CN113315626A - Communication method, key management method, device, system and storage medium - Google Patents
Communication method, key management method, device, system and storage medium Download PDFInfo
- Publication number
- CN113315626A CN113315626A CN202010125527.2A CN202010125527A CN113315626A CN 113315626 A CN113315626 A CN 113315626A CN 202010125527 A CN202010125527 A CN 202010125527A CN 113315626 A CN113315626 A CN 113315626A
- Authority
- CN
- China
- Prior art keywords
- key
- key set
- group
- communication
- public key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/083—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
- H04L9/0833—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP] involving conference or group key
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0866—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Mobile Radio Communication Systems (AREA)
- Telephonic Communication Services (AREA)
Abstract
The embodiment of the application provides a communication method, a key management method, equipment, a system and a storage medium. In the embodiment of the application, a public key set is constructed to provide a key base for both communication parties, the encryption party can provide the identifier of the key group used for encryption to the decryption party, and the decryption party can use the key group corresponding to the identifier in the public key set as the key group used for decryption according to the identifier provided by the encryption party. So that both communicating parties can conduct encrypted communications based on the same key set in the public key set. Therefore, in the embodiment of the application, based on the innovative distributed key management scheme, the two communication parties do not need to perform key agreement any more, so that the communication efficiency can be effectively improved and communication interruption can be avoided on the premise of ensuring the communication safety; but also a great deal of key management cost can be saved.
Description
Technical Field
The present application relates to the field of communications technologies, and in particular, to a communication method, a key management method, a device, a system, and a storage medium.
Background
SD-WAN, a wide area software defined network, is a service formed by applying SDN technology to optical space network scenarios, and is used to connect enterprise networks, data centers, internet applications, cloud services, and the like in a wide geographic area.
Currently, an ipsec (internet Protocol security) Protocol packet is generally adopted in an SD-WAN network, and packets of an IP Protocol are encrypted and authenticated in a network transmission Protocol family for protecting the IP Protocol. In this communication mode, both communication parties need to perform complex key agreement, which results in low communication efficiency and often causes the problem of traffic interruption caused by key agreement failure.
Disclosure of Invention
Aspects of the present disclosure provide a communication method, a key management method, an apparatus, a system, and a storage medium to improve communication efficiency and communication stability.
The embodiment of the application provides a communication method, which comprises the following steps:
determining a target key group and acquiring an identifier of the target key group, wherein the target key group is a key group in a public key set;
providing the identification of the target key group to a decrypter so that the decrypter can obtain the target key group from the public key set according to the identification;
and carrying out encrypted communication with the decrypter based on the target key group.
An embodiment of the present application further provides a communication method, including:
acquiring the identification of a key group used for encryption provided by an encryptor;
determining a target key set corresponding to the identity from a public key set;
and performing encrypted communication with the encryption party based on the target key group.
An embodiment of the present application further provides a key management method, including:
creating a public key set, wherein the public key set comprises a plurality of key groups;
respectively configuring identifications for the plurality of key groups in the public key set so as to distinguish the plurality of key groups;
and providing the public key set to the communication terminals so as to carry out encrypted communication between the communication terminals by utilizing the public key set.
An embodiment of the present application further provides a communication system, including: a key management device, an encrypting party and a decrypting party;
the key management device is used for creating a public key set and configuring the identifier of each key group in the public key set, wherein the public key set comprises a plurality of key groups;
the encryption party is used for determining a target key group and acquiring the identifier of the target key group, wherein the target key group is a key group in a public key set; providing an identification of the target key set to a decrypter;
the decryptor is used for acquiring the target key group from the public key set according to the identification;
the encryptor and the decryptor perform encrypted communication based on the target key group.
The embodiment of the application also provides a computing device, which comprises a memory and a processor;
the memory is to store one or more computer instructions;
the processor is coupled with the memory for executing the one or more computer instructions for:
determining a target key group and acquiring an identifier of the target key group, wherein the target key group is a key group in a public key set;
providing the identification of the target key group to a decrypter so that the decrypter can obtain the target key group from the public key set according to the identification;
and carrying out encrypted communication with the decrypter based on the target key group.
The embodiment of the application also provides a computing device, which comprises a memory and a processor;
the memory is to store one or more computer instructions;
the processor is coupled with the memory for executing the one or more computer instructions for:
acquiring the identification of a key group used for encryption provided by an encryptor;
determining a target key set corresponding to the identity from a public key set;
and performing encrypted communication with the encryption party based on the target key group.
The embodiment of the application also provides a computing device, which comprises a memory and a processor;
the memory is to store one or more computer instructions;
the processor is coupled with the memory for executing the one or more computer instructions for:
creating a public key set, wherein the public key set comprises a plurality of key groups;
respectively configuring identifications for the plurality of key groups in the public key set so as to distinguish the plurality of key groups;
and providing the public key set to the communication terminals so as to carry out encrypted communication between the communication terminals by utilizing the public key set.
Embodiments of the present application also provide a computer-readable storage medium storing computer instructions, which, when executed by one or more processors, cause the one or more processors to perform the aforementioned communication method or the aforementioned key management method.
In the embodiment of the present application, a public key set is constructed to provide a key basis for both communication parties, an encrypting party can provide an identifier of a key set used for encryption to a decrypting party, and the decrypting party can use the key set corresponding to the identifier in the public key set as the key set used for decryption according to the identifier provided by the encrypting party. So that both communicating parties can conduct encrypted communications based on the same key set in the public key set. Therefore, in the embodiment of the application, based on the innovative distributed key management scheme, the two communication parties do not need to perform key agreement any more, so that the communication efficiency can be effectively improved and communication interruption can be avoided on the premise of ensuring the communication safety; but also a great deal of key management cost can be saved.
