CN112512038B - Method and device for generating session key, electronic equipment and readable storage medium - Google Patents

Method and device for generating session key, electronic equipment and readable storage medium Download PDF

Info

Publication number
CN112512038B
CN112512038B CN202011304032.2A CN202011304032A CN112512038B CN 112512038 B CN112512038 B CN 112512038B CN 202011304032 A CN202011304032 A CN 202011304032A CN 112512038 B CN112512038 B CN 112512038B
Authority
CN
China
Prior art keywords
key
session key
session
equipment
server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202011304032.2A
Other languages
Chinese (zh)
Other versions
CN112512038A (en
Inventor
何伟明
刘丽娟
廖敏飞
成楚天
赖敷君
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Construction Bank Corp
Original Assignee
China Construction Bank Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Construction Bank Corp filed Critical China Construction Bank Corp
Priority to CN202011304032.2A priority Critical patent/CN112512038B/en
Publication of CN112512038A publication Critical patent/CN112512038A/en
Application granted granted Critical
Publication of CN112512038B publication Critical patent/CN112512038B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Mobile Radio Communication Systems (AREA)
  • Telephonic Communication Services (AREA)
  • Computer And Data Communications (AREA)

Abstract

The embodiment of the application provides a method and a device for generating a session key, electronic equipment and a readable storage medium. The method comprises the following steps: when a session is established with a terminal device, receiving a session key application request sent by the terminal device; and generating a session key based on the random information carried in the session key application request and the device key, and returning the session key to the terminal device. Based on the scheme, the session key can be automatically generated based on the device key and the random data, the existing key agreement mode can be replaced, multiple key agreement processes which are required to be carried out when a plurality of keys are generated are omitted, the processing efficiency is improved, and the waste of operation resources is reduced.

