CN112771815A

CN112771815A - Key processing method and device

Info

Publication number: CN112771815A
Application number: CN202080005167.0A
Authority: CN
Inventors: 王勇; 陈璟
Original assignee: Huawei Technologies Co Ltd
Current assignee: Huawei Technologies Co Ltd
Priority date: 2020-03-31
Filing date: 2020-03-31
Publication date: 2021-05-07
Anticipated expiration: 2040-03-31
Also published as: WO2021196047A1; CN112771815B

Abstract

The application provides a secret key processing method and a secret key processing device, which can be applied to a short-distance communication system and further can be used in scenes such as automatic driving, intelligent driving, robots and unmanned transportation. The method comprises the steps of obtaining a first key parameter K of a first communication system, and further determining a second key parameter K of a second communication system according to the first key parameter K and an identifier of the second communication system_dTherefore, under the condition that all communication systems are completely independent, the key parameters of other communication systems are determined according to the key parameters of a certain communication system, so that other communication systems can generate keys for encryption and decryption and/or keys for integrity protection and the like based on the key parameters, the process of key negotiation deduction is omitted, signaling is greatly saved, and efficiency is improved. And the above process is carried out in K_dHas a length of K or more or less_dIn the case of the length of the corresponding object type key, different object type keys are determined respectively,is suitable for practical application.

Description

Key processing method and device

Technical Field

The present application relates to the field of communications technologies, and in particular, to a method and an apparatus for processing a secret key.

Background

With the development of communication technology, the security of communication is more and more emphasized. Currently, communication security is generally ensured by encryption protection and integrity protection. For example, in the data transmission process, data to be transmitted is usually encrypted and transmitted, and a receiver decrypts a ciphertext and restores a plaintext after receiving the data. And in the data transmission process, integrity protection is carried out on the data, the integrity of the message is verified after the receiver receives the data, and the successful integrity verification indicates that the message is not modified in the transmission process. In secure data communication, both parties of communication must have a key for encryption and decryption and/or a key for integrity protection, respectively.

In the related art, one device may be compatible with a plurality of communication systems, for example, a mobile phone has a bluetooth system, a WiFi system, and other communication systems. Each communication system needs a key with the above encryption and decryption and/or integrity protection, etc. during communication.

Because the communication systems of the above-mentioned devices are completely independent, a certain communication system cannot utilize the security key negotiated by other communication systems, and thus, each communication system needs to negotiate its own key, resulting in many key negotiation deduction processes, low efficiency, and signaling waste.

Disclosure of Invention

The application provides a key processing method and a key processing device, which are used for solving the problems that each communication system needs to negotiate and deduce own key, so that the key negotiation deduction processes are more, the efficiency is low, and signaling is wasted.

In a first aspect, an embodiment of the present application provides a key processing method, which may be executed by an analysis device, and the method includes the following steps: first, a first key parameter K is obtained, where the first key parameter K is a key parameter of a first communication system. Here, the first communication system may be determined according to actual conditions, which is not particularly limited in the embodiments of the present application, and the first secretThe key parameter K may be a key used by the first communication system for encryption and decryption and/or an integrity-protected key, etc. Secondly, determining a second key parameter K of the second communication system according to the first key parameter K and the identification of the second communication system_dWherein the first communication system is different from the second communication system. Similarly, the second communication system may be determined according to actual situations, and this is not particularly limited in the embodiment of the present application. The identifier of the second communication system may be information used for identifying the identity of the second communication system, such as a name or a number of the second communication system. The second key parameter K_dMay be a key of the second communication system or a key for generating the second communication system, the key of the second communication system may be a key for encryption and decryption and/or an integrity protected key of the second communication system, etc.

According to the embodiment of the application, the first key parameter K of the first communication system is obtained, and then the second key parameter K of the second communication system is determined according to the first key parameter K and the identification of the second communication system_dTherefore, under the condition that all communication systems are completely independent, the key parameters of other communication systems are determined according to the key parameters of a certain communication system, and the other communication systems can generate keys for encryption and decryption and/or keys for integrity protection and the like based on the key parameters, so that the key negotiation deduction process is omitted, the signaling is greatly saved, and the efficiency is improved.

In addition, the analysis device may be applied to the first communication system or the second communication system, and similarly, how to set the analysis device may be determined according to actual situations, for example, the analysis device may be applied independently of the first communication system and the second communication system, and the present embodiment is not particularly limited thereto.

In one possible design, the analysis device is applied to the first communication system, and the second key parameter K for the second communication system is determined_dThen, the method further comprises the following steps:

sending the second key parameter K to the second communication system_dThe above-mentionedSecond key parameter K_dFor the second communication system to determine the target type key.

For example, the analyzing device determines a second key parameter K of the second communication system_dThen, the second key parameter K is sent to the second communication system_dThe second communication system may save the second key parameter K_dAs an intermediate key of the system, and then determining a key for encryption and/or integrity protection, or directly applying the second key parameter K_dEncryption and/or integrity protection for the system, thereby omitting the system key agreement deduction process.

In one possible design, the second key parameter K is_dCorresponding to the target type key.

Determining a second key parameter K of the second communication system according to the first key parameter K and the identifier of the second communication system_dThe method comprises the following steps:

determining the second key parameter K of the second communication system according to the first key parameter K, the identifier of the second communication system and the type identifier of the target type key_d。

Here, the second key parameter K is_dCorresponding target type key, wherein corresponding refers to the second key parameter K_dFor generating a target type key, or, the second key parameter K_dIs the target type key. The target type key may be a key used by the second communication system for encryption and decryption and/or an integrity protected key, etc.

Determining a second key parameter K of the second communication system at the analysis device_dIn the process, the first key parameter K and the identification of the second communication system are considered, and the type identification of the target type key is also considered, so that the second key parameter K meeting the key requirement of the second communication system is accurately generated_dThe type identifier of the target type key may be information used to identify the type of the target type key, such as a type name or a number of the target type key.

One kind of possibilityThe target type key is the second key parameter K_d。

Wherein if the second key parameter K is set_dIs equal to the length of the target type key, which is the second key parameter K_d。

In one possible design, the method further includes:

determining the length of the target type key;

if the second key parameter K is above_dIs equal to the length of the target type key, the target type key is determined to be the second key parameter K_d。

Here, if the above-mentioned second key parameter K_dIs equal to the length of the target type key, the target type key is determined to be the second key parameter K_d。

The second key parameter K_dIs longer than the target type key;

the target type key is the second key parameter K_dM bits from a preset position, where M is the length of the target type key, the preset position is predefined or configured, and M is an integer greater than 0.

Illustratively, the preset position may include at least one of a most significant bit and a least significant bit. If the above-mentioned second key parameter K_dIs greater than the length of the target type key, which is the second key parameter K_dM bits from a predetermined position, e.g. the target type key is the second key parameter K_dM bits from the most significant bit, or the target type key is the second key parameter K_dOf which M bits start from the least significant bit.

In one possible design, the method further includes:

determining the length of the target type key;

if the second key parameter K is above_dIs greater than the length of the target type key, the target type key is determined to be the second key parameter K_dM bits from a preset position, where M is the length of the target type key, the preset position is predefined or configured, and M is an integer greater than 0.