Drawings
The accompanying drawings, which are included to provide a further understanding of the application and are incorporated in and constitute a part of this application, illustrate embodiment(s) of the application and together with the description serve to explain the application and not to limit the application. In the drawings:
fig. 1 is a schematic structural diagram of a communication system according to an exemplary embodiment of the present application;
fig. 2 is a schematic diagram illustrating a scenario of local key set synchronization between two communication parties according to an exemplary embodiment of the present application;
fig. 3 is a schematic diagram illustrating a scenario that local key sets of two communicating parties are out of synchronization according to an exemplary embodiment of the present application;
fig. 4 is a flowchart illustrating a communication method according to another exemplary embodiment of the present application;
fig. 5 is a schematic flow chart diagram of another communication method according to another exemplary embodiment of the present application;
fig. 6 is a flowchart illustrating a key management method according to another exemplary embodiment of the present application;
FIG. 7 is a schematic block diagram of a computing device according to yet another exemplary embodiment of the present application;
FIG. 8 is a schematic block diagram of another computing device provided in accordance with yet another exemplary embodiment of the present application;
fig. 9 is a schematic structural diagram of another computing device according to another exemplary embodiment of the present application.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more apparent, the technical solutions of the present application will be described in detail and completely with reference to the following specific embodiments of the present application and the accompanying drawings. It should be apparent that the described embodiments are only some of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
Aiming at the technical problems that the existing communication efficiency is low, the flow interruption condition often occurs and the like, the embodiment of the application provides a solution, and one of the basic ideas is as follows: by constructing a public key set, a key base can be provided for both communication parties, the encryption party can provide the identifier of the key group used for encryption to the decryption party, and the decryption party can use the key group corresponding to the identifier in the public key set as the key group used for decryption according to the identifier provided by the encryption party. So that both communicating parties can conduct encrypted communications based on the same key set in the public key set. Therefore, in the embodiment of the application, based on the innovative distributed key management scheme, the two communication parties do not need to perform key agreement any more, so that the communication efficiency can be effectively improved and communication interruption can be avoided on the premise of ensuring the communication safety; but also a great deal of key management cost can be saved.
The technical solutions provided by the embodiments of the present application are described in detail below with reference to the accompanying drawings.
Fig. 1 is a schematic structural diagram of a communication system according to an exemplary embodiment of the present application. As shown in fig. 1, the system includes: a key management device 10 and a plurality of communication terminals 20.
The key management device 10 and the plurality of communication terminals 20 may be connected by a wireless or wired network. In this embodiment, if the key management device 10 and the plurality of communication terminals 20 are communicatively connected through a mobile network, the network format of the mobile network may be any one of 2G (gsm), 2.5G (gprs), 3G (WCDMA, TD-SCDMA, CDMA2000, UTMS), 4G (LTE), 4G + (LTE +), WiMax, and the like.
The communication system provided by the embodiment is applicable to various communication scenarios, and can provide a distributed key management scheme for each communication terminal in the communication scenario. For example, in an IOT scenario of the internet of things, when an IOT device needs to use an encrypted data channel, a distributed key management scheme may be provided for the IOT device. Of course, this is merely exemplary, and the present embodiment does not limit the application scenario.
The communication terminal 20 may be any terminal having an encrypted communication requirement in a communication scenario. In different communication scenarios, various communication network architectures may be adopted, for example, an SD-WAN network may be adopted, and of course, other network architectures may also be adopted, which is not limited in this embodiment.
For different network architectures, if there is a device that plays a role of network management in the network architecture, for example, a controller in an SD-WAN network, the key management device 10 in this embodiment may be integrated into a device in a management role class; if there is no device in the network architecture that plays a role of network management, the key management device 10 in this embodiment may be deployed independently, and a communication link between the key management device 10 and each communication terminal 20 in the network architecture is constructed. Of course, in this embodiment, the key management device 10 may be added directly on the basis of the network architecture without referring to the network architecture.
In addition, in different communication scenarios, the types of the communication terminal 20 are also diversified, the communication terminal 20 may be a computer, a mobile terminal, a data center, a cloud management center, or various internet of things facilities, and the like, and the types of the communication terminal are not limited in this embodiment. It is possible for a communication terminal 20 to play the role of an encryption party and also the role of a decryption party during different communication procedures.
In this embodiment, the key management device 10 may create a public key set including a plurality of key groups. The plurality of communication terminals 20 in the communication system provided by the present embodiment can use the common key set.
The key set may contain one or more of an encryption key or an authentication key according to requirements of different communication scenarios, of course, these two keys are also only exemplary, and other types of keys required by the communication process may also be contained in the key set according to actual needs.
The key management device 10 may also separately configure identifications for a plurality of key groups in a public key set to distinguish the plurality of key groups.
In this embodiment, the implementation form of the identifier is not limited, and the identifier may be implemented in the form of a number, a letter number, a unique name, or the like.
For a plurality of communication terminals 20, communication can be performed based on the common key set in the key management device 10 in the event of a communication demand. Hereinafter, the communication process will be described by taking both communication parties in one communication process as an example, wherein the two communication parties are respectively referred to as an encryption party and a decryption party.
For an encryptor, determining a target key group and acquiring an identifier of the target key group, wherein the target key group is a key group in a public key set; providing an identification of the target key set to a decrypter.
In practical applications, the encryptor may determine the target key set and obtain an identification of the target key set in response to a communication trigger event. Wherein, the communication triggering event refers to an event causing the encryption party to initiate the encrypted communication. The communication trigger event may be a mail sending request, an order uploading request, or the like, and certainly, in different communication scenarios, the communication trigger event is various, and the type of the communication trigger event is not limited in this embodiment.
As mentioned previously, the public key set may be used by both the encrypting party and the decrypting party. Based on this, the encrypter can determine a target key set for encrypted communications. The encryptor may obtain the target key set and an identification of the target key set. Therefore, the encryption party and the decryption party do not need to perform key agreement, and a key manager does not need to ensure the consistency of algorithm configuration such as encryption, authentication and the like of the encryption party and the decryption party. Thereby effectively improving the communication efficiency. In addition, key agreement is not needed any more, and the problems of flow interruption and the like caused by failure of key agreement can be avoided.
The encryptor may provide an identification of the target key set to the decryptor.
The decryptor may determine a target key set from the public key set based on the identification provided by the encryptor and use the target key set for decryption.
Accordingly, the encryption party and the decryption party can determine the same key group from the public key set for the communication process based on the identification provided by the encryption party, the encryption party uses the key group for encryption, and the decryption party uses the key group for decryption, thereby realizing the encrypted communication of the two communication parties.
In this embodiment, a public key set is constructed to provide a key basis for both communication parties, the encryption party can provide the identifier of the key set used for encryption to the decryption party, and the decryption party can use the key set corresponding to the identifier in the public key set as the key set used for decryption according to the identifier provided by the encryption party. So that both communicating parties can conduct encrypted communications based on the same key set in the public key set. Therefore, in the embodiment of the application, the two communication parties do not need to perform key agreement any more, so that the communication efficiency can be effectively improved on the premise of ensuring the communication safety, and the communication interruption is avoided; but also a great deal of key management cost can be saved.