Description

Method and device for generating session key, electronic equipment and readable storage medium
Technical Field
The present application relates to the field of computer technologies, and in particular, to a method and an apparatus for generating a session key, an electronic device, and a readable storage medium.
Background
In the communication scenario of current mobile applications, in order to protect sensitive information, necessary encryption protection needs to be performed on the sensitive information in transmission. A plurality of mobile applications need to communicate with a plurality of service backend, and in order to ensure communication security, key agreement is generally needed, and the negotiated key is used for data protection. However, when the number of communication back-end channels involved in the application is large, multiple key negotiations are required, which is inefficient and high in server load.
Disclosure of Invention
The object of the present application is to solve at least one of the technical drawbacks mentioned above. The technical scheme adopted by the application is as follows:
in a first aspect, an embodiment of the present application provides a method for generating a session key, where the method includes:
when a session is established with a terminal device, receiving a session key application request sent by the terminal device;
and generating a session key based on the random information carried in the session key application request and the device key, and returning the session key to the terminal device.
Optionally, the generating a session key based on the random information carried in the session key application request and the device key includes:
and based on a key dispersion algorithm, carrying out key dispersion on the equipment key through random information carried in the session key application request to obtain the session key.
Optionally, the method further includes:
sending an equipment key acquisition request to enable a key management platform to perform key dispersion on a channel key based on an application package identifier and an equipment identifier carried in the equipment key acquisition request to obtain an equipment key;
and receiving the device key returned by the key management platform.
Optionally, the channel key is obtained by key-dispersing the root key based on the channel identification.
Optionally, the method further includes:
and when receiving the data message which is sent by the terminal equipment and encrypted by the session key, decrypting the data message by the random information and the equipment key carried in the data message.
In a second aspect, an embodiment of the present application provides another session key generation method, where the method includes:
when a session is established with a server, a session key application request is sent to the server, so that the server generates a session key based on random information carried in the session key application request and an equipment key;
and receiving the session key returned by the server.
Optionally, the random information comprises a random number and a time stamp.
Optionally, the method further includes:
and encrypting the data message through the session key, and sending the encrypted data message and the random information to the server.
In a third aspect, an embodiment of the present application provides an apparatus for generating a session key, where the apparatus includes:
a session key request receiving module, configured to receive a session key application request sent by a terminal device when a session is established with the terminal device;
and the session key returning module is used for generating a session key based on the random information carried in the session key application request and the device key and returning the session key to the terminal device.
Optionally, when the session key returning module generates the session key based on the random information and the device key carried in the session key application request, the session key returning module is specifically configured to:
and based on a key dispersion algorithm, carrying out key dispersion on the equipment key through random information carried in the session key application request to obtain the session key.
Optionally, the apparatus further includes a device key obtaining module, where the device key obtaining module is configured to:
sending an equipment key acquisition request to enable a key management platform to perform key dispersion on a channel key based on an application package identifier and an equipment identifier carried in the equipment key acquisition request to obtain an equipment key;
and receiving the device key returned by the key management platform.
Optionally, the channel key is obtained by key-dispersing the root key based on the channel identification.
Optionally, the apparatus further includes a message decryption module, where the message decryption module is configured to:
and when receiving the data message which is sent by the terminal equipment and encrypted by the session key, decrypting the data message by using the random information and the equipment key carried in the data message.
In a fourth aspect, an embodiment of the present application provides another session key generation apparatus, including:
the session key request sending module is used for sending a session key application request to the server when a session is established with the server so as to enable the server to generate a session key based on random information carried in the session key application request and the equipment key;
and the session key receiving module is used for receiving the session key returned by the server.
Optionally, the random information includes a random number and a time stamp.
Optionally, the apparatus further includes a data packet sending module, where the data packet sending module is configured to:
and encrypting the data message through the session key, and sending the encrypted data message and the random information to the server.
In a fifth aspect, an embodiment of the present application provides an electronic device, where the electronic device includes: a processor and a memory;
a memory for storing operating instructions;
a processor, configured to execute the method for generating a session key as shown in any implementation manner of the first aspect of the present application by calling an operation instruction.
In a sixth aspect, the present application provides a computer-readable storage medium, on which a computer program is stored, where the computer program, when executed by a processor, implements the session key generation method shown in any implementation manner of the first aspect of the present application.