Here, after determining the length of the target type key, if the second key parameter K is greater than the target type key_dIs greater than the length of the target type key, the second key parameter K is required_dIntercepting to determine the target type key as the second key parameter K_dM bits from a predetermined position, for example, the target type key is determined as the second key parameter K_dM bits from the most significant bit, or, determining the target type key as the second key parameter K_dOf which M bits start from the least significant bit.

In one possible design, the second key parameter corresponds to a target type key.

determining the length of the target type key;

determining a second key parameter K of the second communication system by a first key derivation function, the first key parameter K and an identifier of the second communication system_d；

The first key derivation function is determined according to the length of the target type key, or the first key derivation function corresponds to the length of the target type key, which may also be understood as a correspondence relationship between the first key derivation function and the length of the target type key.

Here, different key lengths may correspond to different or the same key derivation function, and different key types may correspond to different or the same key derivation function, depending on the system configuration. For example, the first key derivation function may be set to be determined according to the length of the target type key.

Determining a second key parameter K of said second communication system_dFirst, a first key derivation function is determined in consideration of the length of the target type key, and then a second key parameter K of the second communication system is determined by the first key derivation function, the first key parameter K, and an identifier of the second communication system_dQuickly and accurately generating a second key parameter K meeting the key requirement of a second communication system_d。

Wherein, the Key Derivation Function (KDF) can be used to derive the input key of various algorithms, for example, the first key parameter K and the identification of the second communication system can be used as input parameters to generate the second key parameter K of the second communication system_dExemplary, such as: k_dKDF (K, identification of the second communication system). In addition, the KDF may also include other input parameters, which are not particularly limited in this application.

The first key parameter K comprises a plurality of first key parameters K₁-K_NWherein N is an integer greater than 1;

determining a second key parameter K of the second communication system according to the first key parameter K and the identifier of the second communication system_d(ii) a The method comprises the following steps:

according to the plurality of first key parameters K₁-K_NAnd an identifier of the second communication system, determining a plurality of second key parameters K of the second communication system_d1-K_dN；

Wherein the target type key is the second key parameters K_d1-K_dNOr the target type key is the plurality of second key parameters K_d1-K_dNM bits in the combination of (a) and (b),wherein, M is the length of the target type key, and M is an integer greater than 0.

Here, if the above-mentioned second key parameter K_dIs smaller than the length of the target type key, and may be based on a plurality of first key parameters K₁-K_NAnd an identifier of the second communication system, determining a plurality of second key parameters K of the second communication system_d1-K_dNThereby, the target type key is made to be the plurality of second key parameters K_d1-K_dNE.g. if the length of said target type key is exactly equal to said plurality of second key parameters K_d1-K_dNThe target type key is the plurality of second key parameters K_d1-K_dNCombinations of (a) and (b). Wherein the plurality of second key parameters K may be arranged in a preset order_d1-K_dNThe preset sequence can be set according to actual conditions, and the embodiment of the present application does not particularly limit this. Illustratively, the target type key K is set as the target type key_d1||K_d2……||K_dN。

Or, the target type key is made to be the plurality of second key parameters K_d1-K_dNE.g. if the length of the target type key is smaller than the plurality of second key parameters K_d1-K_dNThe target type key is the plurality of second key parameters K_d1-K_dNM bits in the combination of (1), M being the length of the target type key.

In one possible design, the target type key is the plurality of second key parameters K_d1-K_dNM bits from a predetermined position, wherein the predetermined position is predefined or configured. Illustratively, the preset position may include at least one of a most significant bit and a least significant bit.

Illustratively, the preset position is the most significant bit, and the target type key is MSB (K)_d1||K_d2……||K_dNM bits). Where MSB denotes the most significant bit.

One possible design is that the plurality of first key parameters K₁-K_NAre obtained from a plurality of freshness parameters.

The value of N is determined according to the length of the target type key, or the value of N corresponds to the length of the target type key, which can also be understood as that the value of N corresponds to the target type key.

Here, different or the same key length may be corresponding to different numbers of keys, and different or the same key length may also be corresponding to different key types, depending on the system configuration, where the value of N may be set to be determined according to the length of the target type key.

In one possible design, the freshness parameters are generated randomly, or the freshness parameters are a plurality of values at equal intervals, or a timestamp-related value, or the like.

Here, in addition to the above cases, the above freshness parameters may be determined according to actual situations, and this is not particularly limited by the embodiment of the present application.

In one possible design, the method further includes:

determining the length of the target type key;

if the second key parameter K is above_dIs less than the length of the target type key, based on the plurality of first key parameters K₁-K_NAnd an identifier of the second communication system, determining a plurality of second key parameters K of the second communication system_d1-K_dN；

Determining the target type key as the plurality of second key parameters K_d1-K_dNOr, determining the target type key as the plurality of second key parameters K_d1-K_dNM bits in the combination of (1), where M is the length of the target type key, N is an integer greater than 1, and M is an integer greater than 0.

In one possible design, the second key parameter K of the second communication system is determined according to the first key parameter K and the identifier of the second communication system_dThe method comprises the following steps:

determining the second key parameter K by a second key derivation function, the first key parameter K and an identification of a second communication system_d。

In one possible design, the second key derivation function corresponds to the second communication system.

Here, different communication systems may correspond to different or the same key derivation function, depending on the system configuration. For example, the second key derivation function may be configured to correspond to the second communication system, and the second key parameter K may be determined according to the first key parameter K and the identifier of the second communication system through the second key derivation function corresponding to the second communication system_dThereby omitting the process of the second communication system key agreement deduction.

One possible design may include, for example, a Hash-based Message Authentication code (HMAC) -Secure Hash Algorithm (SHA) 256, HMAC-SHA3, HMAC-SM3, and the like. The key derivation function used in the present application may also use other key derivation functions in addition to the above, and this is not particularly limited in this embodiment of the present application.

Here, the algorithms and criteria used for the key derivation functions in the present application include, but are not limited to, those listed above, and the algorithms and criteria used for the key derivation functions in the present application may include other algorithms and criteria.

In a second aspect, an embodiment of the present application provides another key processing method, which may be performed by an analysis apparatus, and the method includes: obtaining a second key parameter K of a second communication system_dWherein the second key parameter K_dThe key parameter K is determined based on a first key parameter K and an identifier of the second communication system, and the first key parameter K is a key parameter of the first communication system. Here, onThe first communication system is different from the second communication system, and the first communication system and the second communication system may be determined according to actual situations, which is not particularly limited in the embodiments of the present application. The first key parameter K may be a key used by the first communication system for encryption and decryption and/or an integrity protected key, etc. The identifier of the second communication system may be a name or a number of the second communication system, or information for identifying the identity of the second communication system. The second key parameter K_dMay be a key of the second communication system or a key for generating the second communication system, the key of the second communication system may be a key for encryption and decryption and/or an integrity protected key of the second communication system, etc.

