CN112671730A - Method, equipment and medium for exchanging symmetric encryption keys on line - Google Patents
Method, equipment and medium for exchanging symmetric encryption keys on line Download PDFInfo
- Publication number
- CN112671730A CN112671730A CN202011479309.5A CN202011479309A CN112671730A CN 112671730 A CN112671730 A CN 112671730A CN 202011479309 A CN202011479309 A CN 202011479309A CN 112671730 A CN112671730 A CN 112671730A
- Authority
- CN
- China
- Prior art keywords
- key
- symmetric key
- symmetric
- application
- exchanging
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 53
- 238000012216 screening Methods 0.000 claims abstract description 6
- 238000012545 processing Methods 0.000 claims description 30
- 238000012795 verification Methods 0.000 claims description 26
- 238000004891 communication Methods 0.000 claims description 10
- 230000003993 interaction Effects 0.000 claims description 10
- 238000004590 computer program Methods 0.000 claims description 4
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000007547 defect Effects 0.000 description 1
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The invention provides a method for exchanging symmetric encryption keys on line, which comprises the steps of obtaining a symmetric key application message sent by a symmetric key application party, wherein the symmetric key application message contains symmetric key application information and symmetric key application party information; taking a symmetric key which is used by a symmetric key requester as an old symmetric key, screening out a pre-stored enabling key and a pre-stored prefabricated key according to symmetric key application information and symmetric key requester information, taking the enabling key as the symmetric key and replacing the old symmetric key when the enabling key is not in a window period, taking the pre-stored enabling key as a new enabling key, and simultaneously generating a new pre-stored prefabricated key; and sending the symmetric key to the corresponding symmetric key applicant according to the information of the symmetric key applicant. The method for exchanging the symmetric encryption key on line does not need manual interference in the whole process, reduces the risk of password leakage, shortens the exchange time of the whole symmetric encryption key and simplifies the exchange process.
Description
Technical Field
The present invention relates to the field of network security, and in particular, to a method, device, and medium for exchanging symmetric encryption keys online.
Background
With the increase of various services of banks, a plurality of third-party terminals or platforms need to communicate with the banks, the banks and the third parties currently communicate in a symmetric encryption mode, the symmetric encryption refers to an encryption method adopting a single-key cryptosystem, the same key can be used for information encryption and decryption at the same time, and both parties do not have a key exchange mechanism, and only can exchange offline and agree on time synchronization modification if the key needs to be updated. The off-line key exchange in the symmetric encryption process has the following problems: firstly, the secret key is exchanged offline, so that the secret key is easily leaked due to negligence of personnel, and huge economic loss is caused. And secondly, after the key exchange, both parties need to update simultaneously, and if one party updates, the other party does not update synchronously, partial transaction fails due to incorrect key, so that service influence is caused.
Disclosure of Invention
In order to overcome the defects of the prior art, one of the objectives of the present invention is to provide a method for exchanging symmetric encryption keys online, which can solve the problems of complicated exchange process and long time consumption of exchanging symmetric encryption keys offline between the bank and the third party.
The second objective of the present invention is to provide an electronic device, which can solve the problems of complicated exchange process and long time consumption of offline exchange of symmetric keys between the bank and the third party.
The invention also aims to provide a computer readable storage medium, which can solve the problems that the exchange process of the off-line exchange of the symmetric key between the bank and the third party is complicated and the time consumption is too long. One of the purposes of the invention is realized by adopting the following technical scheme:
a method for exchanging symmetric encryption keys on line is applied between a symmetric key generator and a symmetric key applicant, the symmetric key applicant and the symmetric key generator perform communication interaction in a symmetric encryption mode, the method is executed by the symmetric key generator, and comprises the following steps:
obtaining a message, and obtaining a symmetric key application message sent by a symmetric key application party, wherein the symmetric key application message contains symmetric key application information and symmetric key application party information;
judging a window period, taking a symmetric key which is used by a symmetric key requester as an old symmetric key, screening out a pre-stored enabled key and a pre-stored pre-manufactured key according to symmetric key application information and symmetric key requester information, judging whether the enabled key is the window period, if so, assigning the enabled key to the old symmetric key and taking the enabled key as the symmetric key to be sent to the symmetric key requester, and if not, executing the step of replacing the key;
replacing the key, namely using the enabled key as a symmetric key and replacing an old symmetric key, using the prefabricated key as a new enabled key, and simultaneously generating a new prefabricated key;
and sending the symmetric key, and sending the symmetric key to a corresponding symmetric key applicant according to the information of the symmetric key applicant.