The technical scheme provided by the embodiment of the application has the following beneficial effects:
according to the scheme provided by the embodiment of the application, when the session is established with the terminal equipment, the session key application request sent by the terminal equipment is received, the session key is generated based on the random information carried in the session key application request and the equipment key, and the session key is returned to the terminal equipment. Based on the scheme, the session key can be automatically generated based on the device key and the random data, the existing key negotiation mode can be replaced, multiple key negotiation processes required when multiple keys are generated are omitted, the processing efficiency is improved, and the waste of operation resources is reduced.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present application, the drawings used in the description of the embodiments of the present application will be briefly described below.
Fig. 1 is a schematic flowchart of a method for generating a session key according to an embodiment of the present application;
fig. 2 is a schematic flowchart of a key distribution scheme provided in an embodiment of the present application;
fig. 3 is a schematic flowchart of another session key generation method according to an embodiment of the present application;
fig. 4 is a schematic structural diagram of a session key generation apparatus according to an embodiment of the present application;
fig. 5 is a schematic structural diagram of another session key generation apparatus according to an embodiment of the present application;
fig. 6 is a schematic structural diagram of an electronic device according to an embodiment of the present application.
Detailed Description
Reference will now be made in detail to embodiments of the present application, examples of which are illustrated in the accompanying drawings, wherein like or similar reference numerals refer to the same or similar elements or elements having the same or similar function throughout. The embodiments described below with reference to the accompanying drawings are illustrative and are only for the purpose of explaining the present application and are not to be construed as limiting the present invention.
As used herein, the singular forms "a", "an", "the" and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It will be further understood that the terms "comprises" and/or "comprising," when used in this specification, specify the presence of stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof. It will be understood that when an element is referred to as being "connected" or "coupled" to another element, it can be directly connected or coupled to the other element or intervening elements may also be present. Further, "connected" or "coupled" as used herein may include wirelessly connected or wirelessly coupled. As used herein, the term "and/or" includes all or any element and all combinations of one or more of the associated listed items.
To make the objects, technical solutions and advantages of the present application more clear, the following detailed description of the embodiments of the present application will be made with reference to the accompanying drawings.
The following describes the technical solution of the present application and how to solve the above technical problems in detail by specific embodiments. These several specific embodiments may be combined with each other below, and details of the same or similar concepts or processes may not be repeated in some embodiments. Embodiments of the present application will be described below with reference to the accompanying drawings.
Fig. 1 shows a schematic flowchart of a method for generating a session key according to an embodiment of the present application, and as shown in fig. 1, the method mainly includes:
step S110: when a session is established with a terminal device, receiving a session key application request sent by the terminal device;
step S120: and generating a session key based on the random information carried in the session key application request and the device key.
In this embodiment of the application, the terminal device may send a session key application request to the server when establishing a session with the server, where the session key application request may carry random information, and specifically, the random information may include a random number and a timestamp.
In the embodiment of the present application, the server may store a device key, and when receiving a session key application request from the terminal device, generate a session key based on the random information, and return the session key to the terminal device.
The session key generated based on the scheme provided by the embodiment of the application can be used for the terminal equipment to encrypt message data, and also provides a basis for the server to decrypt the encrypted message based on the equipment key and the random information, and when the session keys of a plurality of terminal equipments are required, the session keys do not need to be negotiated respectively.
According to the method provided by the embodiment of the application, when the session is established with the terminal equipment, the session key application request sent by the terminal equipment is received, the session key is generated based on the random information carried in the session key application request and the equipment key, and the session key is returned to the terminal equipment. Based on the scheme, the session key can be automatically generated based on the device key and the random data, the existing key agreement mode can be replaced, multiple key agreement processes which are required to be carried out when a plurality of keys are generated are omitted, the processing efficiency is improved, and the waste of operation resources is reduced.
In an optional manner of the embodiment of the present application, generating a session key based on random information carried in a session key application request and an apparatus key includes:
and based on a key dispersion algorithm, carrying out key dispersion on the equipment key through random information carried in the session key application request to obtain the session key.
In the embodiment of the application, the device key can be subjected to key dispersion through random information based on a key dispersion algorithm, so that the session key is obtained.
In an optional manner of the embodiment of the present application, the method further includes:
sending an equipment key acquisition request to enable a key management platform to perform key dispersion on a channel key based on an application package identifier and an equipment identifier carried in the equipment key acquisition request to obtain an equipment key;