The embodiment of the application acquires the second key parameter K of the second communication system_dWherein the second key parameter K_dThe key parameter is determined based on the first key parameter K and the identifier of the second communication system, so that the key parameter of the communication system is determined through the key parameter of a certain communication system under the condition that all communication systems are completely independent, and further, a key for encryption and decryption and/or a key for integrity protection and the like are generated based on the key parameter, so that the key negotiation deduction process is omitted, the signaling is greatly saved, and the efficiency is improved.

In one possible design, the second key parameter K is_dCorresponding to the target type key. Wherein, corresponding refers to the second key parameter K_dFor generating a target type key, or, the second key parameter K_dIs the target type key. The target type key may be a key used by the second communication system for encryption and decryption and/or an integrity protected key, etc.

In one possible design, the target type key is the second key parameter K_d。

Here, if the above-mentioned second key parameter K_dIs equal to the length of the target type key, which is the second key parameter K_d。

In one possible design, the second key parameter K is_dIs longer than the above targetThe length of the type key.

In one possible design, the first key parameter K includes a plurality of first key parameters K₁-K_NWherein N is an integer greater than 1.

A plurality of second key parameters K of the second communication system_d1-K_dNIs based on the plurality of first key parameters K₁-K_NAnd an identity of the second communication system.

Wherein the target type key is the second key parameters K_d1-K_dNOr the target type key is the plurality of second key parameters K_d1-K_dNM bits in the combination of (1), M being the length of the target type key, M being an integer greater than 0.

Here, if the above-mentioned second key parameter K_dIs smaller than the length of the target type key, a plurality of second key parameters K of the second communication system_d1-K_dNMay be based on a plurality of first key parameters K₁-K_NAnd the identity of the second communication system is determined such that the target type key is the plurality of second key parameters K_d1-K_dNIn combination, e.g. if the above mentioned objects areThe length of the target type key is exactly equal to the plurality of second key parameters K_d1-K_dNThe target type key is the plurality of second key parameters K_d1-K_dNCombinations of (a) and (b). Wherein the plurality of second key parameters K may be arranged in a preset order_d1-K_dNThe preset sequence can be set according to actual conditions, and the embodiment of the present application does not particularly limit this. Illustratively, the target type key K is set as the target type key_d1||K_d2……||K_dN。

One possible design is that the plurality of first key parameters K₁-K_NIs obtained according to a plurality of freshness parameters;

In a third aspect, embodiments of the present application provide a key processing apparatus, where the key processing apparatus may be the analysis apparatus itself, or a chip or an integrated circuit that implements the functions of the analysis apparatus. The device includes:

an obtaining module, configured to obtain a first key parameter K, where the first key parameter K is a key parameter of a first communication system;

a determining module, configured to determine a second key parameter K of the second communication system according to the first key parameter K and the identifier of the second communication system_d；

Wherein the first communication system is different from the second communication system.

In one possible design, the apparatus further includes a sending module, configured to determine, at the determining module, a second key parameter K of the second communication system_dThen, the second key parameter K is sent to the second communication system_dThe second key parameter K_dFor the second communication system to determine the target type key.

The determining module is specifically configured to:

determining a second key parameter K of the second communication system according to the first key parameter K, the identifier of the second communication system and the type identifier of the target type key_d。

In one possible design, the target type key is the second key parameter K_d。

In one possible design, the determining module is further configured to:

determining the length of the target type key;

In one possible design, the second key parameter K is_dA corresponding target type key;

the second key parameter K_dIs longer than the target type key;

In one possible design, the determining module is further configured to:

determining the length of the target type key;

In one possible design, the second key parameter corresponds to a target type key;

the determining module is specifically configured to:

determining the length of the target type key;

the determining module is specifically configured to:

Wherein the target type key is the second key parameters K_d1-K_dNOr the target type key is the plurality of second key parametersK_d1-K_dNM bits in the combination of (1), where M is the length of the target type key and M is an integer greater than 0.

In one possible design, the target type key is the plurality of second key parameters K_d1-K_dNM bits from a predetermined position, wherein the predetermined position is predefined or configured.

In one possible design, the determining module is specifically configured to:

In one possible design, the first key derivation function or the second key derivation function may include, for example, HMAC-SHA256, HMAC-SHA3, HMAC-SM3, or the like. The key derivation function used in the present application may also use other key derivation functions in addition to the above, and this is not particularly limited in this embodiment of the present application.

In a fourth aspect, the present application provides a key processing apparatus comprising at least one processor and at least one memory. The at least one memory stores computer instructions; the at least one processor executes the computer instructions stored by the memory to cause the computing device to perform the method provided by the first aspect or the various possible designs of the first aspect, to cause the key processing apparatus to deploy the key processing apparatus provided by the second aspect or the various possible designs of the second aspect.

In a fifth aspect, the present application provides a computer-readable storage medium having stored therein computer instructions that instruct a computing device to perform the method provided by the above first aspect or various possible designs of the first aspect, or instruct the computing device to deploy the key processing apparatus provided by the above second aspect or various possible designs of the second aspect.

In a sixth aspect, the present application provides a computer program product comprising computer instructions. Optionally, the computer instructions are stored in a computer readable storage medium. The computer instructions may be read by a processor of a computing device from a computer-readable storage medium, and the computer instructions, when executed by the processor, cause the computing device to perform the method provided by the above first aspect or the various possible designs of the first aspect, cause the computing device to deploy the key processing apparatus provided by the above second aspect or the various possible designs of the second aspect.

In a seventh aspect, an embodiment of the present application provides a chip including at least one processor and a communication interface. Further optionally, the chip further comprises at least one memory for storing computer instructions. Wherein the communication interface is configured to provide information input and/or output to the at least one processor. The at least one processor is configured to execute the instructions to implement the method of the first aspect and any possible implementation manner of the first aspect. Optionally, the at least one processor includes at least one of a Digital Signal Processor (DSP), a Central Processing Unit (CPU), or a Graphics Processing Unit (GPU).

Drawings

Fig. 1 is a schematic diagram of an application scenario provided in an embodiment of the present application;

fig. 2 is a schematic flowchart of a key processing method according to an embodiment of the present application;

fig. 3 is a schematic flowchart of another key processing method according to an embodiment of the present application;

fig. 4 is a schematic flowchart of another key processing method according to an embodiment of the present application;

fig. 5 is a schematic flowchart of another key processing method according to an embodiment of the present application;

fig. 6 is a schematic flowchart of another key processing method according to an embodiment of the present application;

fig. 7 is a schematic flowchart of another key processing method according to an embodiment of the present application;

fig. 8 is a schematic flowchart of another key processing method according to an embodiment of the present application;

fig. 9 is a schematic structural diagram of a key processing apparatus provided in the present application;

fig. 10A is a schematic diagram of a basic hardware architecture of a key processing apparatus provided in the present application;

fig. 10B is a schematic diagram of a basic hardware architecture of another key processing apparatus provided in the present application.

Detailed Description

The main implementation principle, the specific implementation mode and the corresponding beneficial effects of the technical scheme of the embodiment of the invention are explained in detail with reference to the drawings. In the following, the terms "first", "second" are used for descriptive purposes only and are not to be understood as implying or implying relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defined as "first" or "second" may explicitly or implicitly include one or more of that feature, and in the description of embodiments of the application, unless stated otherwise, "plurality" means two or more.