And further, before the window period is judged, whether the application is the first time or not is judged according to the information of the symmetric key requester, if so, a current key and a prefabricated key are generated, the current key is used as the symmetric key for communication interaction with the symmetric key requester, and if not, the step of judging the window period is executed.
Further, before the determining whether the application is the first application, the method further includes the following steps:
verifying validity, judging whether the symmetric key applicant has validity or not according to the information of the symmetric key applicant, if so, executing the step of signature verification processing, and if not, returning to the step of re-executing to obtain the message;
and (4) signature verification processing, namely performing signature verification processing on the symmetric key application message, if the verification is successful, executing the step to judge whether the symmetric key application message is the first application, and if the verification is failed, returning to the step of re-executing to obtain the message.
Further, the signature verification processing specifically includes: and carrying out signature verification processing on the symmetric key application message according to a prestored public key of the symmetric key application party.
Further, the sending the symmetric key specifically includes: and sequentially using the public key of the symmetric key applicant as the symmetric key to perform encryption processing and using the private key of the symmetric key generator to perform signature processing on the encrypted symmetric key, and sending the encrypted and signed symmetric key to the corresponding symmetric key applicant according to the information of the symmetric key applicant.
Further, when the enable key is a window period, the old symmetric key is not expired.
Further, the symmetric key generator holds a public key of the symmetric key generator, a private key of the symmetric key generator, and a public key of the symmetric key application message, and the symmetric key applier holds a public key of the symmetric key applier, a private key of the symmetric key applier, and a public key of the symmetric key generator.
A method for exchanging symmetric encryption keys on line is applied between a symmetric key generator and a symmetric key applicator, the symmetric key applicator and the symmetric key generator perform communication interaction in a symmetric encryption mode, the method is executed by the symmetric key applicator and comprises the following steps:
sending a symmetric key application message, and sending the symmetric key application message to a symmetric key generator;
and receiving the symmetric key, receiving the symmetric key sent by the symmetric key application message, carrying out signature verification processing on the symmetric key by using the public key of the symmetric key generator, and carrying out decryption processing on the symmetric key by using the private key of the symmetric key application party after signature verification is successful.
The second purpose of the invention is realized by adopting the following technical scheme:
an electronic device, comprising: a processor;
a memory; and a program, wherein the program is stored in the memory and configured to be executed by the processor, the program comprising instructions for performing a method of exchanging symmetric encryption keys online as described herein.
The third purpose of the invention is realized by adopting the following technical scheme:
a computer-readable storage medium having stored thereon a computer program for executing by a processor a method of exchanging symmetric encryption keys online in the present application.
Compared with the prior art, the method for exchanging the symmetric encryption key online comprises the steps of obtaining a symmetric key application message sent by a symmetric key application party, wherein the symmetric key application message contains symmetric key application information and symmetric key application party information; taking a symmetric key which is used by a symmetric key requester as an old symmetric key, screening out a pre-stored enabling key and a pre-stored prefabricated key according to symmetric key application information and symmetric key requester information, taking the enabling key as the symmetric key and replacing the old symmetric key when the enabling key is not in a window period, taking the pre-stored enabling key as a new enabling key, and simultaneously generating a new pre-stored prefabricated key; the symmetric key is sent to the corresponding symmetric key application party according to the information of the symmetric key request party, the whole exchange process of the symmetric key is online exchange, the phenomenon that the transaction fails due to inconsistent updating progress when the two parties exchange the key is avoided by establishing a window period, and the whole process does not need manual interference, so that personnel contacting the symmetric key are reduced, the risk of password leakage is reduced, the exchange time of the whole symmetric key is shortened, and the exchange process is simplified.
