes receive this first
When the inquiry request that user terminal is broadcasted in block chain network, the accounting nodes are to first user terminal in the inquiry request
Private key signature verified.If the verification passes, then the accounting nodes according to the domain name block chain mark of the second user terminal
Knowledge or domain name, inquire the block chain account book of oneself storage inside, and the second user end is obtained from the block chain account book
Public key in the block chain network of the IP address at end, the second user terminal, the second user terminal are supported
The service port number of the title of application program and the application program.Further, the accounting nodes are by the second user terminal
Public key in the block chain network of IP address, the second user terminal, answering of being supported of the second user terminal
The first user terminal is sent to the service port number of the title of program and the application program.Specifically, the accounting nodes can
To the first user terminal sends the IP address of the second user terminal, the second user terminal exists in a manner of using broadcast
The title of the application program that public key, the second user terminal in the block chain network are supported and the application program
Service port number.
Step 202, first user terminal receive described the second of the transmission of the accounting nodes in the block chain network
Public key in the block chain network of the IP address of user terminal, the second user terminal, the second user terminal institute
The service port number of the title of the application program of support and the application program.
Optionally, if the service port number for the application program that second user terminal is supported is changed, this
Two user terminals needs broadcast updated service port number in the block chain network in time, so as in the block chain network
Accounting nodes updated service port number can be recorded in block chain account book.
IP address, the second user terminal of step 203, first user terminal according to the second user terminal
The service port number of the title for the application program supported and the application program establishes connection with the second user terminal.
Optionally, the mountable application program for thering is second user terminal to be supported of first user terminal.When this applies journey
When sequence generates the access request of access second user terminal in first user terminal, which visits according to initiation
The IP address of the title for the application program asked port numbers corresponding with the application program and the second user terminal, to this
Second user terminal sends connection request, which specifically can be transmission control protocol (Transmission
Control Protocol, TCP) connection request.It include the domain name block chain mark of the first user terminal in TCP connection request
Know.After second network equipment receives TCP connection request, which determines the domain name block of the first user terminal
Chain identifies whether in the white list of second network equipment.If the domain name block chain mark of first user terminal this
In the white list of two network equipments, then second network equipment is determining establishes TCP connection with first user terminal.
The first session key and/or institute that step 204, first user terminal are generated according to first user terminal
The second session key for stating the generation of second user terminal is communicated with the second user terminal.
After the first user terminal and second network equipment establish TCP connection, the first user terminal can be generated first
Session key, and/or, second user terminal generates the second session key.
If the first user terminal generates the first session key, second user terminal does not generate the second session key, then
First user terminal and second user terminal can carry out coded communication according to first session key.
If the first user terminal does not generate the first session key, second user terminal generates the second session key, then
First user terminal and second user terminal can carry out coded communication according to second session key.
If the first user terminal generates the first session key, second user terminal generates the second session key, then first
User terminal and second user terminal can generate third session key according to the first session key and the second session key respectively, the
One user terminal and second user terminal can carry out coded communication according to the third session key.
The embodiment of the present invention is requested by the first user terminal in block chain network broadcast query, according to second user terminal
Domain name block chain mark or inquiry of the domain name obtain the IP address of second user terminal, and by the IP of the second user terminal
Location and the second user terminal establish connection, since the information of the block chain account book record in block chain network is can not to distort
, i.e., the information truth recorded in the block chain account book is reliable, and therefore, the first user terminal is got from the block chain account book
The IP address of second user terminal be true and reliable, in addition, the first user terminal is generated according to first user terminal
The first session key and/or the second user terminal generate the second session key led to the second user terminal
Letter, improves the safety communicated between the first user terminal and second user terminal.
Fig. 3 be another embodiment of the present invention provides dialogue-based key communication means flow chart.In above-described embodiment
On the basis of, the first session key and/or described second that first user terminal is generated according to first user terminal
The second session key that user terminal generates communicate specifically comprising the following steps: with the second user terminal
Step 301, first user terminal generate the first session key.
As shown in figure 4, the first user terminal sends inquiry request to accounting nodes, accounting nodes are returned to the first user terminal
The relevant information for returning second user terminal, for example, the IP address of the second user terminal, the second user terminal are described
The service of the title and the application program of the application program that public key, the second user terminal in block chain network are supported
Port numbers.First user terminal sends TCP connection to the second user terminal according to the relevant information of the second user terminal and builds
Vertical request, further, the second user terminal establish request according to the TCP connection and establish TCP connection with first user terminal.