The key processing according to the embodiment of the present application is to determine a key parameter of the second communication system using a key parameter of the first communication system. The first communication system is different from the second communication system, so that the problems that each communication system needs to negotiate and deduce own secret key, so that the secret key negotiation deduction processes are multiple, the efficiency is low, and signaling is wasted are solved.

The key processing method and apparatus provided in the embodiment of the present application may be applied to a communication system, for example, one device has a plurality of communication systems, and the key processing method and apparatus provided in the embodiment of the present application may be applied to one or more communication systems of the device, where the device may be a device including a plurality of communication systems, such as a mobile phone, a vehicle, an unmanned aerial vehicle, or a robot, and the embodiment of the present application is not particularly limited thereto.

Optionally, the key processing method and apparatus provided in the embodiment of the present application may be applied to the application scenario shown in fig. 1. Fig. 1 only describes one possible application scenario of the key processing method provided in the embodiment of the present application by way of example, and the application scenario of the key processing method provided in the embodiment of the present application is not limited to the application scenario shown in fig. 1.

Fig. 1 is a schematic diagram of a key processing architecture of a device communication system. In fig. 1, taking a device as a mobile phone as an example, the device communication system key processing architecture includes an analysis apparatus 101, a mobile communication module 102, a wireless communication module 103, an antenna 1, an antenna 2, and a network or other device 104 communicating with the device.

It is to be understood that the illustrated structure of the embodiments of the present application does not constitute a specific limitation to the key processing architecture of the device communication system. In other possible embodiments of the present application, the device communication system key processing architecture may include more or less components than those shown in the drawings, or combine some components, or split some components, or arrange different components, which may be determined according to practical application scenarios, and is not limited herein. The components shown in fig. 1 may be implemented in hardware, software, or a combination of software and hardware.

In some possible embodiments, the mobile communication module 102 may include a system for wireless communication such as 2G/3G/4G/5G. The wireless communication module 103 may include a Wireless Local Area Network (WLAN) such as Wi-Fi, Bluetooth (BT), Global Navigation Satellite System (GNSS), Frequency Modulation (FM), Near Field Communication (NFC), Infrared (IR), and other wireless communication technologies, as well as systems of future possible short-range communication technologies.

In some possible embodiments, the antenna 1 is coupled to the mobile communication module 102, and the antenna 2 is coupled to the wireless communication module 103, so that the mobile communication module can communicate with a network and other devices through a wireless communication technology. The wireless communication technology may include global system for mobile communications (GSM), General Packet Radio Service (GPRS), code division multiple access (code division multiple access, CDMA), Wideband Code Division Multiple Access (WCDMA), time-division code division multiple access (time-division multiple access, TD-SCDMA), Long Term Evolution (LTE), and the like.

The analysis device 101 may be applied to a system of wireless communication such as 2G/3G/4G/5G of the mobile communication module 102, or may be applied to a system of wireless communication such as Wi-Fi, BT, GNSS, FM, NFC, IR of the wireless communication module 103, and similarly, the analysis device 101 may be applied independently of the mobile communication module and the wireless communication module, and how to set the analysis device may be determined according to actual situations, which is not limited in this embodiment of the application. For example, taking the analysis device 101 as an example applied to the mobile communication module and/or the wireless communication module, in fig. 1, for convenience of description, the analysis device 101 is connected to the mobile communication module 102 and the wireless communication module 103, which means that the analysis device 101 can be applied to one or more communication systems of the mobile communication module 102 and the wireless communication module 103.

The analysis means 101 is arranged to determine key parameters of other communication systems using key parameters of a certain communication system. For example, the key parameter of Wi-Fi is determined by using the key parameter of BT, thereby solving the problems that each communication system of the device needs to negotiate and deduce its own key, resulting in many key negotiation deduction processes, low efficiency, and signaling waste.

It should be understood that the network architecture and the service scenario described in the embodiment of the present application are for more clearly illustrating the technical solution of the embodiment of the present application, and do not form a limitation on the technical solution provided in the embodiment of the present application, and as a person having ordinary skill in the art knows that along with the evolution of the network architecture and the appearance of a new service scenario, the technical solution provided in the embodiment of the present application is also applicable to similar technical problems.

The following describes a key processing method provided in an embodiment of the present application in detail with reference to the accompanying drawings. The subject of execution of the method may be the analysis device 101 in fig. 1. The workflow of the analysis apparatus 101 mainly includes an acquisition phase and a determination phase. In the acquisition phase, the analysis apparatus 101 acquires a key parameter of the first communication system. In the determination stage, the analysis device 101 determines the second key parameter of the second communication system according to the key parameter of the first communication system and the identifier of the second communication system, and further determines the key parameters of other communication systems according to the key parameter of a certain communication system under the condition that the communication systems are completely independent, so that the other communication systems can generate a key for encryption and decryption and/or a key for integrity protection and the like based on the key parameters, and a key negotiation deduction process is omitted, thereby greatly saving signaling and improving efficiency.

The technical solutions of the present application are described below with several embodiments as examples, and the same or similar concepts or processes may not be described in detail in some embodiments.

Fig. 2 is a schematic flow chart of a key processing method according to an embodiment of the present disclosure, where an execution subject of the embodiment may be the analysis device 101 in fig. 1, and a specific execution subject may be determined according to an actual application scenario. As shown in fig. 2, the method may include the following steps.

S201: and acquiring a first key parameter K, wherein the first key parameter K is a key parameter of the first communication system.

Here, the first key parameter K may be a key used by the first communication system for encryption and decryption, an integrity protection key, or the like. The first communication system may be determined according to practical situations, and is not particularly limited in the embodiments of the present application, for example, each communication system in a mobile phone is taken as an example, and the first communication system may be a BT system or other possible short-range communication technologies.

S202: determining a second key parameter K of the second communication system according to the first key parameter K and the identifier of the second communication system_d。

The second communication system may also be determined according to actual situations, which is not particularly limited in the embodiments of the present application, for example, each communication system in a mobile phone is also taken as an example, and if the first communication system is a BT system, the second communication system may be a WiFi system.

The identifier of the second communication system may be information used for identifying the identity of the second communication system, such as a name or a number of the second communication system.

The second key parameter K_dMay be a key of the second communication system or a key for generating the second communication system, the key of the second communication system may be a key for encryption and decryption and/or an integrity protected key of the second communication system, etc.

In some possible embodiments, the analyzing device is applied to the first communication system, and the second key parameter K of the second communication system is determined_dThen, the method further comprises the following steps:

sending the second key parameter K to the second communication system_dThe second key parameter K_dFor the second communication system to determine the target type key.

For example, the analyzing device determines a second key parameter K of the second communication system_dThen, the second key parameter K is sent to the second communication system_dThe second communication system may save the second key parameter K_dAs an intermediate key of the system, and then determining a key for encryption and/or integrity protection, or directly applying the second key parameter K_dEncryption and/or integrity protection for the system, thereby omitting the system key agreement pushAnd (5) performing an arithmetic process.