The foregoing description is only an overview of the technical solutions of the present invention, and in order to make the technical solutions of the present invention more clearly understood and to implement them in accordance with the contents of the description, the following detailed description is given with reference to the preferred embodiments of the present invention and the accompanying drawings. The detailed description of the present invention is given in detail by the following examples and the accompanying drawings.
Drawings
The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this application, illustrate embodiment(s) of the invention and together with the description serve to explain the invention without limiting the invention. In the drawings:
fig. 1 is a flowchart illustrating a method for exchanging symmetric encryption keys online according to the present invention.
Detailed Description
The present invention will be further described with reference to the accompanying drawings and the detailed description, and it should be noted that any combination of the embodiments or technical features described below can be used to form a new embodiment without conflict.
As shown in fig. 1, in the present application, a method for exchanging a symmetric encryption key online is actually applied between a symmetric key generator and a symmetric key applicant, where the symmetric key generator refers to a banking system in the financial field, the symmetric key applicant refers to a third-party terminal or platform that establishes communication interaction with the banking system, and the symmetric key applicant and the symmetric key generator perform communication interaction in a symmetric encryption manner. In this embodiment, a method for exchanging symmetric encryption keys online includes the following steps:
and sending a symmetric key application message, wherein the symmetric key application party, namely a third party establishing communication interaction with the bank system, signs the symmetric key application message by using a private key of the symmetric key application party, and sends the signed symmetric key application message from the symmetric key generator, namely to the bank system.
The method comprises the steps that a message is obtained, and a symmetric key generator obtains a symmetric key application message sent by a symmetric key application party, wherein the symmetric key application message contains symmetric key application information and symmetric key application party information.
Verifying the validity, wherein the symmetric key generator judges whether the symmetric key applicant has validity according to the information of the symmetric key applicant, if so, the signature verification processing of the step is executed, and if not, the step is returned to be executed again to obtain the message;
and (3) performing signature verification processing, namely performing signature verification processing on the symmetric key application message by the symmetric key generator, specifically performing signature verification processing on the symmetric key application message according to a prestored public key of the symmetric key applicator, if the verification is successful, judging whether the application is the first application, and if the verification is failed, returning to the step of re-executing to obtain the message.
Judging whether the application is the first application, judging whether the symmetric key application party applies the symmetric key for the first time by the symmetric key generation party according to the information of the symmetric key request party, if so, indicating that the symmetric key application party applies the symmetric key for the first time, generating a current key and a prefabricated key, using the current key as the symmetric key for communication interaction with the symmetric key application party, and if not, executing the step to judge the window period.
And judging the window period, using the symmetric key which is used by the symmetric key generator and is used by the symmetric key requester as an old symmetric key, screening out a pre-stored enabling key and a pre-stored key and pre-stored key according to the symmetric key application information and the symmetric key requester information, if so, assigning the enabling key to the old symmetric key and using the enabling key as the symmetric key to be sent to the symmetric key requester. The window period in this embodiment is a period when the symmetric key has been generated but is not yet activated, and the symmetric key are valid at the same time. The transaction failure caused by inconsistent updating schedules of the keys of the two parties is avoided by setting a window period.
And replacing the key, wherein the symmetric key generator takes the enabling key as the symmetric key and replaces the old symmetric key, takes the prefabricated key as a new enabling key and generates a new prefabricated key at the same time.
And receiving the symmetric key, receiving the symmetric key sent by the symmetric key application message by the symmetric key application party, carrying out signature verification processing on the symmetric key by using the public key of the symmetric key generation party, and carrying out decryption processing on the symmetric key by using the private key of the symmetric key application party after signature verification is successful. In this embodiment, the symmetric key generator has a public key of the symmetric key generator, a private key of the symmetric key generator, and a public key of the symmetric key application message, and the symmetric key applier has a public key of the symmetric key applier, a private key of the symmetric key applier, and a public key of the symmetric key generator.