In the present embodiment, first user terminal and the second user terminal are established after TCP connection, which can be with
Machine generates a session key, and herein, the session key which is generated is the first session key Ks.
The public key of step 302, first user terminal according to the second user terminal in the block chain network
First session key is encrypted.
First user terminal is close to first session according to public key of the second user terminal in the block chain network
Key Ks is encrypted.Specifically, public key of first user terminal according to the second user terminal in the block chain network, and
The first algorithm made an appointment using the first user terminal and second user terminal encrypts first session key Ks.
Encrypted first session key is sent to the second user by step 303, first user terminal
Terminal, so that the second user terminal is added using private key of the second user terminal in the block chain network to described
First session key after close is decrypted, and obtains first session key.
Encrypted first session key Ks is sent to second user terminal by the first user terminal.Second user terminal connects
After receiving the encrypted first session key Ks, according to private key of the second user terminal in the block chain network, and
The first algorithm made an appointment using the first user terminal and second user terminal is to the encrypted first session key Ks
It is decrypted, obtains the first session key Ks.
Step 304, first user terminal are led to according to first session key and the second user terminal
Letter.
After second user terminal deciphering obtains the first session key Ks, the first user terminal and second user terminal it
Between communication i.e. can be used the first session key Ks carry out coded communication.
In addition, being communicated according to first session key with the second user terminal in first user terminal
During, either side in first user terminal and the second user terminal can to first session key into
Row modification.
A kind of possible situation is: in first user terminal according to first session key and the second user
During terminal is communicated, it is close that first user terminal receives the first session after the second user terminal modifications
Key;First user terminal is communicated according to modified first session key with the second user terminal.
For example, the second user terminal is modified first session key, herein by modified first meeting
Words key is denoted as Ks ', and the second user terminal encrypts the Ks ' using the public key of first user terminal, and will
The encrypted Ks ' be attached to in the message of first user terminal communication.First user terminal receives the report
Wen Hou parses encrypted Ks ' from the message, and using the private key of first user terminal to the encrypted Ks '
Be decrypted, obtain Ks ', in subsequent communication process, the first user terminal according to modified first session key Ks ' with
The second user terminal is communicated.
Alternatively possible situation is: being used in first user terminal according to first session key and described second
During family terminal is communicated, first user terminal modifies first session key;First user terminal
Modified first session key is sent to the second user terminal, so that after the second user terminal is according to modification
First session key communicated with first user terminal.
For example, first user terminal is modified first session key, herein by modified first meeting
Words key is denoted as Ks ', and first user terminal encrypts the Ks ' using the public key of the second user terminal, and will
The encrypted Ks ' is attached in the message communicated with the second user terminal.The second user terminal receives the report
Wen Hou parses encrypted Ks ' from the message, and using the private key of the second user terminal to the encrypted Ks '
It is decrypted, obtains Ks ', in subsequent communication process, the second user terminal is according to modified first session key
Ks ' is communicated with first user terminal.
The embodiment of the present invention generates the first session key by the first user terminal, and passes through the public key of second user terminal
First session key is encrypted, encrypted first session key is further sent to second user terminal, is improved
The transmission security of first session key.
Fig. 5 be another embodiment of the present invention provides dialogue-based key communication means flow chart.In above-described embodiment
On the basis of, the first session key and/or described second that first user terminal is generated according to first user terminal
The second session key that user terminal generates communicate specifically comprising the following steps: with the second user terminal
It is close that step 501, first user terminal receive encrypted second session that the second user terminal is sent
Key, second session key are that the second user terminal generates, and encrypted second session key is described the
Two user terminals carry out second session key using public key of first user terminal in the block chain network
It is obtained after encryption.
In the present embodiment, first user terminal and the second user terminal are established after TCP connection, and second user is whole
End generates a session key at random, and herein, the session key which is generated is the second session key.It should
Second user terminal adds second session key according to public key of first user terminal in the block chain network
It is close, and encrypted second session key is sent to the first user terminal.
Step 502, first user terminal use private key of first user terminal in the block chain network,
Encrypted second session key is decrypted, second session key is obtained.
After first user terminal receives encrypted second session key, according to first user terminal in the area
Private key in block chain network is decrypted encrypted second session key, obtains the second session key.
Step 503, first user terminal are led to according to second session key and the second user terminal
Letter.