In the above or below embodiments, the encrypting party may employ a variety of implementations to provide the identification of the target key set to the decrypting party.
In one implementation, the encryptor may encapsulate the identifier of the target key group into a communication message, so as to provide the target key group to the decryptor through the communication message; wherein the communication message includes communication data encrypted by the target key set.
In this implementation, the encryptor provides the communication data and the identification of the target key set to the decryptor in synchronization.
For the decryption party, under the condition of acquiring the communication message sent by the encryption party, the identifier can be analyzed from the communication message. Based on the analyzed identifier, the decrypter can determine a target key group corresponding to the identifier from the public key set, and the decrypter can utilize the target key group to encrypt communication data in the communication message by the target key group, so as to obtain the communication data in the communication process.
In the implementation mode, the determination of the communication key can be realized only by one communication interaction between the encryption party and the decryption party, and compared with a key agreement mode, the number of communication interaction times can be effectively reduced, and the communication efficiency is improved.
In another implementation, the encrypting party may provide the identifier of the target key set to the decrypting party by using the secure channel before sending the communication message, where the communication message includes the communication data encrypted by the target key set.
In this implementation, the identification of the target key set may be provided to the decryptor separately from the communication packet.
In practical application, the process of providing the identifier of the target key group to the decrypter by the encryption direction can be performed in a trusted environment, can also be performed by an encryption channel, and can certainly also be performed by other security measures so as to ensure that the identifier of the target key group is not stolen.
For the decrypting party, under the condition of acquiring the identifier of the target key group, the target key group corresponding to the identifier can be determined from the public key set, and when the decrypting party receives the communication message provided by the encrypting party afterwards, the decrypting party can acquire the communication data in the communication process by utilizing the communication data encrypted by the target key group in the communication message through the target key group.
Of course, in this embodiment, the encryption party and the decryption party may also adopt other implementation manners to transmit the identifier of the target key group, and this embodiment is not limited thereto.
In the above or below described embodiments, the key management device 10 may update the public key set.
In the present embodiment, the frequency of updating the public key set by the key management device 10 is not limited. Updates may be periodic, manually initiated by a key administrator, etc. Also, the present embodiment is not limited thereto.
The key management device 10 can delete and add key groups in the public key set while keeping the number of key groups in the public key set constant in a single update process. And deleting the key set created first in the public key set, wherein the key set created first refers to the key set created earliest in time.
The deleted key set may be all key sets in the public key set or a part of the key set created first. In the case of deletion of the entire key set, i.e. global updating of the public key set.
In practical applications, the number of key sets deleted in a single update process may be 1. That is, in a single update process, the key management device 10 may delete one key set whose creation time is the oldest and newly create one key set to join the public key set.
In addition, in this embodiment, the key management device 10 may configure an increasing or decreasing identifier for the plurality of key groups according to the creation sequence of the plurality of key groups in the public key set, so as to represent the creation sequence among the plurality of key groups by using the identifier.
For the above updating process, for the newly added key group, the key management device 10 may create an identifier that is adapted to the original relationship for the newly added key group based on the original increasing or decreasing relationship between the identifiers of the plurality of key groups in the public key set, so as to represent the creation sequence between the newly added key group and other key groups in the public key set.
It is to be noted that, in different update procedures, the key management device 10 may configure an identifier for the newly added key group based on the same time reference, so that the identifier of the newly created key group in the public key set is increased or decreased as the number of updates increases. This may indirectly reflect the creation time of the key set,
for example, the key management device 10 may create a public key set during an initialization process, where the public key set includes 5 key groups, and according to the creation order, the key management device 10 may use the number numbers 1, 2, 3, 4, and 5 as identifiers of the 5 key groups, and the public key set may be characterized as [ 1, 2, 3, 4, and 5 ]. The key management device 10 can update the public key set, and in a single update process, the key management device 10 deletes the key group identified as 1 and creates a new key group, and can configure the number 6 as the identifier of the newly created key group according to the original incremental relationship of each identifier. The updated public key set may be characterized as [ 2, 3, 4, 5, 6 ].
In this embodiment, the key management device 10 can update the public key set, which can effectively ensure the freshness of the public key set, reduce the possibility of the public key set being cracked, and further ensure the communication security.
In the above or below embodiments, the encryptor and the decryptor may use a common key set in a variety of implementations.
In one implementation, the encrypting party and the decrypting party can access the key management device 10 in real time to acquire the target key group mentioned in the foregoing embodiment from the key management device 10 in the case where encrypted communication is required based on the communication link with the key management device 10.
In this implementation, the encrypting party and the decrypting party can access the public key set in the key management device 10 in real time, which can effectively ensure the consistency of the key set used between the encrypting party and the decrypting party. Especially, under the condition of global updating of the public key set, both communication parties can be guaranteed to successfully acquire the target key group.
In another implementation, the encryption party and the decryption party may synchronize the public key set in the key management device 10 to local for saving, and in case of encrypted communication, the target key set mentioned in the foregoing embodiment may be obtained from the local key set.
In this implementation, the encryption party may select a key set from the local key set as the target key set.
Since the encrypting party and the decrypting party can directly obtain the target key group from the local key set without performing real-time communication with the key management device 10, the obtaining efficiency of the target key group can be improved, and in addition, a possibility can be provided for communication between the encrypting party and the decrypting party in the case where communication failure occurs with the key management device 10.
In addition, in this implementation, if the key management device 10 updates the public key set on a periodic basis, the encrypting party and the decrypting party can also synchronize the public key set on a periodic basis. The period for synchronizing the public key sets can be less than or equal to the update period of the public key sets, so as to ensure that the latest public key sets are synchronized to the local in time. Of course, if the key management device 10 does not update the public key set periodically, the encryption party and the decryption party may synchronize the public key set periodically, or of course, the public key set may be synchronized at other synchronization frequencies, which is not limited herein.
Fig. 2 is a schematic view of a scenario of local key set synchronization between two communication parties according to an exemplary embodiment of the present application. As shown in fig. 2, the local key sets of the encrypting and decrypting parties are synchronized, based on which the encrypting party can select a key set from the local key sets as a key set.
In this implementation, key set desynchronization problems may occur between the encrypting party and the decrypting party. I.e. the situation where the respective local key sets of the encryptor and the decryptor may not coincide, resulting in a key base desynchronization.