And sending the symmetric key, and sending the symmetric key to a corresponding symmetric key applicant according to the information of the symmetric key applicant. The method specifically comprises the following steps: and sequentially using the public key of the symmetric key applicant as the symmetric key to perform encryption processing and using the private key of the symmetric key generator to perform signature processing on the encrypted symmetric key, and sending the encrypted and signed symmetric key to the corresponding symmetric key applicant according to the information of the symmetric key applicant. The security of the symmetric key exchange process is ensured through encryption processing and signature processing. The sending process of the symmetric key at the scattering place adopts encryption processing and signature processing, so that the safety of exchanging the symmetric key on the whole line can be improved.
The present application further provides an electronic device, comprising: a processor;
a memory; and a program, wherein the program is stored in the memory and configured to be executed by the processor, the program comprising instructions for performing a method of exchanging symmetric encryption keys online as described herein.
The present application also provides a computer-readable storage medium having stored thereon a computer program for execution by a processor of a method of exchanging symmetric encryption keys online in the present application.
The method for exchanging the symmetric encryption key on line comprises the steps of obtaining a symmetric key application message sent by a symmetric key application party, wherein the symmetric key application message contains symmetric key application information and symmetric key application party information; taking a symmetric key which is used by a symmetric key requester as an old symmetric key, screening out a pre-stored enabling key and a pre-stored prefabricated key according to symmetric key application information and symmetric key requester information, taking the enabling key as the symmetric key and replacing the old symmetric key when the enabling key is not in a window period, taking the pre-stored enabling key as a new enabling key, and simultaneously generating a new pre-stored prefabricated key; the symmetric key is sent to the corresponding symmetric key application party according to the information of the symmetric key request party, the whole exchange process of the symmetric key is online exchange, the phenomenon that the transaction fails due to inconsistent updating progress when the two parties exchange the key is avoided by establishing a window period, and the whole process does not need manual interference, so that personnel contacting the symmetric key are reduced, the risk of password leakage is reduced, the exchange time of the whole symmetric key is shortened, and the exchange process is simplified.
The foregoing is merely a preferred embodiment of the invention and is not intended to limit the invention in any manner; those skilled in the art can readily practice the invention as shown and described in the drawings and detailed description herein; however, those skilled in the art should appreciate that they can readily use the disclosed conception and specific embodiments as a basis for designing or modifying other structures for carrying out the same purposes of the present invention without departing from the scope of the invention as defined by the appended claims; meanwhile, any changes, modifications, and evolutions of the equivalent changes of the above embodiments according to the actual techniques of the present invention are still within the protection scope of the technical solution of the present invention.
Claims (10)
1. A method for exchanging symmetric encryption keys on line is applied between a symmetric key generator and a symmetric key applicant, and the symmetric key applicant and the symmetric key generator perform communication interaction by adopting a symmetric encryption mode, and is characterized in that: the method is performed by a symmetric key generator and comprises the following steps:
obtaining a message, and obtaining a symmetric key application message sent by a symmetric key application party, wherein the symmetric key application message contains symmetric key application information and symmetric key application party information;
judging a window period, taking a symmetric key which is used by a symmetric key requester as an old symmetric key, screening out a pre-stored enabled key and a pre-stored pre-manufactured key according to symmetric key application information and symmetric key requester information, judging whether the enabled key is the window period, if so, assigning the enabled key to the old symmetric key and taking the enabled key as the symmetric key to be sent to the symmetric key requester, and if not, executing the step of replacing the key;
replacing the key, namely using the enabled key as a symmetric key and replacing an old symmetric key, using the prefabricated key as a new enabled key, and simultaneously generating a new prefabricated key;
and sending the symmetric key, and sending the symmetric key to a corresponding symmetric key applicant according to the information of the symmetric key applicant.