After the first user terminal is decrypted and obtains the second session key, between the first user terminal and second user terminal
Communication i.e. can be used second session key carry out coded communication.
In addition, being communicated according to second session key with the second user terminal in first user terminal
During, either side in first user terminal and the second user terminal can to second session key into
Row modification.
A kind of possible situation is: in first user terminal according to second session key and the second user
During terminal is communicated, it is close that first user terminal receives the second session after the second user terminal modifications
Key;First user terminal is communicated according to modified second session key with the second user terminal.
For example, the second user terminal is modified second session key, herein by modified second meeting
Words key is denoted as Kt ', and the second user terminal encrypts the Kt ' using the public key of first user terminal, and will
The encrypted Kt ' be attached to in the message of first user terminal communication.First user terminal receives the report
Wen Hou parses encrypted Kt ' from the message, and using the private key of first user terminal to the encrypted Kt '
Be decrypted, obtain Kt ', in subsequent communication process, the first user terminal according to modified second session key Kt ' with
The second user terminal is communicated.
Alternatively possible situation is: being used in first user terminal according to second session key and described second
During family terminal is communicated, first user terminal modifies second session key;First user terminal
Modified second session key is sent to the second user terminal, so that after the second user terminal is according to modification
Second session key communicated with first user terminal.
For example, first user terminal is modified second session key, herein by modified second meeting
Words key is denoted as Kt ', and first user terminal encrypts the Kt ' using the public key of the second user terminal, and will
The encrypted Kt ' is attached in the message communicated with the second user terminal.The second user terminal receives the report
Wen Hou parses encrypted Kt ' from the message, and using the private key of the second user terminal to the encrypted Kt '
It is decrypted, obtains Kt ', in subsequent communication process, the second user terminal is according to modified second session key
Kt ' is communicated with first user terminal.
The embodiment of the present invention generates the second session key by second user terminal, and passes through the public key of the first user terminal
Second session key is encrypted, encrypted second session key is further sent to the first user terminal, is improved
The transmission security of second session key.
Fig. 6 be another embodiment of the present invention provides dialogue-based key communication means flow chart.In above-described embodiment
On the basis of, the first session key and/or described second that first user terminal is generated according to first user terminal
The second session key that user terminal generates communicate specifically comprising the following steps: with the second user terminal
Step 601, first user terminal generate the first session key.
In the present embodiment, first user terminal and the second user terminal are established after TCP connection, and the first user is whole
End generates the first session key, in addition, the second user terminal generates the second session key.
The public key of step 602, first user terminal according to the second user terminal in the block chain network
First session key is encrypted.
First user terminal is close to first session according to public key of the second user terminal in the block chain network
Key is encrypted.
Encrypted first session key is sent to the second user by step 603, first user terminal
Terminal, so that the second user terminal is added using private key of the second user terminal in the block chain network to described
First session key after close is decrypted, and obtains first session key, and according to first session key and
The second session key that the second user terminal generates, determines third session key.
Encrypted first session key is sent to second user terminal by the first user terminal.Second user terminal receives
To after encrypted first session key, according to private key of the second user terminal in the block chain network, to this plus
The first session key after close is decrypted, and obtains the first session key.In addition, first user terminal and the second user are whole
End establish after TCP connection, the second user terminal generation have the second session key, further, the second user terminal according to
Its second session key decrypting the first obtained session key and oneself generating, it is whole using the first user terminal and second user
The second algorithm made an appointment is held, third session key is generated.
It is close that step 604, first user terminal receive encrypted second session that the second user terminal is sent
Key, second session key are that the second user terminal generates, and encrypted second session key is described the
Two user terminals carry out second session key using public key of first user terminal in the block chain network
It is obtained after encryption.
In addition, after the second user terminal generates the second session key, the second user terminal can also according to this
Public key of one user terminal in the block chain network encrypts second session key, and by encrypted second meeting
Words key is sent to the first user terminal.
Step 605, first user terminal use private key of first user terminal in the block chain network,
Encrypted second session key is decrypted, second session key is obtained.
After first user terminal receives encrypted second session key, according to first user terminal in the area
Private key in block chain network is decrypted encrypted second session key, obtains the second session key.
Step 606, first user terminal generate the according to first session key and second session key
Three session keys.
What the first session key and the first user terminal that the first user terminal is further generated according to oneself were decrypted
Second session key, the second algorithm made an appointment using the first user terminal and second user terminal generate third session
Key.
Step 607, first user terminal are led to according to the third session key and the second user terminal
Letter.
