CN113517980A - Key processing method, device and storage medium - Google Patents

Key processing method, device and storage medium Download PDF

Info

Publication number
CN113517980A
CN113517980A CN202010276333.2A CN202010276333A CN113517980A CN 113517980 A CN113517980 A CN 113517980A CN 202010276333 A CN202010276333 A CN 202010276333A CN 113517980 A CN113517980 A CN 113517980A
Authority
CN
China
Prior art keywords
split
key
target
preset
path
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202010276333.2A
Other languages
Chinese (zh)
Other versions
CN113517980B (en
Inventor
马冰珂
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Mobile Communications Group Co Ltd
China Mobile Communications Ltd Research Institute
Original Assignee
China Mobile Communications Group Co Ltd
China Mobile Communications Ltd Research Institute
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Mobile Communications Group Co Ltd, China Mobile Communications Ltd Research Institute filed Critical China Mobile Communications Group Co Ltd
Priority to CN202010276333.2A priority Critical patent/CN113517980B/en
Publication of CN113517980A publication Critical patent/CN113517980A/en
Application granted granted Critical
Publication of CN113517980B publication Critical patent/CN113517980B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/085Secret sharing or secret splitting, e.g. threshold schemes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0852Quantum cryptography
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0852Quantum cryptography
    • H04L9/0855Quantum cryptography involving additional nodes, e.g. quantum relays, repeaters, intermediate nodes or remote nodes

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Physics & Mathematics (AREA)
  • Electromagnetism (AREA)
  • Theoretical Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a key processing method, a device and a storage medium, wherein the method applied to a first terminal comprises the following steps: determining at least one target path; splitting a first key to be sent to obtain at least one split message; sending the at least one split message over the at least one target path; the at least one split message is received by a second terminal, and the second terminal determines the first key from the at least one split message.