According to the embodiment of the application, the first key parameter K of the first communication system is obtained, and then the second key parameter K of the second communication system is determined according to the first key parameter K and the identification of the second communication system_dTherefore, under the condition that all communication systems are completely independent, the key parameters of other communication systems are determined according to the key parameters of a certain communication system, so that other communication systems can generate keys for encryption and decryption and/or keys for integrity protection and the like based on the key parameters, the process of key negotiation deduction is omitted, signaling is saved, and efficiency is improved.

In addition, the embodiment of the application determines the second key parameter K of the second communication system_dNot only the first key parameter K and the identity of the second communication system but also the type of key is taken into account. Fig. 3 is a schematic flow chart of another key processing method according to an embodiment of the present application, and an execution subject of the embodiment may be the analysis device 101 in the embodiment shown in fig. 1. As shown in fig. 3, the method includes:

s301: and acquiring a first key parameter K, wherein the first key parameter K is a key parameter of the first communication system.

Step S301 is the same as the implementation of step S201, and is not described herein again.

S302: second key parameter K_dCorresponding to the target type key, determining the second key parameter K of the second communication system according to the first key parameter K, the identifier of the second communication system and the type identifier of the target type key_d。

In some possible embodiments, the second key parameter K of the second communication system is determined as described above_dBefore, still include:

determining a second key parameter K_dCorresponding target type key, and further determining the second key parameter K of the second communication system according to the first key parameter K, the identifier of the second communication system and the type identifier of the target type key_d。

For example, before determining the Key parameter of the Wi-Fi by using the Key parameter of the BT, a target type Key corresponding to the Key parameter of the Wi-Fi, such as a Pair Transient Key (PTK) and a Group Transient Key (GTK), is determined, and then the Key parameter of the Wi-Fi is determined according to the Key parameter of the BT, the identifier of the Wi-Fi system, and the type identifier of the target type Key.

According to the embodiment of the application, the first key parameter K, the identifier of the second communication system and the type identifier of the target type key corresponding to the second key parameter are considered, so that the second key parameter K meeting the key requirement of the second communication system is accurately generated_dAnd, by acquiring the first key parameter K of the first communication system, determining the second key parameter K of the second communication system_dUnder the condition that all communication systems are completely independent, key parameters of other communication systems can be determined according to key parameters of a certain communication system, so that other communication systems can generate keys for encryption and decryption and/or keys for integrity protection and the like based on the key parameters, the process of key negotiation deduction is omitted, signaling is greatly saved, andthe efficiency is high.

In addition, if the second key parameter K is set_dIs equal to the second key parameter K_dThe length of the corresponding target type key, which is the second key parameter K_d. Fig. 4 is a schematic flow chart of another key processing method according to an embodiment of the present disclosure, and an execution subject of the embodiment may be the analysis device 101 in the embodiment shown in fig. 1. As shown in fig. 4, the method includes:

s401: and acquiring a first key parameter K, wherein the first key parameter K is a key parameter of the first communication system.

Step S401 is the same as the implementation of step S201, and is not described herein again.

S402: second key parameter K_dCorresponding to the target type key, determining the second key parameter K of the second communication system according to the first key parameter K and the identifier of the second communication system_d。

Wherein the first communication system is different from the second communication system. The target type key is the second key parameter K_d。

In some possible embodiments, the second key parameter K of the second communication system is determined_dThen, the method further comprises the following steps:

determining the length of the target type key;

If the above-mentioned second key parameter K_dIs equal to the length of the target type key, the target type key is determined to be the second key parameter K_dFurthermore, the second communication system may directly apply the second key parameter K_dEncryption and/or integrity protection for the system, thereby omitting the system key agreement deduction process.

According to the embodiment of the application, the second key parameter K of the second communication system is determined by obtaining the first key parameter K of the first communication system_dIf the second key parameter K is_dIs equal to the second key parameter K_dThe length of the corresponding target type key is the second key parameter K_dTherefore, under the condition that all communication systems are completely independent, the key parameters of other communication systems are determined according to the key parameters of a certain communication system, so that other communication systems can generate keys for encryption and decryption and/or keys for integrity protection and the like based on the key parameters, the process of key negotiation deduction is omitted, signaling is greatly saved, and efficiency is improved.

In addition, if the second key parameter K is set_dIs greater than the second key parameter K_dThe length of the corresponding target type key, which is the second key parameter K_dM bits from a preset position.

Fig. 5 is a schematic flow chart of another key processing method according to an embodiment of the present application, and an execution subject of the embodiment may be the analysis device 101 in the embodiment shown in fig. 1. As shown in fig. 5, the method includes:

s501: and acquiring a first key parameter K, wherein the first key parameter K is a key parameter of the first communication system.

Step S501 is the same as the implementation of step S201, and is not described herein again.

S502: second key parameter K_dCorresponding to the target type key, determining the second key parameter K of the second communication system according to the first key parameter K and the identifier of the second communication system_d。

Wherein the first communication system is different from the second communication system. The second key parameter K_dIs greater than the length of the target type key, which is the second key parameter K_dM bits from a preset position, where M is the length of the target type key, the preset position is predefined or configured, and M is an integer greater than 0.

Here, the preset position may include at least one of the most significant bit and the least significant bit. If the above-mentioned second key parameter K_dIs greater than the length of the target type key, which is the second key parameter K_dM bits from a predetermined position, e.g. the target type key is the second key parameter K_dM bits from the most significant bit, or the target type key is the second key parameter K_dOf which M bits start from the least significant bit.

In addition, the preset position may be set according to actual conditions besides the above conditions, and this is not particularly limited in the embodiment of the present application.

determining the length of the target type key;

Here, after determining the length of the target type key, if the second key parameter K is greater than the target type key_dIs greater than the length of the target type key, the second key parameter K is required_dIntercepting to determine the target type key as the second key parameter K_dM bits from a predetermined position, for example, the target type key is determined as the second key parameter K_dM bits from the most significant bit, or, determining the target type key as the secondKey parameter K_dOf which M bits start from the least significant bit.

According to the embodiment of the application, the second key parameter K of the second communication system is determined by obtaining the first key parameter K of the first communication system_dIf the second key parameter K is_dIs greater than the second key parameter K_dThe length of the corresponding target type key is the second key parameter K_dThe method comprises the following steps that M bits are started from a preset position, wherein M is the length of the target type key, so that under the condition that all communication systems are completely independent, key parameters of other communication systems are determined according to the key parameters of a certain communication system, the other communication systems can generate keys for encryption and decryption and/or keys for integrity protection and the like based on the key parameters, the key negotiation deduction process is omitted, signaling is greatly saved, and efficiency is improved.

In addition, the embodiment of the application determines the second key parameter K of the second communication system_dIs determined by the first key derivation function.

Fig. 6 is a schematic flow chart of another key processing method according to an embodiment of the present application, and an execution subject of the embodiment may be the analysis device 101 in the embodiment shown in fig. 1. As shown in fig. 6, the method includes:

s601: and acquiring a first key parameter K, wherein the first key parameter K is a key parameter of the first communication system.

Step S601 is the same as the implementation of step S201, and is not described herein again.

S602: second key parameter K_dAnd determining the length of the target type key corresponding to the target type key.