2. A method for exchanging symmetric encryption keys in-line as claimed in claim 1, wherein: and judging whether the window period is the first application or not before judging the window period, judging whether the symmetric key is the first application or not according to the information of the symmetric key requester, if so, generating a current key and a prefabricated key, using the current key as the symmetric key for communication interaction with the symmetric key requester, and if not, executing the step of judging the window period.
3. A method for exchanging symmetric encryption keys in-line as claimed in claim 2, wherein: the method further comprises the following steps before the judgment of whether the application is applied for the first time:
verifying validity, judging whether the symmetric key applicant has validity or not according to the information of the symmetric key applicant, if so, executing the step of signature verification processing, and if not, returning to the step of re-executing to obtain the message;
and (4) signature verification processing, namely performing signature verification processing on the symmetric key application message, if the verification is successful, executing the step to judge whether the symmetric key application message is the first application, and if the verification is failed, returning to the step of re-executing to obtain the message.
4. A method for exchanging symmetric encryption keys online according to claim 3, wherein: the signature verification processing specifically comprises: and carrying out signature verification processing on the symmetric key application message according to a prestored public key of the symmetric key application party.
5. A method for exchanging symmetric encryption keys in-line as claimed in claim 1, wherein: the sending symmetric key specifically includes: and sequentially using the public key of the symmetric key applicant as the symmetric key to perform encryption processing and using the private key of the symmetric key generator to perform signature processing on the encrypted symmetric key, and sending the encrypted and signed symmetric key to the corresponding symmetric key applicant according to the information of the symmetric key applicant.
6. A method for exchanging symmetric encryption keys in-line as claimed in claim 1, wherein: when the enable key is a window period, the old symmetric key is not expired.
7. A method for exchanging symmetric encryption keys in-line as claimed in claim 1, wherein: the symmetric key generator holds a public key of the symmetric key generator, a private key of the symmetric key generator and a public key of the symmetric key application message, and the symmetric key applicator holds a public key of the symmetric key applicator, a private key of the symmetric key applicator and a public key of the symmetric key generator.
8. A method for exchanging symmetric encryption keys on line is applied between a symmetric key generator and a symmetric key applicant, and the symmetric key applicant and the symmetric key generator perform communication interaction by adopting a symmetric encryption mode, and is characterized in that: the method is executed by a symmetric key applicant and comprises the following steps:
sending a symmetric key application message, and sending the symmetric key application message to a symmetric key generator;
and receiving the symmetric key, receiving the symmetric key sent by the symmetric key application message, carrying out signature verification processing on the symmetric key by using the public key of the symmetric key generator, and carrying out decryption processing on the symmetric key by using the private key of the symmetric key application party after signature verification is successful.
9. An electronic device, characterized by comprising: a processor;
a memory; and a program, wherein the program is stored in the memory and configured to be executed by the processor, the program comprising instructions for performing the method of exchanging symmetric encryption keys in a line as claimed in any one of claims 1 to 7 or the method of exchanging symmetric encryption keys in a line as claimed in claim 8.