In one case, the encryption party can determine the creation sequence of a plurality of key groups in the local key set; according to a preset desynchronization tolerance width w, taking at least one key group except for w key groups created last and w key groups created first in a local key set as a key group to be selected, wherein w is a positive integer; and selecting a key group as a target key group from at least one candidate key group.
Based on the description of the identifiers of the key groups in the above embodiments, the creation sequence of the plurality of key groups in the local key set may be determined according to the identifiers of the plurality of key groups in the local key set.
In this case, the key management device 10 may preset an out-of-synchronization tolerance width, which is the number of key groups out-of-synchronization that can be tolerated by both communication parties. The larger the out-of-step tolerance width is, the larger the out-of-step degree mutually tolerable by the two communication parties is, and the smaller the number of the key sets to be selected is.
In addition, the step-out tolerance width may be set as a fixed value, or may be configured by self-definition as needed, which is not limited in this embodiment.
It is not known to the encryptor whether its local key set is out of sync forward or out of sync backward with respect to the local key set of the decryptor. Therefore, considering the possibility of desynchronization in two directions, the encryption party can discard the w key sets created first and the w key sets created last and take at least one key set other than the w key sets as the candidate key set.
Fig. 3 is a schematic view of a scenario that a local key set of two communication parties is out of synchronization according to an exemplary embodiment of the present application. As shown in fig. 3, the local key set of the encryptor is [ 1, 2, 3, 4, 5 ], and the local key set of the decryptor is [ 3, 4, 5, 6, 7 ], and the encryptor is desynchronized forward to the decryptor. If the desynchronization tolerance width of the two parties is 2, the encryption party can determine the key group with the number of 3 as the target key group after discarding the key group within the desynchronization tolerance width. Since the local key set of the decryption side also has the key group with the number 3, both sides can perform encrypted communication.
On the contrary, if the local key set of the encryptor is [ 3, 4, 5, 6, 7 ] and the local key set of the decryptor is [ 1, 2, 3, 4, 5 ], the encryptor is desynchronized to the decryptor, and if the desynchronization tolerance width of both the encryptors is 2, the encryptor can determine the key group with the number 5 as the target key group. Since the local key set of the decryption side also has the key group with the number 5, both sides can perform encrypted communication.
In this case, if the key management device 10 updates the public key set on a periodic basis as mentioned in the foregoing embodiment, and each time the key set is deleted and added during each update, the desynchronization tolerance width can be converted into the update period of the public key set.
As shown in fig. 3, the loss of synchronization tolerance width can be converted into two update cycles (w in the drawing indicates the loss of synchronization tolerance width, and t indicates the update cycle of the public key set), that is, when the local key sets of the encrypting party and the decrypting party differ by two update cycles or less, the two parties can still communicate normally.
In another case, if the local key set contains odd key groups, the encryption party selects the key group located in the center of the queue when queuing the odd key groups according to the creation sequence from the local key set as the target key group; if the local key set contains even number of key groups, the encryption party selects any one of the two key groups positioned in the center of the queue when queuing the even number of key groups according to the creation sequence from the local key set as a target key group.
This case is similar in concept to the previous case, except that the out-of-sync tolerance width is no longer limited in this case, but is defaulted to a maximum, i.e., the number of key sets to be selected is minimized.
For example, if the local key set of the encryptor is [ 1, 2, 3, 4, 5, 6, 7 ], and the local key set of the decryptor is [ 4, 5, 6, 7, 8, 9 ], in the above case, if the loss of synchronism tolerance width is 2, the key group to be selected will be [ 3, 4, 5 ], and if the encryptor determines the key group with the number of 3 as the target key group, the key group with the number of 3 does not exist in the local key group of the decryptor, which results in that both parties cannot communicate. In the latter case, the encrypting party determines the key group with the number 4 as the target key group, and the local keys of the decrypting party collectively have the key group with the number 4, so that both parties can communicate normally. Compared with the two cases, the expanded out-of-step tolerance width in the latter case can ensure the normal communication of the two parties to the maximum extent.
In this embodiment, on the premise of considering communication security, by selecting a suitable target key group, the out-of-step problem of the local key sets that may occur between the two parties is improved, so that flow interruption caused by the out-of-step problem between the two parties of communication can be avoided under the condition that the local key set of any communication terminal 20 is not updated in time.
Fig. 4 is a flowchart illustrating a communication method according to another exemplary embodiment of the present application. The communication method provided by the embodiment may be executed by a communication apparatus, which may be implemented as software or as a combination of software and hardware, and may be integrally provided in a computing device of an encryption party. As shown in fig. 4, the method includes:
In an alternative embodiment, the step of providing the identification of the target key set to the decrypter comprises:
packaging the identification of the target key group into a communication message so as to provide the target key group for a decrypter through the communication message;
the communication message contains communication data encrypted by the target key group.
In an alternative embodiment, the public key set is created and updated by a key management device, the step of determining the target key set comprising:
selecting a key group from the local key set as a target key group;
wherein the local key set is obtained for synchronizing a public key set in the key management device.
In an optional embodiment, in a single update process, the number of key sets in the public key set is not changed, the public key set deletes a part of key sets created first and adds a corresponding number of key sets, and the step of selecting one key set from the local key set as the target key set includes:
determining the creation sequence of a plurality of key groups in a local key set;
according to a preset desynchronization tolerance width w, taking at least one key group except for w key groups created last and w key groups created first in a local key set as a key group to be selected, wherein w is a positive integer;
and selecting a key group as a target key group from at least one candidate key group.
In an optional embodiment, the identifiers of the plurality of key groups in the local key set are increased or decreased according to the creation sequence of the plurality of key groups; the step of determining the creation sequence of a plurality of key groups in a local key set comprises the following steps:
and determining the creation sequence of the plurality of key groups in the local key set according to the respective identifications of the plurality of key groups in the local key set.
In an optional embodiment, in a single update process, the number of key sets in the public key set is not changed, the public key set deletes a part of key sets created first and adds a corresponding number of key sets, and the step of selecting one key set from the local key set as the target key set includes:
if the local key set contains odd key groups, selecting the key group positioned in the center of the queue when queuing the odd key groups according to the creation sequence from the local key set as a target key group;
if the local key set contains even number of key groups, any one of the two key groups positioned in the center of the queue when the even number of key groups are queued according to the creation sequence is selected from the local key set as a target key group.