S603: determining a second key parameter K of the second communication system by a first key derivation function, the first key parameter K and an identifier of the second communication system_d。

Wherein, the Key Derivation Function (KDF) can be used to derive the input key of various algorithms, for example, the first key parameter K and the identification of the second communication system can be used as input parameters to generate the second key parameter K of the second communication system_dExemplary, such as: k_dKDF (K, identification of the second communication system).

In addition, the KDF may also include other input parameters, such as the second key parameter K described above_dThe input parameter of the KDF may further include a type identifier of the target type key, and in addition, the input parameter of the KDF may further include an identifier of the first communication system, which is not particularly limited in this embodiment of the application.

Illustratively, the determining the second key parameter K of the second communication system_dThe method also comprises the following steps:

determining the second key parameter K according to a first key derivation function, the first key parameter K, an identifier of a second communication system, and a type identifier of the target type key_d. For example, the first key parameter K and the second communication system may be used as the targetThe type identification of the target type key is used as an input parameter to generate a second key parameter K of the second communication system_d，K_dKDF (K, identification of the second communication system, type identification of the target type key). Wherein the type identification of the target type key is an optional parameter.

Illustratively, the above-mentioned determination of the second key parameter K is performed_dThe method can also comprise the following steps:

determining the second key parameter K according to a first key derivation function, the first key parameter K, an identifier of the first communication system, an identifier of the second communication system, and a type identifier of the target type key_d，K_dKDF (K, identity of the first communication system, identity of the second communication system, type identity of the target type key), wherein the identity of the first communication system and the type identity of the target type key are optional parameters.

In some possible embodiments, the first key derivation function may include, for example, HMAC-SHA256, HMAC-SHA3, HMAC-SM3, and the like. The key derivation function used in the present application may also use other key derivation functions in addition to the above, and this is not particularly limited in this embodiment of the present application.

In addition, the algorithms and criteria used by the key derivation function in the embodiment of the present application may also include other algorithms and criteria, and the embodiment of the present application does not particularly limit this.

Here, the key derivation function may include different algorithms, such as the HMAC-SHA256, HMAC-SHA3, and HMAC-SM3, etc., described above. Thus, the input parameters of the KDF may also include an algorithm identification for identifying a different algorithm, and accordingly, the above-mentioned determination of the second key parameter K may be performed_dThe method can also comprise the following steps:

determining the second key parameter K according to a first key derivation function, the first key parameter K, an identifier of the first communication system, an identifier of the second communication system, a type identifier of the target type key, and an algorithm identifier_d，K_dKDF (K, identity of first communication system, identity of second communication system, type label of target type keyIdentity, algorithm identity), wherein the identity of the first communication system, the type identity of the target type key and the algorithm identity are optional parameters.

In the embodiment of the present application, a first key derivation function is determined by considering the length of the target type key, and then a second key parameter K meeting the key requirement of the second communication system is generated by the first key derivation function, the first key parameter K, and the identifier of the second communication system_dAnd, by acquiring the first key parameter K of the first communication system, determining the second key parameter K of the second communication system_dUnder the condition that all communication systems are completely independent, key parameters of other communication systems can be determined according to the key parameters of a certain communication system, so that other communication systems can generate keys for encryption and decryption and/or keys for integrity protection and the like based on the key parameters, the process of key negotiation deduction is omitted, signaling is greatly saved, and efficiency is improved.

In addition, if the second key parameter K is set_dIs less than the second key parameter K_dLength of corresponding target type key, wherein the target type key is a plurality of second key parameters K_d1-K_dNOr the target type key is the plurality of second key parameters K_d1-K_dNM bits in the combination of (a). Fig. 7 is a flowchart illustrating another key processing method according to an embodiment of the present application, where an execution subject of the embodiment may be the analysis device 101 in the embodiment shown in fig. 1. As shown in fig. 7, the method includes:

s701: and acquiring a first key parameter K, wherein the first key parameter K is a key parameter of the first communication system.

Step S701 is the same as the implementation of step S201, and is not described herein again.

S702: second key parameter K_dCorresponding to the target type key, the first key parameter K includes multiple first key parameters K₁-K_NAccording to the plurality of first key parameters K₁-K_NAnd identification of the second communication systemDetermining a plurality of second key parameters K for the second communication system_d1-K_dNWherein N is an integer greater than 1.

Wherein the target type key is the second key parameters K_d1-K_dNOr the target type key is the plurality of second key parameters K_d1-K_dNM bits in the combination of (1), where M is the length of the target type key and M is an integer greater than 0.

In some possible embodiments, the target type key is the plurality of second key parameters K_d1-K_dNM bits from a predetermined position, wherein the predetermined position is predefined or configured. Illustratively, the preset position may include at least one of a most significant bit and a least significant bit.

In some possible embodiments, the plurality of first key parameters K is₁-K_NAre obtained from a plurality of freshness parameters (fresh).

In some possible embodiments, the freshness parameters are generated randomly, or the freshness parameters are a plurality of equally spaced values, or timestamp-related values, or the like.

In some possible embodiments, the method further comprises:

determining the length of the target type key;

if the second key parameter K is above_dIs less than the length of the target type key, based on the plurality of first key parameters K₁-K_NAnd an identification of the second communication system, determining the identity of the second communication systemA plurality of second key parameters K_d1-K_dNWherein N is an integer greater than 1;

determining the target type key as the plurality of second key parameters K_d1-K_dNOr, determining the target type key as the plurality of second key parameters K_d1-K_dNM bits in the combination of (1), where M is the length of the target type key.

According to the embodiment of the application, the second key parameter K of the second communication system is determined by obtaining the first key parameter K of the first communication system_dIf the second key parameter K is_dIs less than the second key parameter K_dThe length of the corresponding target type key is determined according to a plurality of first key parameters K contained in the first key parameters K₁-K_NAnd an identifier of the second communication system, determining a plurality of second key parameters K of the second communication system_d1-K_dNThe target type key is the second key parameters K_d1-K_dNOr the target type key is the plurality of second key parameters K_d1-K_dNThe combination of the above-mentioned two communication systems, wherein M is the length of the target type key, so that under the condition that the communication systems are completely independent, the key parameters of other communication systems are determined according to the key parameters of a certain communication system, so that the other communication systems can generate keys for encryption and decryption and/or keys for integrity protection and the like based on the key parameters, thereby omitting the process of key negotiation deduction, greatly saving signaling and improving efficiency.

In addition, the embodiment of the application determines the second key parameter K of the second communication system_dIs determined by the second key derivation function. Fig. 8 is a flowchart illustrating another key processing method according to an embodiment of the present application, where an execution subject of the embodiment may be the analysis device 101 in the embodiment shown in fig. 1. As shown in fig. 8, the method includes:

s801: and acquiring a first key parameter K, wherein the first key parameter K is a key parameter of the first communication system.

Step S801 is the same as the implementation of step S201, and is not described herein again.

S802: determining the second key parameter K by a second key derivation function, the first key parameter K and an identification of a second communication system_d。

In some possible embodiments, the second key derivation function corresponds to the second communication system.

In addition, the KDF may also include other input parameters, where the first key parameter K includes a plurality of first key parameters K₁-K_NDetermining a plurality of second key parameters K of the second communication system_d1-K_dNFor example.