10. A computer-readable storage medium having stored thereon a computer program, characterized in that: the computer program is executed by a processor to perform a method for exchanging symmetric encryption keys in a line according to any one of claims 1 to 7 or a method for exchanging symmetric encryption keys in a line according to claim 8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011479309.5A CN112671730A (en) | 2020-12-15 | 2020-12-15 | Method, equipment and medium for exchanging symmetric encryption keys on line |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011479309.5A CN112671730A (en) | 2020-12-15 | 2020-12-15 | Method, equipment and medium for exchanging symmetric encryption keys on line |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112671730A true CN112671730A (en) | 2021-04-16 |
Family
ID=75404668
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011479309.5A Pending CN112671730A (en) | 2020-12-15 | 2020-12-15 | Method, equipment and medium for exchanging symmetric encryption keys on line |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112671730A (en) |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP1615380A1 (en) * | 2004-07-07 | 2006-01-11 | Thomson Multimedia Broadband Belgium | Device and process for wireless local area network association |
| WO2013021360A1 (en) * | 2011-08-10 | 2013-02-14 | Pes Carlo | Encryption and decryption method |
| CN109802827A (en) * | 2018-12-19 | 2019-05-24 | 中国长城科技集团股份有限公司 | Key updating method and key updating system |
| CN110855597A (en) * | 2018-08-20 | 2020-02-28 | 北京京东金融科技控股有限公司 | Message transmission method, server and client |
| CN110995729A (en) * | 2019-12-12 | 2020-04-10 | 广东电网有限责任公司电力调度控制中心 | Control system communication method and device based on asymmetric encryption and computer equipment |
| CN111200491A (en) * | 2018-11-20 | 2020-05-26 | 千寻位置网络有限公司 | Key updating method, data decrypting method, device, client and interactive system |
-
2020
- 2020-12-15 CN CN202011479309.5A patent/CN112671730A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP1615380A1 (en) * | 2004-07-07 | 2006-01-11 | Thomson Multimedia Broadband Belgium | Device and process for wireless local area network association |
| WO2013021360A1 (en) * | 2011-08-10 | 2013-02-14 | Pes Carlo | Encryption and decryption method |
| CN110855597A (en) * | 2018-08-20 | 2020-02-28 | 北京京东金融科技控股有限公司 | Message transmission method, server and client |
| CN111200491A (en) * | 2018-11-20 | 2020-05-26 | 千寻位置网络有限公司 | Key updating method, data decrypting method, device, client and interactive system |
| CN109802827A (en) * | 2018-12-19 | 2019-05-24 | 中国长城科技集团股份有限公司 | Key updating method and key updating system |
| CN110995729A (en) * | 2019-12-12 | 2020-04-10 | 广东电网有限责任公司电力调度控制中心 | Control system communication method and device based on asymmetric encryption and computer equipment |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107742212B (en) | Asset verification method, device and system based on block chain | |
| CN103685138B (en) | The authentication method of the Android platform application software that mobile interchange is online and system | |
| CN1736055B (en) | System, apparatus and method for replacing a cryptographic key | |
| US8285647B2 (en) | Maintaining privacy for transactions performable by a user device having a security module | |
| CN108964924A (en) | Digital certificate method of calibration, device, computer equipment and storage medium | |
| CN108777684A (en) | Identity identifying method, system and computer readable storage medium | |
| CN107592293A (en) | The means of communication, digital certificate management method, device and electronic equipment between block chain node | |
| CN107911224B (en) | The continuous card method and system of universal embedded integrated circuit card | |
| CN108696348A (en) | A kind of method, apparatus, system and electronic equipment for realizing CA mutual trusts | |
| TW200423677A (en) | Communication apparatus and authentication apparatus | |
| CN110247884A (en) | A kind of method, apparatus, system and the computer readable storage medium of more new authentication | |
| CN112291201B (en) | Service request transmission method and device and electronic equipment | |
| CN111641615A (en) | Distributed identity authentication method and system based on certificate | |
| CN112396421B (en) | Identity authentication system and method based on blockchain pass | |
| CN101895388B (en) | Distributed dynamic keys management method and device | |
| CN104735064B (en) | The method that safety is cancelled and updated is identified in a kind of id password system | |
| WO2022206433A1 (en) | Method and apparatus for pre-executing chaincode in fabric blockchain | |
| CN114117551B (en) | Access verification method and device | |
| CN107171814A (en) | A kind of digital certificate updating method and device | |
| CN111737766B (en) | Method for judging validity of digital certificate signature data in block chain | |
| CN112332980B (en) | Digital certificate signing and verifying method, equipment and storage medium | |
| CN111353780B (en) | Authorization verification method, device and storage medium | |
| CN110706102B (en) | Multistage signature method with anonymity for alliance block chain | |
| CN112671730A (en) | Method, equipment and medium for exchanging symmetric encryption keys on line | |
| CN112150158B (en) | Block chain transaction delivery verification method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20210416 |