In an alternative embodiment, the key management device updates the public key set on a periodic basis, and the period for synchronizing the public key set is less than or equal to the update period of the public key set.
It should be noted that, for the sake of brevity, the technical details in the embodiments of the communication method described above may refer to the related description about the encryptor in the communication system provided in fig. 1, and are not described herein again, which should not cause a loss of the scope of the present application.
Fig. 5 is a flowchart illustrating another communication method according to another exemplary embodiment of the present application. The communication method provided by the embodiment may be executed by a communication apparatus, which may be implemented as software or as a combination of software and hardware, and may be integrally provided in a computing device of a decryption party.
As shown in fig. 5, the method includes:
and 502, carrying out encrypted communication with the encryption party based on the target key group.
In an alternative embodiment, the step of obtaining the identity of the set of keys provided by the encryptor for encryption comprises:
acquiring a communication message sent by an encryptor, wherein the communication message contains encrypted communication data;
and analyzing the identifier from the communication message.
In an alternative embodiment, the public key set is created and updated by a key management device, and the step of determining a target key group corresponding to the identity from the public key set comprises:
selecting a key group corresponding to the identifier from the local key set as a target key group;
wherein the local key set is obtained for synchronizing a public key set in the key management device.
In an alternative embodiment, the key management device updates the public key set on a periodic basis, and the period for synchronizing the public key set is less than or equal to the update period of the public key set.
It should be noted that, for the sake of brevity, the technical details in the embodiments of the communication method described above may refer to the related description about the decryption party in the communication system provided in fig. 1, and are not described herein again, which should not cause a loss of the scope of the present application.
Fig. 6 is a flowchart illustrating a key management method according to another exemplary embodiment of the present application. The key management method provided by the embodiment can be executed by a key management apparatus, which can be implemented as software or as a combination of software and hardware, and can be integrally provided in a computing device. As shown in fig. 5, the method includes:
601, in a public key set, respectively configuring identifiers for a plurality of key groups to distinguish the plurality of key groups;
In an optional embodiment, the method further comprises:
the public key set is updated.
In an alternative embodiment, the step of updating the public key set comprises:
the public key set is updated on a periodic basis.
In an alternative embodiment, the step of updating the public key set comprises:
deleting the part of key group created firstly in the public key set in each updating process;
according to the number of deleted key groups, a key group is created and a public key set is added.
In an alternative embodiment, the number of deleted key sets is 1.
In an optional embodiment, the method further comprises:
receiving a public key set synchronization request sent by a communication terminal;
the public key set is provided to the communication terminal.
In an alternative embodiment, the step of configuring the identifiers for the plurality of key groups in the public key set respectively includes:
and configuring an increasing or decreasing identifier for the plurality of key groups according to the creation sequence of the plurality of key groups.
In an optional embodiment, the method further comprises:
if a newly-added key group appears in the public key set, an identification matched with the original relation is established for the newly-added key group according to the original increasing or decreasing relation among the identifications of the key groups in the public key set so as to represent the establishing sequence between the newly-added key group and other key groups in the public key set.
It should be noted that, for the sake of brevity, details of the technical details in the embodiments of the communication method described above may be referred to in the related description of the key management device in the communication system provided in fig. 1, which should not be repeated herein, but should not cause a loss of the scope of the present application.
It should be noted that the execution subjects of the steps of the methods provided in the above embodiments may be the same device, or different devices may be used as the execution subjects of the methods. For example, the execution subjects of steps 400 to 402 may be device a; for another example, the execution subject of steps 400 and 401 may be device a, and the execution subject of step 402 may be device B; and so on.
In addition, in some of the flows described in the above embodiments and the drawings, a plurality of operations are included in a specific order, but it should be clearly understood that the operations may be executed out of the order presented herein or in parallel, and the sequence numbers of the operations, such as 401, 402, etc., are merely used to distinguish various operations, and the sequence numbers themselves do not represent any execution order. Additionally, the flows may include more or fewer operations, and the operations may be performed sequentially or in parallel.
Fig. 7 is a schematic structural diagram of a computing device according to another exemplary embodiment of the present application. As shown in fig. 7, the computing device may include: a memory 70 and a processor 71.
The memory 70 is used to store one or more computer instructions;
determining a target key group and acquiring an identifier of the target key group, wherein the target key group is a key group in a public key set;
providing the identifier of the target key group for the decryptor so that the decryptor can obtain the target key group from the public key set according to the identifier;
and performing encrypted communication with the decryption party based on the target key group.
In an alternative embodiment, the processor 71, when providing the identification of the target key set to the decryptor, is configured to:
packaging the identification of the target key group into a communication message so as to provide the target key group for a decrypter through the communication message;
the communication message contains communication data encrypted by the target key group.
In an alternative embodiment, the public key set is created and updated by the key management device, and the processor 71, when determining the target key group, is configured to:
selecting a key group from the local key set as a target key group;
wherein the local key set is obtained for synchronizing a public key set in the key management device.
In an alternative embodiment, in a single update, the number of key sets in the public key set is not changed, the first created partial key set is deleted from the public key set and a corresponding number of key sets is added, and the processor 71, when selecting a key set from the local key set as the target key set, is configured to:
determining the creation sequence of a plurality of key groups in a local key set;
according to a preset desynchronization tolerance width w, taking at least one key group except for w key groups created last and w key groups created first in a local key set as a key group to be selected, wherein w is a positive integer;
and selecting a key group as a target key group from at least one candidate key group.
In an optional embodiment, the identifiers of the plurality of key groups in the local key set are increased or decreased according to the creation sequence of the plurality of key groups; when determining the creation sequence of the plurality of key sets in the local key set, the processor 71 is configured to:
and determining the creation sequence of the plurality of key groups in the local key set according to the respective identifications of the plurality of key groups in the local key set.
In an alternative embodiment, in a single update, the number of key sets in the public key set is not changed, the first created partial key set is deleted from the public key set and a corresponding number of key sets is added, and the processor 71, when selecting a key set from the local key set as the target key set, is configured to:
if the local key set contains odd key groups, selecting the key group positioned in the center of the queue when queuing the odd key groups according to the creation sequence from the local key set as a target key group;
if the local key set contains even number of key groups, any one of the two key groups positioned in the center of the queue when the even number of key groups are queued according to the creation sequence is selected from the local key set as a target key group.