In subsequent communication process, the progress of third session key is can be used in the first user terminal and second user terminal
Coded communication.
Optionally, led in first user terminal according to the third session key and the second user terminal
During letter, it is possible to modify first session key either in the first user terminal and second user terminal, first
It is also possible to modify second session key either in user terminal and second user terminal.The first session after modification
The transmission process of the second session key after key and/or modification is consistent with above-described embodiment, and details are not described herein again.
If having modified the first session key either in the first user terminal and second user terminal, the first user
Terminal and second user terminal can respectively generate new according to modified first session key and the second original session key
Third session key, and in subsequent communication process, the first user terminal and second user terminal are close using the third session
Key carries out coded communication.
If having modified the second session key either in the first user terminal and second user terminal, the first user
Terminal and second user terminal can respectively generate new according to modified second session key and the first original session key
Third session key, and in subsequent communication process, the first user terminal and second user terminal are close using the third session
Key carries out coded communication.
If having modified the first session key either in the first user terminal and second user terminal, and if
The second session key is had modified either in one user terminal and second user terminal, then the first user terminal and second user
Terminal respectively can generate new third session key according to modified first session key and modified second session key,
And in subsequent communication process, the first user terminal and second user terminal carry out encryption using the third session key and lead to
Letter.
The present embodiment generates the first session key by the first user terminal and second user terminal generates the second session
Key, the first user terminal encrypt the first session key using the public key of second user terminal, and by encrypted the
One session key is sent to second user terminal, and second user terminal is using the public key of the first user terminal to the second session key
It is encrypted, and encrypted second session key is sent to the first user terminal, so that the first user terminal and second is used
Family terminal can generate third session key according to the first session key and the second session key, further improve the first use
The safety communicated between family terminal and second user terminal.
Fig. 7 is the structural schematic diagram of the first user terminal provided in an embodiment of the present invention.Provided in an embodiment of the present invention
One user terminal can execute the process flow that the communication means embodiment of dialogue-based key provides, as shown in fig. 7, first uses
Family terminal 70 includes: memory 71, processor 72, computer program and communication interface 73;Wherein, computer program is stored in
It in reservoir 71, and is configured as executing following operation by processor 72: be looked by the communication interface in the broadcast of block chain network
Request is ask, the inquiry request includes the domain name block chain mark or domain name of second user terminal, is stored in the accounting nodes
Block chain account book include the domain name block chain mark of the second user terminal or the IP of domain name, the second user terminal
The application program that public key in the block chain network of location, the second user terminal, the second user terminal are supported
Title and the application program service port number;The book keeping operation section in the block chain network is received by the communication interface
The public key in the block chain network of IP address, the second user terminal for the second user terminal that point is sent, institute
State the title for the application program that second user terminal is supported and the service port number of the application program;It is used according to described second
The title for the application program that the IP address of family terminal, the second user terminal are supported and the serve port of the application program
Number, connection is established with the second user terminal;The first session key and/or described generated according to first user terminal
The second session key that second user terminal generates is communicated with the second user terminal.
Optionally, the first session key and/or described second that the processor is generated according to first user terminal
When the second session key that user terminal generates is communicated with the second user terminal, it is specifically used for: generates the first session
Key;First session key is encrypted according to public key of the second user terminal in the block chain network;
Encrypted first session key is sent to the second user terminal by the communication interface, so that described second
User terminal is using private key of the second user terminal in the block chain network to encrypted first meeting
Words key is decrypted, and obtains first session key;Communication.
Optionally, the processor is also used to: first user terminal according to first session key with it is described
During second user terminal is communicated, after the second user terminal modifications are received by the communication interface first
Session key;It is communicated according to modified first session key with the second user terminal;Or it is used described first
During family terminal is communicated according to first session key with the second user terminal, first session is modified
Key;Modified first session key is sent to the second user terminal by the communication interface, so that described
Second user terminal is communicated according to modified first session key with first user terminal.
Optionally, the first session key and/or described second that the processor is generated according to first user terminal
When the second session key that user terminal generates is communicated with the second user terminal, it is specifically used for: by the communication
Encrypted second session key that second user terminal described in interface is sent, second session key is described second
What user terminal generated, encrypted second session key is the second user terminal using first user terminal
It is obtained after the public key in the block chain network encrypts second session key;It is whole using first user
The private key in the block chain network is held, encrypted second session key is decrypted, second meeting is obtained
Talk about key;It is communicated according to second session key with the second user terminal.