and receiving the device key returned by the key management platform.
In the embodiment of the application, the server can obtain the device key from the key management platform, and the key management platform can perform key dispersion on the channel key through the application package identifier and the device identifier based on the key dispersion algorithm to obtain the device key.
In an optional manner of the embodiment of the present application, the channel key is obtained by performing key distribution on the root key based on the channel identifier.
In the embodiment of the application, the key management platform maintains the root key, and the key management platform can perform key dispersion on the root key through the channel identifier based on a key dispersion algorithm to obtain the channel key.
In an optional manner of the embodiment of the present application, the method further includes:
and when receiving the data message which is sent by the terminal equipment and encrypted by the session key, decrypting the data message by the random information and the equipment key carried in the data message.
In the embodiment of the application, after receiving the session key, the terminal device can encrypt the data message through the session key, and send the encrypted data message and the random information to the server together, and the server can determine the session key according to the key dispersion algorithm, the device key and the random information, so as to decrypt the encrypted data message.
As an example, fig. 2 shows a schematic flowchart of a key distribution scheme provided in an embodiment of the present application.
As shown in fig. 2, the root key is Kr, a server needs to communicate with two channels, the channel identifiers are CHl1 and CHl2, the application package identifier is P1, and the server identifier is m1, then when the server initiates a key application, CHl1 and CHl2, P1, and m1 are sent to the key management center, and the calculation process is as follows:
1) Using Kr to disperse CHl1 and CHl2 to obtain channel keys Kch1 and Kch2;
2) The channel key Kch1 disperses the P1 to obtain an application key Kc1P1;
3) Dispersing the P1 by using the key Kch2 to obtain an application key Kc2P1;
4) Dispersing M1 by using a key Kc1p1 to obtain an equipment key Kc1p1M1;
5) Dispersing the M1 by the device key Kc2p1 to obtain a device key K21p1M1;
6) The device keys Kc1p1m1 and K21p1m1 are sent to the server cache for storage;
and the application program of the terminal equipment generates a random number splicing time stamp to obtain random information R.
The server uses the device key Kc1p1m1 to distribute R, obtaining the session key Kc1p1m1R.
After receiving the data message encrypted by the session key Kc1p1M1R, the server performs key lookup through the channel number and the packet name to obtain Kch1p1, then disperses the device number M1 and the random number R to obtain the session key Kc1p1M1R, and performs data encryption and decryption by using the session key.
In the embodiment of the application, aiming at the scene that the mobile application needs to communicate with a plurality of back-end channels, the negotiation speed is accelerated through a key dispersion mechanism, and meanwhile, the safety is guaranteed.
Fig. 3 is a schematic flowchart illustrating another session key generation method provided in an embodiment of the present application, and as shown in fig. 3, the method mainly includes:
step S210: when a session is established with a server, a session key application request is sent to the server, so that the server generates a session key based on random information carried in the session key application request and an equipment key;
step S220: and receiving the session key returned by the server.
In this embodiment of the application, the terminal device may send a session key application request to the server when establishing a session with the server, where the session key application request may carry random information, and specifically, the random information may include a random number and a timestamp.
In the embodiment of the present application, the server may store a device key, and when receiving a session key application request from the terminal device, generate a session key based on the random information, and return the session key to the terminal device.
The session key generated based on the scheme provided by the embodiment of the application can be used for the terminal equipment to encrypt message data, and also provides a basis for the server to decrypt the encrypted message based on the equipment key and the random information, and when the session keys of a plurality of terminal equipments are required, the session keys do not need to be negotiated respectively.
According to the method provided by the embodiment of the application, when the session is established with the server, the session key application request is sent to the server, so that the server generates the session key based on the random information carried in the session key application request and the device key, and receives the session key returned by the server. Based on the scheme, the session key can be automatically generated based on the device key and the random data, the existing key agreement mode can be replaced, multiple key agreement processes which are required to be carried out when a plurality of keys are generated are omitted, the processing efficiency is improved, and the waste of operation resources is reduced.
In an optional manner of the embodiment of the present application, the method further includes:
and encrypting the data message through the session key, and sending the encrypted data message and the random information to the server.
In the embodiment of the application, after receiving the session key, the terminal device can encrypt the data message through the session key, and send the encrypted data message and the random information to the server together, and the server can determine the session key according to the key dispersion algorithm, the device key and the random information, so as to decrypt the encrypted data message.
The scheme provided by the embodiment of the application has the following advantages:
1. the channel coding identification, the application package identification, the equipment identification and the like are utilized to carry out multi-level key dispersion, key systems of different channels, applications and equipment are effectively isolated, and information leakage caused by key leakage is avoided
2. And carrying out session key distribution by using random number splicing time stamps, wherein each session is separately distributed with a session key. Compared with the scheme of key agreement, the security level is not reduced