In an alternative embodiment, the key management device updates the public key set on a periodic basis, and the period for synchronizing the public key set is less than or equal to the update period of the public key set.
It should be noted that, for the sake of brevity, the technical details in the embodiments of the computing device described above may be referred to the related description of the encryptor in the communication system provided in fig. 1, and are not described herein again, which should not cause a loss of the scope of the present application.
Further, as shown in fig. 7, the computing device further includes: communication components 72, power components 73, and the like. Only some of the components are schematically shown in fig. 7, and the computing device is not meant to include only the components shown in fig. 7.
Accordingly, the present application further provides a computer-readable storage medium storing a computer program, where the computer program can implement the steps that can be executed by a computing device in the foregoing method embodiments when executed.
Fig. 8 is a schematic structural diagram of another computing device according to yet another exemplary embodiment of the present application. As shown in fig. 8, the computing device may include: a memory 80 and a processor 81.
The memory 80 is used to store one or more computer instructions;
acquiring the identification of a key group used for encryption provided by an encryptor;
determining a target key group corresponding to the identifier from the public key set;
and performing encrypted communication with the encryption party based on the target key group.
In an alternative embodiment, the identifier is encapsulated in a communication message, and the processor 81, when obtaining the identifier of the set of keys provided by the encryption party for encryption, is configured to:
acquiring a communication message sent by an encryptor, wherein the communication message contains encrypted communication data;
and analyzing the identifier from the communication message.
In an alternative embodiment, the public key set is created and updated by the key management device, and the processor 81, when determining the target key group corresponding to the identity from the public key set, is configured to:
selecting a key group corresponding to the identifier from the local key set as a target key group;
wherein the local key set is obtained for synchronizing a public key set in the key management device.
In an alternative embodiment, the key management device updates the public key set on a periodic basis, and the period for synchronizing the public key set is less than or equal to the update period of the public key set.
It should be noted that, for the sake of brevity, the technical details in the embodiments of the computing device described above may be referred to the related description of the decryption party in the communication system provided in fig. 1, and are not described herein again, which should not cause a loss of the scope of the present application.
Further, as shown in fig. 8, the computing device further includes: communication components 82, power components 83, and the like. Only some of the components are schematically shown in fig. 8, and the computing device is not meant to include only the components shown in fig. 8.
Accordingly, the present application further provides a computer-readable storage medium storing a computer program, where the computer program can implement the steps that can be executed by a computing device in the foregoing method embodiments when executed.
Fig. 9 is a schematic structural diagram of another computing device according to another exemplary embodiment of the present application. As shown in fig. 9, the computing device may include: a memory 90 and a processor 91.
The memory 90 is used to store one or more computer instructions;
the processor 91 is coupled to the memory 90 for executing one or more computer instructions for:
creating a public key set, wherein the public key set comprises a plurality of key groups;
respectively configuring identifications for a plurality of key groups in a public key set to distinguish the plurality of key groups;
the public key set is provided to the communication terminals for encrypted communication between the communication terminals using the public key set.
In an alternative embodiment, the processor 91 is further configured to:
the public key set is updated.
In an alternative embodiment, the processor 91, when updating the public key set, is configured to:
the public key set is updated on a periodic basis.
In an alternative embodiment, the processor 91, when updating the public key set, is configured to:
deleting the part of key group created firstly in the public key set in each updating process;
according to the number of deleted key groups, a key group is created and a public key set is added.
In an alternative embodiment, the number of deleted key sets is 1.
In an alternative embodiment, the processor 91 is further configured to:
receiving a public key set synchronization request sent by a communication terminal;
the public key set is provided to the communication terminal.
In an alternative embodiment, the processor 91, when configuring the identifiers for the plurality of key groups respectively in the public key set, is configured to:
and configuring an increasing or decreasing identifier for the plurality of key groups according to the creation sequence of the plurality of key groups.
In an alternative embodiment, the processor 91 is further configured to:
if a newly-added key group appears in the public key set, an identification matched with the original relation is established for the newly-added key group according to the original increasing or decreasing relation among the identifications of the key groups in the public key set so as to represent the establishing sequence between the newly-added key group and other key groups in the public key set.
It should be noted that, for the sake of brevity, the technical details in the embodiments of the computing device described above may be referred to the related description of the key management device in the communication system provided in fig. 1, and are not described herein again, which should not cause a loss of the scope of the present application.
Further, as shown in fig. 9, the computing device further includes: communication components 92, power components 93, and the like. Only some of the components are schematically shown in fig. 9, and the computing device is not meant to include only the components shown in fig. 9.
Accordingly, the present application further provides a computer-readable storage medium storing a computer program, where the computer program can implement the steps that can be executed by a computing device in the foregoing method embodiments when executed.
The memory of fig. 7-9, described above, is used to store computer programs and may be configured to store various other data to support operations on the computing platform. Examples of such data include instructions for any application or method operating on the computing platform, contact data, phonebook data, messages, pictures, videos, and so forth. The memory may be implemented by any type or combination of volatile or non-volatile memory devices, such as Static Random Access Memory (SRAM), electrically erasable programmable read-only memory (EEPROM), erasable programmable read-only memory (EPROM), programmable read-only memory (PROM), read-only memory (ROM), magnetic memory, flash memory, magnetic or optical disks.
The communication components of fig. 7-9 described above are configured to facilitate communication between the device in which the communication component is located and other devices in a wired or wireless manner. The device where the communication component is located can access a wireless network based on a communication standard, such as a WiFi, a 2G, 3G, 4G/LTE, 5G and other mobile communication networks, or a combination thereof. In an exemplary embodiment, the communication component receives a broadcast signal or broadcast related information from an external broadcast management system via a broadcast channel. In one exemplary embodiment, the communication component further includes a Near Field Communication (NFC) module to facilitate short-range communications. For example, the NFC module may be implemented based on Radio Frequency Identification (RFID) technology, infrared data association (IrDA) technology, Ultra Wideband (UWB) technology, Bluetooth (BT) technology, and other technologies.
The power supply components of fig. 7-9 described above provide power to the various components of the device in which the power supply components are located. The power components may include a power management system, one or more power supplies, and other components associated with generating, managing, and distributing power for the device in which the power component is located.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
In a typical configuration, a computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
The memory may include forms of volatile memory in a computer readable medium, Random Access Memory (RAM) and/or non-volatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM). Memory is an example of a computer-readable medium.