Optionally, the processor is also used to: first user terminal according to second session key with it is described
During second user terminal is communicated, after the second user terminal modifications are received by the communication interface second
Session key;It is communicated according to modified second session key with the second user terminal;Or it is used described first
During family terminal is communicated according to second session key with the second user terminal, second session is modified
Key;Modified second session key is sent to the second user terminal by the communication interface, so that described
Second user terminal is communicated according to modified second session key with first user terminal.
Optionally, the first session key and/or described second that the processor is generated according to first user terminal
When the second session key that user terminal generates is communicated with the second user terminal, it is specifically used for: generates the first session
Key;First session key is encrypted according to public key of the second user terminal in the block chain network;
Encrypted first session key is sent to the second user terminal by the communication interface, so that described second
User terminal is using private key of the second user terminal in the block chain network to encrypted first meeting
Words key is decrypted, and obtains first session key, and according to first session key and the second user terminal
The second session key generated, determines third session key;The second user terminal is received by the communication interface to send
Encrypted second session key, second session key is that the second user terminal generates, described encrypted
Second session key is the second user terminal using public key pair of first user terminal in the block chain network
What second session key obtained after being encrypted;Using private of first user terminal in the block chain network
Key is decrypted encrypted second session key, obtains second session key;It is close according to first session
Key and second session key generate third session key;According to the third session key and the second user terminal
It is communicated.
First user terminal of embodiment illustrated in fig. 7 can be used for executing the technical solution of above method embodiment, realize
Principle is similar with technical effect, and details are not described herein again.
In addition, the embodiment of the present invention also provides a kind of computer readable storage medium, it is stored thereon with computer program, institute
It states computer program and is executed by processor communication means to realize dialogue-based key described in above-described embodiment.
In several embodiments provided by the present invention, it should be understood that disclosed device and method can pass through it
Its mode is realized.For example, the apparatus embodiments described above are merely exemplary, for example, the division of the unit, only
Only a kind of logical function partition, there may be another division manner in actual implementation, such as multiple units or components can be tied
Another system is closed or is desirably integrated into, or some features can be ignored or not executed.Another point, it is shown or discussed
Mutual coupling, direct-coupling or communication connection can be through some interfaces, the INDIRECT COUPLING or logical of device or unit
Letter connection can be electrical property, mechanical or other forms.
The unit as illustrated by the separation member may or may not be physically separated, aobvious as unit
The component shown may or may not be physical unit, it can and it is in one place, or may be distributed over multiple
In network unit.It can select some or all of unit therein according to the actual needs to realize the mesh of this embodiment scheme
's.
It, can also be in addition, the functional units in various embodiments of the present invention may be integrated into one processing unit
It is that each unit physically exists alone, can also be integrated in one unit with two or more units.Above-mentioned integrated list
Member both can take the form of hardware realization, can also realize in the form of hardware adds SFU software functional unit.
The above-mentioned integrated unit being realized in the form of SFU software functional unit can store and computer-readable deposit at one
In storage media.Above-mentioned SFU software functional unit is stored in a storage medium, including some instructions are used so that a computer
It is each that equipment (can be personal computer, server or the network equipment etc.) or processor (processor) execute the present invention
The part steps of embodiment the method.And storage medium above-mentioned includes: USB flash disk, mobile hard disk, read-only memory (Read-
Only Memory, ROM), random access memory (Random Access Memory, RAM), magnetic or disk etc. it is various
It can store the medium of program code.
Those skilled in the art can be understood that, for convenience and simplicity of description, only with above-mentioned each functional module
Division progress for example, in practical application, can according to need and above-mentioned function distribution is complete by different functional modules
At the internal structure of device being divided into different functional modules, to complete all or part of the functions described above.On
The specific work process for stating the device of description, can refer to corresponding processes in the foregoing method embodiment, and details are not described herein.
Finally, it should be noted that the above embodiments are only used to illustrate the technical solution of the present invention., rather than its limitations;To the greatest extent
Pipe present invention has been described in detail with reference to the aforementioned embodiments, those skilled in the art should understand that: its according to
So be possible to modify the technical solutions described in the foregoing embodiments, or to some or all of the technical features into
Row equivalent replacement;And these are modified or replaceed, various embodiments of the present invention technology that it does not separate the essence of the corresponding technical solution
The range of scheme.