3. And the key negotiation cost during communication is greatly reduced by dispersing part of keys in advance. Particularly, in the communication process of the scheme, key negotiation is not actually needed, the application terminal directly initiates a communication request, and the server terminal can encrypt and decrypt. In the whole process, the client and the server only need to continuously calculate for 1-2 times, and interactive communication is not needed in the middle, so that the speed is high and the weight is light.
Based on the same principle as the method shown in fig. 1, fig. 4 shows a schematic structural diagram of a session key generation apparatus provided in an embodiment of the present application, and as shown in fig. 4, the session key generation apparatus 30 may include:
a session key request receiving module 310, configured to receive a session key application request sent by a terminal device when a session is established with the terminal device;
the session key returning module 320 is configured to generate a session key based on the random information and the device key carried in the session key application request, and return the session key to the terminal device.
The device provided by the embodiment of the application receives a session key application request sent by the terminal equipment when a session is established with the terminal equipment, generates a session key based on random information carried in the session key application request and the equipment key, and returns the session key to the terminal equipment. Based on the scheme, the session key can be automatically generated based on the device key and the random data, the existing key agreement mode can be replaced, multiple key agreement processes which are required to be carried out when a plurality of keys are generated are omitted, the processing efficiency is improved, and the waste of operation resources is reduced.
Optionally, when the session key returning module generates the session key based on the random information and the device key carried in the session key application request, the session key returning module is specifically configured to:
and based on a key dispersion algorithm, carrying out key dispersion on the equipment key through random information carried in the session key application request to obtain the session key.
Optionally, the apparatus further includes a device key obtaining module, where the device key obtaining module is configured to:
sending an equipment key acquisition request to enable a key management platform to perform key dispersion on a channel key based on an application package identifier and an equipment identifier carried in the equipment key acquisition request to obtain an equipment key;
and receiving the device key returned by the key management platform.
Optionally, the channel key is obtained by key-dispersing the root key based on the channel identification.
Optionally, the apparatus further includes a message decryption module, where the message decryption module is configured to:
and when receiving the data message which is sent by the terminal equipment and encrypted by the session key, decrypting the data message by the random information and the equipment key carried in the data message.
It is to be understood that the above modules of the generation apparatus of the session key in this embodiment have functions of implementing the corresponding steps of the generation method of the session key in the embodiment shown in fig. 1. The function can be realized by hardware, and can also be realized by executing corresponding software by hardware. The hardware or software includes one or more modules corresponding to the functions described above. The modules may be software and/or hardware, and each module may be implemented separately or implemented by integrating a plurality of modules. For the functional description of each module of the session key generation apparatus, reference may be specifically made to the corresponding description of the session key generation method in the embodiment shown in fig. 1, and details are not repeated here.
Based on the same principle as the method shown in fig. 3, fig. 5 shows a schematic structural diagram of a session key generation apparatus provided in an embodiment of the present application, and as shown in fig. 5, the session key generation apparatus 40 may include:
a session key request sending module 410, configured to send a session key application request to a server when a session is established with the server, so that the server generates a session key based on random information and an equipment key that are carried in the session key application request;
and the session key receiving module 420 is configured to receive a session key returned by the server.
The device provided by the embodiment of the application sends the session key application request to the server when the session is established with the server, so that the server generates the session key based on the random information carried in the session key application request and the device key, and receives the session key returned by the server. Based on the scheme, the session key can be automatically generated based on the device key and the random data, the existing key negotiation mode can be replaced, multiple key negotiation processes required when multiple keys are generated are omitted, the processing efficiency is improved, and the waste of operation resources is reduced.
Optionally, the random information includes a random number and a time stamp.
Optionally, the apparatus further includes a data packet sending module, where the data packet sending module is configured to:
and encrypting the data message through the session key, and sending the encrypted data message and the random information to the server.
It is to be understood that the above modules of the session key generation apparatus in the present embodiment have functions of implementing the corresponding steps of the session key generation method in the embodiment shown in fig. 3. The function can be realized by hardware, and can also be realized by executing corresponding software by hardware. The hardware or software includes one or more modules corresponding to the functions described above. The modules may be software and/or hardware, and each module may be implemented separately or implemented by integrating a plurality of modules. For the functional description of each module of the session key generation apparatus, reference may be specifically made to the corresponding description of the session key generation method in the embodiment shown in fig. 3, and details are not repeated here.