Computer-readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), Static Random Access Memory (SRAM), Dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), Read Only Memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), Digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device. As defined herein, a computer readable medium does not include a transitory computer readable medium such as a modulated data signal and a carrier wave.
It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
The above description is only an example of the present application and is not intended to limit the present application. Various modifications and changes may occur to those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present application should be included in the scope of the claims of the present application.
Claims (24)
1. A method of communication, comprising:
determining a target key group and acquiring an identifier of the target key group, wherein the target key group is a key group in a public key set;
providing the identification of the target key group to a decrypter so that the decrypter can obtain the target key group from the public key set according to the identification;
and carrying out encrypted communication with the decrypter based on the target key group.
2. The method of claim 1, wherein providing the identification of the target key set to a decrypter comprises:
packaging the identification of the target key group into a communication message so as to provide the target key group for the decrypter through the communication message;
wherein the communication message includes communication data encrypted by the target key set.
3. The method of claim 1, wherein the public key set is created and updated by a key management device, and wherein determining the target key group comprises:
selecting a key set from a local key set as the target key set;
wherein the local key set is obtained for synchronizing a public key set in the key management device.
4. The method of claim 3, wherein the number of key sets in the public key set is unchanged during a single update, the public key set deletes a portion of the key sets that were created first and adds a corresponding number of key sets, and the selecting a key set from the local key set as the target key set comprises:
determining the creation sequence of a plurality of key groups in the local key set;
according to a preset desynchronization tolerance width w, taking at least one key group except the w key groups created last and the w key groups created first in the local key set as a key group to be selected, wherein w is a positive integer;
and selecting a key group as the target key group from the at least one key group to be selected.
5. The method according to claim 4, wherein the identifiers of the plurality of key groups in the local key set are increased or decreased according to the creation sequence of the plurality of key groups; the determining the creation sequence of the plurality of key groups in the local key set includes:
and determining the creation sequence of the plurality of key groups in the local key set according to the respective identifications of the plurality of key groups in the local key set.
6. The method of claim 3, wherein the number of key sets in the public key set is unchanged during a single update, the public key set deletes a portion of the key sets that were created first and adds a corresponding number of key sets, and the selecting a key set from the local key set as the target key set comprises:
if the local key set contains odd key groups, selecting the key group positioned in the center of the queue when queuing the odd key groups according to the creation sequence from the local key set as the target key group;
and if the local key set comprises an even number of key groups, selecting any one of the two key groups positioned in the center of the queue when the even number of key groups are queued according to the creation sequence from the local key set as the target key group.
7. The method of claim 4, wherein the key management device updates the public key set on a periodic basis, and wherein a period for synchronizing the public key set is less than or equal to an update period of the public key set.
8. A method of communication, comprising:
acquiring the identification of a key group used for encryption provided by an encryptor;
determining a target key set corresponding to the identity from a public key set;
and performing encrypted communication with the encryption party based on the target key group.
9. The method of claim 8, wherein the identification is encapsulated in a communication message, and wherein obtaining the identification of the set of keys provided by the encryptor for encryption comprises:
acquiring a communication message sent by the encryptor, wherein the communication message contains encrypted communication data;
and analyzing the identifier from the communication message.
10. The method of claim 8, wherein the public key set is created and updated by a key management device, and wherein determining the target key group corresponding to the identity from the public key set comprises:
selecting a key group corresponding to the identifier from a local key set as the target key group;
wherein the local key set is obtained for synchronizing a public key set in the key management device.
11. The method of claim 10, wherein the key management device updates the public key set on a periodic basis, and wherein a period for synchronizing the public key set is less than or equal to an update period of the public key set.
12. A key management method, comprising:
creating a public key set, wherein the public key set comprises a plurality of key groups;
respectively configuring identifications for the plurality of key groups in the public key set so as to distinguish the plurality of key groups;
and providing the public key set to the communication terminals so as to carry out encrypted communication between the communication terminals by utilizing the public key set.
13. The method of claim 12, further comprising:
updating the public key set.
14. The method of claim 13, wherein the updating the set of public keys comprises:
updating the public key set on a periodic basis.
15. The method of claim 13 or 14, wherein said updating the public key set comprises:
deleting the part of the key group created firstly in the public key set in each updating process;
according to the number of deleted key groups, a key group is created and added to the public key set.
16. The method of claim 15, wherein the number of deleted key sets is 1.
17. The method of claim 12, further comprising:
receiving a public key set synchronization request sent by a communication terminal;
providing the set of public keys to the communication terminal.
18. The method of claim 12, wherein the configuring, in the public key set, identities for the plurality of key groups respectively comprises:
and configuring increasing or decreasing identifications for the plurality of key groups according to the creation sequence of the plurality of key groups.
19. The method of claim 18, further comprising:
if a newly added key group appears in the public key set, an identification matched with the original relation is established for the newly added key group according to the original increasing or decreasing relation between the identifications of the key groups in the public key set so as to represent the establishing sequence between the newly added key group and other key groups in the public key set.
20. A communication system characterized by comprising a key management device, an encrypting party, and a decrypting party;
the key management device is used for creating a public key set and configuring the identifier of each key group in the public key set, wherein the public key set comprises a plurality of key groups;
the encryption party is used for determining a target key group and acquiring the identifier of the target key group, wherein the target key group is a key group in a public key set; providing an identification of the target key set to a decrypter;
the decryptor is used for acquiring the target key group from the public key set according to the identification;
the encryptor and the decryptor perform encrypted communication based on the target key group.
21. A computing device comprising a memory and a processor;
the memory is to store one or more computer instructions;
the processor is coupled with the memory for executing the one or more computer instructions for:
determining a target key group and acquiring an identifier of the target key group, wherein the target key group is a key group in a public key set;
providing the identification of the target key group to a decrypter so that the decrypter can obtain the target key group from the public key set according to the identification;
and carrying out encrypted communication with the decrypter based on the target key group.
22. A computing device comprising a memory and a processor;
the memory is to store one or more computer instructions;
the processor is coupled with the memory for executing the one or more computer instructions for:
acquiring the identification of a key group used for encryption provided by an encryptor;
determining a target key set corresponding to the identity from a public key set;
and performing encrypted communication with the encryption party based on the target key group.