Claims (13)
1. a kind of communication means of dialogue-based key characterized by comprising
First user terminal is requested in block chain network broadcast query, and the inquiry request includes the domain name area of second user terminal
Block chain identifies or domain name, and the block chain account book stored in the accounting nodes includes the domain name block chain of the second user terminal
Public key in the block chain network of mark or domain name, the IP address, the second user terminal of the second user terminal,
The title for the application program that the second user terminal is supported and the service port number of the application program;
First user terminal receives the IP of the second user terminal of the transmission of the accounting nodes in the block chain network
The application journey that public key in the block chain network of address, the second user terminal, the second user terminal are supported
The service port number of the title of sequence and the application program;
The application that first user terminal is supported according to IP address, the second user terminal of the second user terminal
The service port number of the title of program and the application program establishes connection with the second user terminal;
The first session key and/or the second user that first user terminal is generated according to first user terminal are whole
The second session key that end generates is communicated with the second user terminal.
2. the method according to claim 1, wherein first user terminal is according to first user terminal
Generate the first session key and/or the second user terminal generate the second session key and the second user terminal into
Row communication, comprising:
First user terminal generates the first session key;
First user terminal is according to public key of the second user terminal in the block chain network to first meeting
Words key is encrypted;
Encrypted first session key is sent to the second user terminal by first user terminal, so that described
Second user terminal is using private key of the second user terminal in the block chain network to described encrypted described the
One session key is decrypted, and obtains first session key;
First user terminal is communicated according to first session key with the second user terminal.
3. according to the method described in claim 2, it is characterized in that, the method also includes:
During first user terminal is communicated according to first session key with the second user terminal,
First user terminal receives the first session key after the second user terminal modifications;
First user terminal is communicated according to modified first session key with the second user terminal;
Or
During first user terminal is communicated according to first session key with the second user terminal,
First user terminal modifies first session key;
First user terminal sends modified first session key to the second user terminal, so that described the
Two user terminals are communicated according to modified first session key with first user terminal.
4. the method according to claim 1, wherein first user terminal is according to first user terminal
Generate the first session key and/or the second user terminal generate the second session key and the second user terminal into
Row communication, comprising:
First user terminal receives encrypted second session key that the second user terminal is sent, second meeting
Words key is that the second user terminal generates, and encrypted second session key is that the second user terminal uses
What first user terminal obtained after the public key in the block chain network encrypts second session key;
First user terminal uses private key of first user terminal in the block chain network, after the encryption
The second session key be decrypted, obtain second session key;
First user terminal is communicated according to second session key with the second user terminal.
5. according to the method described in claim 4, it is characterized in that, the method also includes:
During first user terminal is communicated according to second session key with the second user terminal,
First user terminal receives the second session key after the second user terminal modifications;
First user terminal is communicated according to modified second session key with the second user terminal;
Or
During first user terminal is communicated according to second session key with the second user terminal,
First user terminal modifies second session key;
First user terminal sends modified second session key to the second user terminal, so that described the
Two user terminals are communicated according to modified second session key with first user terminal.
6. the method according to claim 1, wherein first user terminal is according to first user terminal
Generate the first session key and/or the second user terminal generate the second session key and the second user terminal into
Row communication, comprising:
First user terminal generates the first session key;
First user terminal is according to public key of the second user terminal in the block chain network to first meeting
Words key is encrypted;
Encrypted first session key is sent to the second user terminal by first user terminal, so that described
Second user terminal is using private key of the second user terminal in the block chain network to described encrypted described the
One session key is decrypted, and obtains first session key, and according to first session key and the second user
The second session key that terminal generates, determines third session key;
First user terminal receives encrypted second session key that the second user terminal is sent, second meeting
Words key is that the second user terminal generates, and encrypted second session key is that the second user terminal uses
What first user terminal obtained after the public key in the block chain network encrypts second session key;
First user terminal uses private key of first user terminal in the block chain network, after the encryption
The second session key be decrypted, obtain second session key;
First user terminal generates third session key according to first session key and second session key;
First user terminal is communicated according to the third session key with the second user terminal.