The embodiment of the application provides an electronic device, which comprises a processor and a memory;
a memory for storing operating instructions;
and the processor is used for executing the session key generation method provided by any embodiment of the application by calling the operation instruction.
As an example, fig. 6 shows a schematic structural diagram of an electronic device to which the embodiment of the present application is applied, and as shown in fig. 6, the electronic device 2000 includes: a processor 2001 and a memory 2003. Wherein the processor 2001 is coupled to the memory 2003, such as via bus 2002. Optionally, the electronic device 2000 may also include a transceiver 2004. It should be noted that the transceiver 2004 is not limited to one in practical applications, and the structure of the electronic device 2000 is not limited to the embodiment of the present application.
The processor 2001 is applied to the embodiment of the present application, and is configured to implement the method shown in the foregoing method embodiment. The transceiver 2004 may include a receiver and a transmitter, and the transceiver 2004 is applied to the embodiments of the present application to implement the function of the electronic device of the embodiments of the present application to communicate with other devices when executed.
Processor 2001 may be a CPU (Central Processing Unit), general purpose Processor, DSP (Digital Signal Processor), ASIC (Application Specific Integrated Circuit), FPGA (Field Programmable Gate Array), or other Programmable logic device, transistor logic, hardware component, or any combination thereof. Which may implement or perform the various illustrative logical blocks, modules, and circuits described in connection with the disclosure. The processor 2001 may also be a combination of computing functions, e.g., comprising one or more microprocessors, DSPs and microprocessors, and the like.
Bus 2002 may include a path that conveys information between the aforementioned components. The bus 2002 may be a PCI (Peripheral Component Interconnect) bus, an EISA (Extended Industry Standard Architecture) bus, or the like. The bus 2002 may be divided into an address bus, a data bus, a control bus, and so on. For ease of illustration, only one thick line is shown in FIG. 6, but this is not intended to represent only one bus or type of bus.
The Memory 2003 may be a ROM (Read Only Memory) or other type of static storage device that can store static information and instructions, a RAM (Random Access Memory) or other type of dynamic storage device that can store information and instructions, an EEPROM (Electrically Erasable Programmable Read Only Memory), a CD-ROM (Compact Disc Read Only Memory) or other optical Disc storage, optical Disc storage (including Compact Disc, laser Disc, optical Disc, digital versatile Disc, blu-ray Disc, etc.), a magnetic disk storage medium or other magnetic storage device, or any other medium that can be used to carry or store desired program code in the form of instructions or data structures and that can be accessed by a computer, but is not limited to these.
Optionally, the memory 2003 is used to store application program code for performing aspects of the present application, and execution is controlled by the processor 2001. The processor 2001 is configured to execute the application program code stored in the memory 2003 to implement the method for generating a session key provided in any of the embodiments of the present application.
The electronic device provided in the embodiment of the present application is applicable to any embodiment of the foregoing method, and details are not repeated here.
Compared with the prior art, the embodiment of the application provides the electronic equipment, and the electronic equipment receives a session key application request sent by the terminal equipment when a session is established with the terminal equipment, generates the session key based on random information carried in the session key application request and the equipment key, and returns the session key to the terminal equipment. Based on the scheme, the session key can be automatically generated based on the device key and the random data, the existing key agreement mode can be replaced, multiple key agreement processes which are required to be carried out when a plurality of keys are generated are omitted, the processing efficiency is improved, and the waste of operation resources is reduced.
The embodiment of the present application provides a computer-readable storage medium, where a computer program is stored, and when the program is executed by a processor, the computer program implements the method for generating a session key shown in the foregoing method embodiment.
The computer-readable storage medium provided in the embodiments of the present application is applicable to any embodiment of the foregoing method, and is not described herein again.
Compared with the prior art, the embodiment of the application provides a computer-readable storage medium, and the method comprises the steps of receiving a session key application request sent by a terminal device when a session is established with the terminal device, generating a session key based on random information carried in the session key application request and a device key, and returning the session key to the terminal device. Based on the scheme, the session key can be automatically generated based on the device key and the random data, the existing key negotiation mode can be replaced, multiple key negotiation processes required when multiple keys are generated are omitted, the processing efficiency is improved, and the waste of operation resources is reduced.
It should be understood that, although the steps in the flowcharts of the figures are shown in order as indicated by the arrows, the steps are not necessarily performed in order as indicated by the arrows. The steps are not performed in the exact order shown and may be performed in other orders unless otherwise indicated herein. Moreover, at least a portion of the steps in the flow chart of the figure may include multiple sub-steps or multiple stages, which are not necessarily performed at the same time, but may be performed at different times, which are not necessarily performed in sequence, but may be performed alternately or alternately with other steps or at least a portion of the sub-steps or stages of other steps.
The foregoing is only a partial embodiment of the present invention, and it should be noted that, for those skilled in the art, various modifications and embellishments can be made without departing from the principle of the present invention, and these should also be construed as the scope of the present invention.