The input parameters of the KDF further comprise a type identifier of a target type key, said determining a plurality of second key parameters K of said second communication system_d1-K_dNThe method can comprise the following steps:

through KDF, the plurality of first key parameters K₁-K_NDetermining a plurality of second key parameters K of the second communication system, the identification of the second communication system and the type identification of the target type key_d1-K_dN。

Illustratively, the above-mentioned plurality of groups can be divided intoA key parameter K₁-K_NGenerating a plurality of second key parameters K of the second communication system by taking the identifier of the second communication system and the type identifier of the target type key as input parameters_d1-K_dNThe second key parameter is KDF (first key parameter, identification of the second communication system, type identification of the target type key). Wherein the type identification of the target type key is an optional parameter.

Here, the KDF may also comprise other input parameters, for example also an identification of the first communication system, in addition to the plurality of first key parameters K mentioned above₁-K_NObtained from a plurality of freshness parameters, the input parameters of the KDF may also include the freshness parameter.

Illustratively, if the input parameter of the KDF further comprises an identification of the first communication system, the determining of the plurality of second key parameters K of the second communication system is performed_d1-K_dNThe method can also comprise the following steps: through KDF, the plurality of first key parameters K₁-K_NThe identification of the first communication system, the identification of the second communication system and the type identification of the target type key determine a plurality of second key parameters K of the second communication system_d1-K_dNAnd the second key parameter is KDF (first key parameter, the identifier of the first communication system, the identifier of the second communication system, and the type identifier of the target type key), where the identifier of the first communication system and the type identifier of the target type key are optional parameters.

Determining a plurality of second key parameters K for said second communication system if the input parameters of the KDF further comprise a freshness parameter_d1-K_dNThe method can also comprise the following steps: through KDF, the plurality of first key parameters K₁-K_NDetermining a plurality of second key parameters K of the second communication system by using the freshness parameter, the identification of the second communication system and the type identification of the target type key_d1-K_dNKDF (first key parameter, freshness parameter, identifier of the second communication system, type identifier of the target type key), wherein the freshness parameter and the type identifier of the target type key are optional parameters。

Determining a plurality of second key parameters K for said second communication system if the input parameters of the KDF further comprise an identification and freshness parameter of the first communication system_d1-K_dNThe method can also comprise the following steps: through KDF, the plurality of first key parameters K₁-K_NDetermining a plurality of second key parameters K of the second communication system by using the freshness parameter, the identifier of the first communication system, the identifier of the second communication system and the type identifier of the target type key_d1-K_dNAnd a second key parameter (KDF) (first key parameter, freshness parameter, identifier of the first communication system, identifier of the second communication system, and type identifier of the target type key), wherein the freshness parameter, the identifier of the first communication system, and the type identifier of the target type key are optional parameters.

In some possible embodiments, the second key derivation function may include, for example, HMAC-SHA256, HMAC-SHA3, HMAC-SM3, and the like. The key derivation function used in the present application may also use other key derivation functions in addition to the above, and this is not particularly limited in this embodiment of the present application.

Here, the key derivation function may include different algorithms, such as the HMAC-SHA256, HMAC-SHA3, and HMAC-SM3, etc., described above. The input parameters of the KDF may therefore also include an algorithm identification for identifying different algorithms, and correspondingly, the above-mentioned determining of the plurality of second key parameters K of the second communication system_d1-K_dNThe method can also comprise the following steps:

through KDF, the plurality of first key parameters K₁-K_NDetermining a plurality of second key parameters K of the second communication system by using the freshness parameter, the identifier of the first communication system, the identifier of the second communication system, the type identifier of the target type key and the algorithm identifier_d1-K_dNSecond key parameter KDF (first key parameter, freshness parameter, standard of the first communication system)Identity of the second communication system, type identity of the target type key, algorithm identity), wherein the freshness parameter, the identity of the first communication system, the type identity of the target type key and the algorithm identity are optional parameters.

According to the embodiment of the application, the second key parameter K meeting the key requirement of the second communication system is accurately generated through the second key derivation function according to the first key parameter K and the identifier of the second communication system_dAnd, by acquiring the first key parameter K of the first communication system, determining the second key parameter K of the second communication system_dUnder the condition that all communication systems are completely independent, key parameters of other communication systems can be determined according to the key parameters of a certain communication system, so that other communication systems can generate keys for encryption and decryption and/or keys for integrity protection and the like based on the key parameters, the process of key negotiation deduction is omitted, signaling is greatly saved, and efficiency is improved.

Fig. 9 is a schematic structural diagram of a key processing apparatus provided in the present application, where the apparatus includes: an acquisition module 901, a determination module 902 and a sending module 903. The key processing device here may be the analysis device itself, or a chip or an integrated circuit that implements the functions of the analysis device. It should be noted here that the division of the obtaining module and the determining module is only a division of logical functions, and the obtaining module and the determining module may be integrated or independent physically.

The obtaining module 901 is configured to obtain a first key parameter K, where the first key parameter K is a key parameter of a first communication system.

A determining module 902, configured to determine a second key parameter K of the second communication system according to the first key parameter K and the identifier of the second communication system_d。

In one possible design, the sending module 903 is configured to determine the second key parameter K of the second communication system in the determining module 902_dThereafter, the second communication system transmits the second signal to the second communication systemKey parameter K_dThe second key parameter K_dFor the second communication system to determine the target type key.

The determining module 902 is specifically configured to:

In one possible design, the target type key is the second key parameter K_d。

In one possible design, the determining module 902 is further configured to:

determining the length of the target type key;

the second key parameter K_dIs longer than the target type key;

In one possible design, the determining module 902 is further configured to:

determining the length of the target type key;

if the second key parameter K is above_dIs greater than the length of the target type key, then it is confirmedDefining the target type key as the second key parameter K_dM bits from a preset position, where M is the length of the target type key, and the preset position is predefined or configured.

the determining module 902 is specifically configured to:

determining the length of the target type key;

the determining module 902 is specifically configured to:

In one possible design, the determining module 902 is specifically configured to:

In one possible design, the first key derivation function or the second key derivation function includes at least one of HMAC-SHA256, HMAC-SHA3, and HMAC-SM 3.

The apparatus of this embodiment may be correspondingly used to implement the technical solutions in the embodiments shown in the foregoing methods, and the implementation principles, implementation details, and technical effects thereof are similar and will not be described herein again.

Alternatively, fig. 10A and 10B schematically provide one possible basic hardware architecture of the key processing apparatus described herein.

Referring to fig. 10A and 10B, the key processing device 1000 includes at least one processor 1001 and a communication interface 1003. Further optionally, a memory 1002 and a bus 1004 may also be included.

The key processing apparatus 1000 may be a computer or a server, and the present application is not limited thereto. In the key processing device 1000, the number of the processors 1001 may be one or more, and fig. 10A and 10B illustrate only one of the processors 1001. Alternatively, the processor 1001 may be a Central Processing Unit (CPU), a Graphics Processing Unit (GPU), or a Digital Signal Processor (DSP). If the key processing device 1000 has a plurality of processors 1001, the types of the plurality of processors 1001 may be different, or may be the same. Alternatively, the plurality of processors 1001 of the key processing device 1000 may also be integrated into a multi-core processor.