7. a kind of first user terminal characterized by comprising
Memory;
Processor;
Communication interface;And
Computer program;
Wherein, the computer program stores in the memory, and is configured as executing following operation by the processor:
It is requested by the communication interface in block chain network broadcast query, the inquiry request includes the domain of second user terminal
Name block chain identifies or domain name, and the block chain account book stored in the accounting nodes includes the domain name area of the second user terminal
Block chain mark or domain name, the IP address of the second user terminal, the second user terminal are in the block chain network
The title for the application program that public key, the second user terminal are supported and the service port number of the application program;
The IP of the second user terminal of the transmission of the accounting nodes in the block chain network is received by the communication interface
The application journey that public key in the block chain network of address, the second user terminal, the second user terminal are supported
The service port number of the title of sequence and the application program;
The title for the application program supported according to the IP address of the second user terminal, the second user terminal and described
The service port number of application program establishes connection with the second user terminal;
The second session that the first session key generated according to first user terminal and/or the second user terminal generate
Key is communicated with the second user terminal.
8. the first user terminal according to claim 7, which is characterized in that the processor is whole according to first user
The second session key for holding the first session key generated and/or the second user terminal to generate and the second user terminal
When being communicated, it is specifically used for:
Generate the first session key;
First session key is encrypted according to public key of the second user terminal in the block chain network;
Encrypted first session key is sent to the second user terminal by the communication interface, so that described
Second user terminal is using private key of the second user terminal in the block chain network to described encrypted described the
One session key is decrypted, and obtains first session key;
It is communicated according to first session key with the second user terminal.
9. the first user terminal according to claim 8, which is characterized in that the processor is also used to:
During first user terminal is communicated according to first session key with the second user terminal,
The first session key after receiving the second user terminal modifications by the communication interface;
It is communicated according to modified first session key with the second user terminal;
Or
During first user terminal is communicated according to first session key with the second user terminal,
Modify first session key;
Modified first session key is sent to the second user terminal by the communication interface, so that described the
Two user terminals are communicated according to modified first session key with first user terminal.
10. the first user terminal according to claim 7, which is characterized in that the processor is according to first user
The second session key and the second user that the first session key and/or the second user terminal that terminal generates generate are whole
When end is communicated, it is specifically used for:
Encrypted second session key that the second user terminal is sent, second meeting are received by the communication interface
Words key is that the second user terminal generates, and encrypted second session key is that the second user terminal uses
What first user terminal obtained after the public key in the block chain network encrypts second session key;
Using private key of first user terminal in the block chain network, to encrypted second session key into
Row decryption, obtains second session key;
It is communicated according to second session key with the second user terminal.
11. the first user terminal according to claim 10, which is characterized in that the processor is also used to:
During first user terminal is communicated according to second session key with the second user terminal,
The second session key after receiving the second user terminal modifications by the communication interface;
It is communicated according to modified second session key with the second user terminal;
Or
During first user terminal is communicated according to second session key with the second user terminal,
Modify second session key;
Modified second session key is sent to the second user terminal by the communication interface, so that described the
Two user terminals are communicated according to modified second session key with first user terminal.
12. the first user terminal according to claim 7, which is characterized in that the processor is according to first user
The second session key and the second user that the first session key and/or the second user terminal that terminal generates generate are whole
When end is communicated, it is specifically used for:
Generate the first session key;
First session key is encrypted according to public key of the second user terminal in the block chain network;
Encrypted first session key is sent to the second user terminal by the communication interface, so that described
Second user terminal is using private key of the second user terminal in the block chain network to described encrypted described the
One session key is decrypted, and obtains first session key, and according to first session key and the second user
The second session key that terminal generates, determines third session key;
Encrypted second session key that the second user terminal is sent, second meeting are received by the communication interface
Words key is that the second user terminal generates, and encrypted second session key is that the second user terminal uses
What first user terminal obtained after the public key in the block chain network encrypts second session key;
Using private key of first user terminal in the block chain network, to encrypted second session key into
Row decryption, obtains second session key;
According to first session key and second session key, third session key is generated;
It is communicated according to the third session key with the second user terminal.