Claims (6)

1. A method for generating a session key, applied to a server, includes:
when a session is established with a terminal device, receiving a session key application request sent by the terminal device; the session key application request is sent to a server when a terminal device establishes a session with the server, so that the server generates a session key based on random information carried in the session key application request and a device key; the random information comprises a random number and a time stamp;
sending an equipment key acquisition request to enable a key management platform to perform key dispersion on a channel key based on an application package identifier and an equipment identifier carried in the equipment key acquisition request to obtain an equipment key; the channel key is obtained by performing key dispersion on a root key based on a channel identifier;
receiving the device key returned by the key management platform;
and generating a session key based on the random information carried in the session key application request and the device key, and returning the session key to the terminal device.
2. The method of claim 1, wherein the generating a session key based on the random information carried in the session key application request and a device key comprises:
and based on a key dispersion algorithm, carrying out key dispersion on the equipment key through random information carried in the session key application request to obtain the session key.
3. The method according to any one of claims 1-2, further comprising:
and when receiving a data message which is sent by the terminal equipment and encrypted by the session key, decrypting the data message through random information carried in the data message and the equipment key.
4. An apparatus for generating a session key, comprising:
a session key request sending module, configured to send a session key application request to a server when a session is established with the server, so that the server generates a session key based on random information and an equipment key that are carried in the session key application request; the random information comprises a random number and a time stamp;
a session key request receiving module, configured to receive a session key application request sent by a terminal device when a session is established with the terminal device;
a session key returning module, configured to send an equipment key obtaining request, so that a key management platform performs key distribution on a channel key based on an application package identifier and an equipment identifier that are carried in the equipment key obtaining request, to obtain an equipment key, generates a session key based on random information carried in the session key application request and the equipment key, and returns the session key to the terminal equipment;
the channel key is obtained by performing key dispersion on a root key based on a channel identifier;
and the session key receiving module is used for receiving the session key returned by the server.
5. An electronic device comprising a processor and a memory;
the memory is used for storing operation instructions;
the processor is used for executing the method of any one of claims 1-3 by calling the operation instruction.
6. A computer-readable storage medium, characterized in that the storage medium has stored thereon a computer program which, when being executed by a processor, carries out the method of any one of claims 1-3.
CN202011304032.2A 2020-11-19 2020-11-19 Method and device for generating session key, electronic equipment and readable storage medium Active CN112512038B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011304032.2A CN112512038B (en) 2020-11-19 2020-11-19 Method and device for generating session key, electronic equipment and readable storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011304032.2A CN112512038B (en) 2020-11-19 2020-11-19 Method and device for generating session key, electronic equipment and readable storage medium