Memory 1002 stores computer instructions and data; the memory 1002 may store computer instructions and data required to implement the key processing methods provided herein, e.g., the memory 1002 stores instructions for implementing the steps of the key processing methods described above. The memory 1002 may be any one or any combination of the following storage media: nonvolatile memory (e.g., Read Only Memory (ROM), Solid State Disk (SSD), hard disk (HDD), optical disk), volatile memory.

The communication interface 1003 may provide information input/output for the at least one processor. Any one or any combination of the following devices may also be included: a network interface (e.g., an ethernet interface), a wireless network card, etc. having a network access function.

Optionally, the communication interface 1003 may also be used for the key processing apparatus 1000 to perform data communication with other computing devices or terminals.

Further alternatively, fig. 10A and 10B show the bus 1004 as a thick line. A bus 1004 may connect the processor 1001 with the memory 1002 and the communication interface 1003. Thus, the processor 1001 may access the memory 1002 via the bus 1004 and may also interact with other computing devices or terminals using the communication interface 1003.

In the present application, the key processing apparatus 1000 executes computer instructions in the memory 1002, so that the key processing apparatus 1000 implements the key processing method provided in the present application, or so that the key processing apparatus 1000 deploys the key processing apparatus.

From the viewpoint of logical functional division, illustratively, as shown in fig. 10A, the memory 1002 may include an obtaining module 901 and a determining module 902. The inclusion herein merely refers to that instructions stored in the memory may, when executed, implement the functionality of the retrieving module and the determining module, respectively, and is not limited to a physical structure.

In one possible design, as shown in fig. 10B, the memory 1002 further includes a sending module 903, configured to determine the second key parameter K of the second communication system in the determining module 902_dThen, the second key parameter K is sent to the second communication system_dThe second key parameter K_dFor the second communication system to determine the target type key.

The determining module 902 is specifically configured to:

In one possible design, the target type key is the second key parameter K_d。

In one possible design, the determining module 902 is further configured to:

determining the length of the target type key;

if the above-mentionedSecond key parameter K_dIs equal to the length of the target type key, the target type key is determined to be the second key parameter K_d。

the second key parameter K_dIs longer than the target type key;

In one possible design, the determining module 902 is further configured to:

determining the length of the target type key;

if the second key parameter K is above_dIs greater than the length of the target type key, the target type key is determined to be the second key parameter K_dM bits from a preset position, where M is the length of the target type key, and the preset position is predefined or configured.

the determining module 902 is specifically configured to:

determining the length of the target type key;

the determining module 902 is specifically configured to:

In addition, the key processing device described above may be implemented by software as in fig. 10A and 10B described above, or may be implemented by hardware as a hardware module or as a circuit unit.

The present application provides a computer-readable storage medium, the computer program product comprising computer instructions that instruct a computing device to perform the above-mentioned key processing method provided herein.

The present application provides a chip comprising at least one processor and a communication interface providing information input and/or output for the at least one processor. Further, the chip may also include at least one memory for storing computer instructions. The at least one processor is used for calling and executing the computer instructions to execute the key processing method provided by the application.

The application provides a terminal, the terminal can be transport means or smart machine, for example vehicle, unmanned aerial vehicle, unmanned transport vechicle or robot etc. contain above-mentioned key processing apparatus on it.

In the several embodiments provided in the present application, it should be understood that the disclosed apparatus and method may be implemented in other ways. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the units is only one logical division, and other divisions may be realized in practice, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.

The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.

In addition, functional units in the embodiments of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, or in a form of hardware plus a software functional unit.

Claims

1. A method of key processing, the method comprising:

acquiring a first key parameter K, wherein the first key parameter K is a key parameter of a first communication system;

determining a second key parameter K of the second communication system according to the first key parameter K and the identifier of the second communication system_d；

2. The method of claim 1, wherein the second key parameter K_dA corresponding target type key;

3. The method of claim 2, wherein the target type key is the second key parameterNumber K_d。

4. Method according to claim 1 or 2, characterized in that said second key parameter K_dA corresponding target type key;

the second key parameter K_dIs greater than the length of the target type key;

5. Method according to any of claims 1 to 4, characterized in that said second key parameter K_dA corresponding target type key;

determining the length of the target type key;

determining a second key parameter K of a second communication system by means of a first key derivation function, the first key parameter K and an identification of the second communication system_d；

Wherein the first key derivation function is determined according to a length of the target type key.

6. Method according to claim 1 or 2, characterized in that said second key parameter K_dA corresponding target type key;

according to the plurality of first key parameters K₁-K_NAnd an identification of the second communication system, determining a plurality of second key parameters K of said second communication system_d1-K_dN；

7. The method of claim 6, wherein the plurality of first key parameters K₁-K_NIs obtained according to a plurality of freshness parameters;

the value of N is determined according to the length of the target type key.

8. Method according to any of claims 1 to 4 and 6 to 7, wherein the second key parameter K of the second communication system is determined according to the first key parameter K and an identity of the second communication system_dThe method comprises the following steps:

determining the second key parameter K by a second key derivation function, the first key parameter K, and an identity of a second communication system_d。

9. The method of claim 5 or 8, wherein the first key derivation function or the second key derivation function comprises at least one of a hashed message authentication code, HMAC-secure hash algorithm, SHA256, HMAC-SHA3, and HMAC-SM 3.

10. A key processing apparatus, comprising:

a determining module, configured to determine the second communication system according to the first key parameter K and an identifier of the second communication systemSecond key parameter K of the communication system_d；

11. The apparatus of claim 10, wherein the second key parameter K is a function of the first key parameter K_dA corresponding target type key;

the determining module is specifically configured to:

12. The apparatus of claim 11, wherein the target type key is the second key parameter K_d。

13. The apparatus according to claim 10 or 11, wherein the second key parameter K is_dA corresponding target type key;

the second key parameter K_dIs greater than the length of the target type key;

14. The apparatus according to any of claims 10 to 13, wherein the second key parameter K is a function of the second key parameter K_dA corresponding target type key;

the determining module is specifically configured to:

determining the length of the target type key;

15. The apparatus according to claim 10 or 11, wherein the second key parameter K is_dA corresponding target type key;

the determining module is specifically configured to:

16. The apparatus of claim 15, wherein the plurality of first key parameters K₁-K_NIs obtained according to a plurality of freshness parameters;

the value of N is determined according to the length of the target type key.

17. The apparatus according to any one of claims 11 to 13 and 15 to 16, wherein the determining module is specifically configured to:

18. The apparatus of claim 14 or 17, wherein the first key derivation function or the second key derivation function comprises at least one of HMAC-SHA256, HMAC-SHA3, and HMAC-SM 3.

19. A key processing apparatus, comprising:

comprises a processor and a memory;

the memory to store computer instructions;

the processor, configured to execute the computer instructions stored by the memory, to cause the key processing apparatus to implement the method of any one of claims 1 to 9.

20. A computer program product, characterized in that it comprises computer instructions for instructing a computing device to perform the method of any of claims 1 to 9.