13. a kind of computer readable storage medium, is stored thereon with computer program, which is characterized in that the computer program
As the method according to claim 1 to 6 is realized when being executed by processor.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910310731.9A CN110035083A (en) | 2019-04-17 | 2019-04-17 | Communication means, equipment and the computer readable storage medium of dialogue-based key |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910310731.9A CN110035083A (en) | 2019-04-17 | 2019-04-17 | Communication means, equipment and the computer readable storage medium of dialogue-based key |
Publications (1)
Publication Number | Publication Date |
---|---|
CN110035083A true CN110035083A (en) | 2019-07-19 |
Family
ID=67238788
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201910310731.9A Pending CN110035083A (en) | 2019-04-17 | 2019-04-17 | Communication means, equipment and the computer readable storage medium of dialogue-based key |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN110035083A (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112487375A (en) * | 2020-12-10 | 2021-03-12 | 链博(成都)科技有限公司 | Identity authentication method, system and equipment based on block chain |
CN112689016A (en) * | 2020-12-25 | 2021-04-20 | 杭州复杂美科技有限公司 | Intelligent device control method, device and storage medium |
CN114697000A (en) * | 2020-12-28 | 2022-07-01 | 深圳Tcl新技术有限公司 | Network distribution method, device, terminal and computer readable storage medium |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105337969A (en) * | 2015-10-19 | 2016-02-17 | 朱建龙 | Safety communication method between two mobile terminals |
CN107613041A (en) * | 2017-09-22 | 2018-01-19 | 中国互联网络信息中心 | DNS management system, domain name management method and domain name analytic method based on block chain |
CN108366137A (en) * | 2018-05-28 | 2018-08-03 | 北京奇虎科技有限公司 | The method and root DNS that domain name is handled based on block chain |
US10177909B1 (en) * | 2017-09-26 | 2019-01-08 | Cloudflare, Inc. | Managing private key access in multiple nodes |
-
2019
- 2019-04-17 CN CN201910310731.9A patent/CN110035083A/en active Pending
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105337969A (en) * | 2015-10-19 | 2016-02-17 | 朱建龙 | Safety communication method between two mobile terminals |
CN107613041A (en) * | 2017-09-22 | 2018-01-19 | 中国互联网络信息中心 | DNS management system, domain name management method and domain name analytic method based on block chain |
US10177909B1 (en) * | 2017-09-26 | 2019-01-08 | Cloudflare, Inc. | Managing private key access in multiple nodes |
CN108366137A (en) * | 2018-05-28 | 2018-08-03 | 北京奇虎科技有限公司 | The method and root DNS that domain name is handled based on block chain |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112487375A (en) * | 2020-12-10 | 2021-03-12 | 链博(成都)科技有限公司 | Identity authentication method, system and equipment based on block chain |
CN112689016A (en) * | 2020-12-25 | 2021-04-20 | 杭州复杂美科技有限公司 | Intelligent device control method, device and storage medium |
CN112689016B (en) * | 2020-12-25 | 2022-06-28 | 杭州复杂美科技有限公司 | Intelligent device control method, device and storage medium |
CN114697000A (en) * | 2020-12-28 | 2022-07-01 | 深圳Tcl新技术有限公司 | Network distribution method, device, terminal and computer readable storage medium |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN100592731C (en) | Lawful interception of end-to-end encrypted data traffic | |
JP5496907B2 (en) | Key management for secure communication | |
US9065642B2 (en) | Intercepting key sessions | |
JP4981072B2 (en) | Method and system for decryptable and searchable encryption | |
US8200959B2 (en) | Verifying cryptographic identity during media session initialization | |
JP2020080530A (en) | Data processing method, device, terminal, and access point computer | |
CN102160357B (en) | Key management in communication network | |
EP3364595A1 (en) | Key configuration method and key management center, and network element | |
EP2767029B1 (en) | Secure communication | |
CN103534975A (en) | Discovery of security associations for key management relying on public keys | |
CN107094156B (en) | Secure communication method and system based on P2P mode | |
CN112425136A (en) | Internet of things security using multi-party computing (MPC) | |
CN103986723B (en) | A kind of secret communication control, secret communication method and device | |
CN107196919B (en) | Data matching method and device | |
WO2010124482A1 (en) | Method and system for implementing secure forking calling session in ip multi-media subsystem | |
CN110035083A (en) | Communication means, equipment and the computer readable storage medium of dialogue-based key | |
CN107196918B (en) | Data matching method and device | |
CN103997405B (en) | A kind of key generation method and device | |
CN102281303A (en) | Data exchange method | |
CN110138558A (en) | Transmission method, equipment and the computer readable storage medium of session key | |
CN101273571B (en) | Implementing method for field-crossing multi-network packet network cryptographic key negotiation safety strategy | |
Du et al. | {UCBlocker}: Unwanted call blocking using anonymous authentication | |
CN110048842A (en) | Session key processing method, equipment and computer readable storage medium | |
CN107395552A (en) | A kind of data transmission method and device | |
CN110176994A (en) | Session cipher key distributing method, equipment and storage medium based on alliance's block chain |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
WD01 | Invention patent application deemed withdrawn after publication | ||
WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20190719 |