Publications (2)

Publication Number Publication Date
CN112512038A CN112512038A (en) 2021-03-16
CN112512038B true CN112512038B (en) 2022-11-29

Family

ID=74959949

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011304032.2A Active CN112512038B (en) 2020-11-19 2020-11-19 Method and device for generating session key, electronic equipment and readable storage medium

Country Status (1)

Country Link
CN (1) CN112512038B (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113691502B (en) * 2021-08-02 2023-06-30 上海浦东发展银行股份有限公司 Communication method, device, gateway server, client and storage medium
CN117439734A (en) * 2022-07-15 2024-01-23 中国移动通信有限公司研究院 Key management method, device, equipment and storage medium
CN115334100A (en) * 2022-07-22 2022-11-11 蔚来汽车科技(安徽)有限公司 Vehicle communication method and terminal, vehicle, and computer-readable storage medium

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2009290378A (en) * 2008-05-27 2009-12-10 Panasonic Electric Works Co Ltd Secret key distribution method and secret key distribution system
WO2016056990A1 (en) * 2014-10-09 2016-04-14 Kelisec Ab Method and system for establishing a secure communication channel
CN106685907A (en) * 2016-06-29 2017-05-17 腾讯科技(深圳)有限公司 Method and device for generating session key

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102325320B (en) * 2011-09-14 2015-09-02 北京握奇数据系统有限公司 A kind of Wireless security communication method and system
US8745390B1 (en) * 2013-11-13 2014-06-03 Google Inc. Mutual authentication and key exchange for inter-application communication
CN111404674B (en) * 2019-01-02 2023-06-27 中国移动通信有限公司研究院 Method and equipment for generating and receiving session key
KR102164904B1 (en) * 2019-01-15 2020-10-13 상명대학교산학협력단 Method for generating session key and electronic apparatus thereof

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2009290378A (en) * 2008-05-27 2009-12-10 Panasonic Electric Works Co Ltd Secret key distribution method and secret key distribution system
WO2016056990A1 (en) * 2014-10-09 2016-04-14 Kelisec Ab Method and system for establishing a secure communication channel
CN106685907A (en) * 2016-06-29 2017-05-17 腾讯科技(深圳)有限公司 Method and device for generating session key

Also Published As

Publication number Publication date
CN112512038A (en) 2021-03-16

Similar Documents

Publication Publication Date Title
CN112512038B (en) Method and device for generating session key, electronic equipment and readable storage medium
EP4258593A1 (en) Ota update method and apparatus
CN107342861B (en) Data processing method, device and system
CN105007577A (en) Virtual SIM card parameter management method, mobile terminal and server
CN113422686B (en) Gateway layer authentication method, system, electronic device and storage medium
US11128455B2 (en) Data encryption method and system using device authentication key
CN111639108A (en) Data query method and device, electronic equipment and computer readable storage medium
CN112671705A (en) Message processing method and device, electronic equipment and computer readable storage medium
CN110224976A (en) A kind of encryption communication method, device and computer readable storage medium
CN112153015A (en) Multi-encryption interface authentication method, device, equipment and readable storage medium
CN115150821A (en) Offline package transmission and storage method and device
CN115348023A (en) Data security processing method and device
CN112602289B (en) Data encryption processing method, data decryption processing method, data encryption processing device, electronic equipment and readable storage medium
CN106487761B (en) Message transmission method and network equipment
CN114884655B (en) Data processing method, device, electronic equipment and readable storage medium
CN115086048B (en) Data processing method, device, electronic equipment and readable storage medium
CN116455572A (en) Data encryption method, device and equipment
CN103873245A (en) Virtual machine system data encryption method and apparatus
CN115086428B (en) Network request sending method and device and electronic equipment
EP4283955A1 (en) Communication key configuration method and apparatus
CN115909560A (en) Data encryption method, data decryption method and door lock system
CN111431846B (en) Data transmission method, device and system
CN111859351A (en) Method, system, server and storage medium for writing information into chip
CN114567425B (en) Internet of things communication method and system, soC Sim and Internet of things terminal
CN115276961B (en) Data processing method and device based on OT protocol

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
TA01 Transfer of patent application right
TA01 Transfer of patent application right

Effective date of registration: 20220913

Address after: 25 Financial Street, Xicheng District, Beijing 100033

Applicant after: CHINA CONSTRUCTION BANK Corp.

Address before: 12 / F, 15 / F, 99 Yincheng Road, Pudong New Area pilot Free Trade Zone, Shanghai, 200120

Applicant before: Jianxin Financial Science and Technology Co.,Ltd.

GR01 Patent grant
GR01 Patent grant