23. A computing device comprising a memory and a processor;
the memory is to store one or more computer instructions;
the processor is coupled with the memory for executing the one or more computer instructions for:
creating a public key set, wherein the public key set comprises a plurality of key groups;
respectively configuring identifications for the plurality of key groups in the public key set so as to distinguish the plurality of key groups;
and providing the public key set to the communication terminals so as to carry out encrypted communication between the communication terminals by utilizing the public key set.
24. A computer-readable storage medium storing computer instructions, which when executed by one or more processors, cause the one or more processors to perform the communication method of any one of claims 1-11 or the key management method of any one of claims 12-19.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010125527.2A CN113315626B (en) | 2020-02-27 | 2020-02-27 | Communication method, key management method, device, system and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010125527.2A CN113315626B (en) | 2020-02-27 | 2020-02-27 | Communication method, key management method, device, system and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113315626A true CN113315626A (en) | 2021-08-27 |
| CN113315626B CN113315626B (en) | 2023-01-10 |
Family
ID=77370402
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010125527.2A Active CN113315626B (en) | 2020-02-27 | 2020-02-27 | Communication method, key management method, device, system and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113315626B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114003922A (en) * | 2021-09-18 | 2022-02-01 | 中国电子科技集团公司第二十九研究所 | Loaded data encryption and decryption method based on PowerPc and detachable storage equipment |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103490878A (en) * | 2013-10-15 | 2014-01-01 | 上海杉德金卡信息系统科技有限公司 | Methods for dynamic secret key storing and stored secret key reading and deleting |
| CN108038128A (en) * | 2017-11-08 | 2018-05-15 | 平安科技(深圳)有限公司 | A kind of search method, system, terminal device and storage medium for encrypting file |
| CN108075890A (en) * | 2016-11-16 | 2018-05-25 | 中兴通讯股份有限公司 | Data sending terminal, data receiver, data transmission method and system |
| CN108429618A (en) * | 2018-05-16 | 2018-08-21 | 安徽问天量子科技股份有限公司 | A kind of the symmetric key synchronous method and device of no channel |
| CN108965302A (en) * | 2018-07-24 | 2018-12-07 | 苏州科达科技股份有限公司 | Media data transmission system, method, apparatus and storage medium |
| US20200028678A1 (en) * | 2018-04-28 | 2020-01-23 | EMC IP Holding Company LLC | Method, apparatus and computer program product for managing encryption key in a storage system |
-
2020
- 2020-02-27 CN CN202010125527.2A patent/CN113315626B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103490878A (en) * | 2013-10-15 | 2014-01-01 | 上海杉德金卡信息系统科技有限公司 | Methods for dynamic secret key storing and stored secret key reading and deleting |
| CN108075890A (en) * | 2016-11-16 | 2018-05-25 | 中兴通讯股份有限公司 | Data sending terminal, data receiver, data transmission method and system |
| CN108038128A (en) * | 2017-11-08 | 2018-05-15 | 平安科技(深圳)有限公司 | A kind of search method, system, terminal device and storage medium for encrypting file |
| US20200028678A1 (en) * | 2018-04-28 | 2020-01-23 | EMC IP Holding Company LLC | Method, apparatus and computer program product for managing encryption key in a storage system |
| CN108429618A (en) * | 2018-05-16 | 2018-08-21 | 安徽问天量子科技股份有限公司 | A kind of the symmetric key synchronous method and device of no channel |
| CN108965302A (en) * | 2018-07-24 | 2018-12-07 | 苏州科达科技股份有限公司 | Media data transmission system, method, apparatus and storage medium |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114003922A (en) * | 2021-09-18 | 2022-02-01 | 中国电子科技集团公司第二十九研究所 | Loaded data encryption and decryption method based on PowerPc and detachable storage equipment |
| CN114003922B (en) * | 2021-09-18 | 2023-03-21 | 中国电子科技集团公司第二十九研究所 | Loaded data encryption and decryption method based on PowerPc and detachable storage equipment |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113315626B (en) | 2023-01-10 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10498531B2 (en) | Electronic subscriber identity module (eSIM) provisioning error recovery | |
| US10985926B2 (en) | Managing embedded universal integrated circuit card (eUICC) provisioning with multiple certificate issuers (CIs) | |
| CN110099104B (en) | File transmission method, system and storage medium | |
| US20220385446A1 (en) | EMBEDDED UNIVERSAL INTEGRATED CIRCUIT CARD (eUICC) PROFILE CONTENT MANAGEMENT | |
| US11863982B2 (en) | Subscriber identity privacy protection against fake base stations | |
| US11297492B2 (en) | Subscriber identity privacy protection and network key management | |
| US20180278595A1 (en) | Key configuration method, key management center, and network element | |
| US10367810B2 (en) | Electronic subscriber identity module (eSIM) installation and testing | |
| US20140237559A1 (en) | Method and related device for generating group key | |
| US20150256335A1 (en) | Encryption Realization Method and System | |
| KR20200003108A (en) | Key generation methods, user equipment, devices, computer readable storage media, and communication systems | |
| JP2012217207A (en) | Exchange of key material | |
| US11082843B2 (en) | Communication method and communications apparatus | |
| WO2019206286A1 (en) | Method, apparatus and system for accessing network slice | |
| JP2022529837A (en) | Parameter transmission method and equipment | |
| CN107135190B (en) | Data flow attribution identification method and device based on transport layer secure connection | |
| CN113315626B (en) | Communication method, key management method, device, system and storage medium | |
| US10721621B2 (en) | Updating policy for a video flow during transitions | |
| CN114258693A (en) | Mobile device authentication without Electronic Subscriber Identity Module (ESIM) credentials | |
| CN116471586A (en) | Data processing method, device and readable storage medium | |
| CN113612612A (en) | Data encryption transmission method, system, equipment and storage medium | |
| CN116601985A (en) | Security context generation method, device and computer readable storage medium | |
| CN112073175B (en) | Data processing method, device and system and electronic equipment | |
| CN113037684A (en) | VxLan tunnel authentication method, device and system and gateway | |
| JP7434225B2 (en) | Authentication device, wireless communication device, wireless communication system, method and program |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20230607 Address after: Room 1-2-A06, Yungu Park, No. 1008 Dengcai Street, Sandun Town, Xihu District, Hangzhou City, Zhejiang Province Patentee after: Aliyun Computing Co.,Ltd. Address before: Box 847, four, Grand Cayman capital, Cayman Islands, UK Patentee before: ALIBABA GROUP HOLDING Ltd. |