Description

Key processing method, device and storage medium
Technical Field
The present invention relates to data privacy technologies, and in particular, to a method and an apparatus for processing a key, and a storage medium.
Background
The quantum secret communication has the technical advantages of quantum irreproducibility, quantum measurement inaccuracy, quantum irreproducibility, ideal randomness and the like, and the security of the quantum secret communication is based on the basic principle of quantum mechanics, and is the secret communication technology with the only theoretical security which can be strictly proved at present.
The existing practical quantum secret communication method mainly comprises two steps: quantum Key Distribution (QKD) based on Quantum networks and encrypted data transmission based on traditional networks. Quantum key distribution based on quantum network is a key step of quantum secret communication system operation, and how to improve the safety of the process is a very important problem.
Disclosure of Invention
In view of the above, the main object of the present invention is to provide a key processing method, device and storage medium.
In order to achieve the purpose, the technical scheme of the invention is realized as follows:
the embodiment of the invention provides a secret key processing method, which is applied to a first terminal; the method comprises the following steps:
determining at least one target path;
splitting a first key to be sent to obtain at least one split message;
sending the at least one split message over the at least one target path; the at least one split message is received by a second terminal, and the second terminal determines the first key from the at least one split message.
In the foregoing solution, the determining at least one target path includes:
determining at least one path to be selected and a safety state metric value of each path to be selected in the at least one path to be selected;
and selecting a path with a safety state meeting a preset condition from the at least one path to be selected as a target path according to the safety state metric value.
In the foregoing solution, the determining, as a target path, a path whose safety state meets a preset condition from the at least one path to be selected includes:
selecting a target path from the paths with the safety states meeting the preset conditions according to at least one of the following requirements:
each target path passes through a credible node and/or a general node;
any two target paths pass through different common nodes;
any two target paths pass through the same or different trusted nodes.
In the above scheme, splitting the first key to be sent to obtain at least one split message includes:
splitting the first key by using a preset splitting strategy to obtain at least one splitting message;
the preset splitting strategy comprises at least one of the following:
the total number of the split messages is a preset first number;
and any preset second number of split messages in the preset first number of split messages meet the preset polynomial of the finite field.
In the above scheme, the number of the target paths is at least two; the number of the split messages is at least two;
sending at least two split messages over at least two of the target paths, including:
grouping the at least two split messages to obtain a preset third number of split message groups; the split message group comprises at least one split message;
and sending the preset third number of split message groups through the at least two target paths.
The embodiment of the invention provides a secret key processing method, which is applied to a second terminal; the method comprises the following steps:
receiving at least one split message through at least one target path;
and determining a first key by using a preset data processing method according to the at least one split message.
In the foregoing solution, the determining, according to the at least one split message, a first key by using a preset data processing method includes:
randomly selecting at least one target split message set from the at least one split message; the target split message set includes: presetting a second number of splitting messages;
calculating according to each target split message set in the at least one target split message set and a preset polynomial of a finite field to obtain at least one key to be selected;
and comparing the at least one key to be selected, and determining a first key according to a comparison result.
The embodiment of the invention provides a secret key transmission device, which comprises: the device comprises a first processing module, a second processing module and a first communication module; wherein the content of the first and second substances,
the first processing module is used for determining at least one target path;
the second processing module is used for splitting the first key to be sent to obtain at least one split message;
the first communication module is configured to send the at least one split message through the at least one target path; the at least one split message is received by a second terminal, and the second terminal determines the first key from the at least one split message.
In the foregoing scheme, the first processing module is specifically configured to determine at least one path to be selected and a security state metric value of each path to be selected in the at least one path to be selected;
and selecting a path with a safety state meeting a preset condition from the at least one path to be selected as a target path according to the safety state metric value.
In the foregoing solution, the first processing module is configured to select a target path from paths whose safety states meet a preset condition according to at least one of the following requirements:
each target path passes through a credible node and/or a general node;
any two target paths pass through different common nodes;
any two target paths pass through the same or different trusted nodes.
In the above scheme, the second processing module is configured to split the first key by using a preset splitting policy to obtain at least one split message;
the preset splitting strategy comprises at least one of the following:
the total number of the split messages is a preset first number;
and any preset second number of split messages in the preset first number of split messages meet the preset polynomial of the finite field.
In the above scheme, the number of the target paths is at least two; the number of the split messages is at least two;
the second processing module is configured to group the at least two split messages to obtain a preset third number of split message groups; the split message group comprises at least one split message;
and sending the preset third number of split message groups through the at least two target paths.
The embodiment of the invention provides a secret key transmission device, which comprises: the second communication module and the third processing module; wherein the content of the first and second substances,
the second communication module is configured to receive at least one split message through at least one target path;
and the third processing module is configured to determine the first key by using a preset data processing method according to the at least one split message.
In the foregoing solution, the third processing module is configured to randomly select at least one target split message set from the at least one split message; the target split message set includes: presetting a second number of splitting messages;
calculating according to each target split message set in the at least one target split message set and a preset polynomial of a finite field to obtain at least one key to be selected;
and comparing the at least one key to be selected, and determining a first key according to a comparison result.
The embodiment of the invention provides a key processing device, which comprises a memory, a processor and a computer program which is stored on the memory and can run on the processor, wherein the processor realizes the key processing method on a first terminal side when executing the program; alternatively, the first and second electrodes may be,
the processor implements the steps of the key processing method at the second terminal side when executing the program.
An embodiment of the present invention further provides a computer-readable storage medium, on which a computer program is stored, where the computer program, when executed by a processor, implements the steps of the key processing method at a first terminal side; alternatively, the first and second electrodes may be,
the computer program realizes the steps of the key processing method at the second terminal side when executed by a processor.
The key processing method, the device and the storage medium provided by the embodiment of the invention determine at least one target path; splitting a first key to be sent to obtain at least one split message; sending the at least one split message over the at least one target path; the at least one split message is received by a second terminal, and the second terminal determines the first key according to the at least one split message; therefore, the key is split and then split messages are transmitted respectively, so that the attack difficulty is increased, and the security of key transmission is improved; in addition, the first key can be determined only according to at least one split message, so that the fault tolerance of key transmission is improved;
correspondingly, another key processing method, apparatus, and storage medium provided in the embodiments of the present invention receive at least one split message through at least one target path; determining a first key by using a preset data processing method according to the at least one split message; therefore, the first key can be determined through the received at least one split message, and the fault tolerance of key transmission is improved.
Drawings
FIG. 1 is a schematic diagram of a conventional quantum secure communication system;
fig. 2 is a schematic diagram of a conventional method for improving Security of Internet Protocol Security (IPSec) by combining quantum key distribution with IPSec;
fig. 3 is a schematic diagram of a relay method of remote quantum secure communication in the prior art;
FIG. 4 is a schematic diagram of the method of FIG. 3;
fig. 5 is a schematic diagram of a prior art quantum key distribution system based on a trusted relay;
fig. 6 is a schematic diagram of a quantum key distribution method according to the prior art;
fig. 7 is a schematic diagram of a conventional end-to-end secure quantum key distribution method that does not depend on a trusted relay;
fig. 8 is a schematic flowchart of a key processing method according to an embodiment of the present invention;
fig. 9 is a schematic flowchart of another key processing method according to an embodiment of the present invention;
fig. 10 is a flowchart illustrating a further key processing method according to an embodiment of the present invention
Fig. 11 is a schematic structural diagram of a key processing apparatus according to an embodiment of the present invention;
fig. 12 is a schematic structural diagram of another key processing apparatus according to an embodiment of the present invention;
fig. 13 is a schematic structural diagram of another key processing apparatus according to an embodiment of the present invention.
Detailed Description
Prior to describing the present invention in further detail with reference to embodiments, a description will be given of a related art of quantum secure communication.
FIG. 1 is a schematic diagram of a conventional quantum secure communication system; as shown in fig. 1, in the quantum secure communication system, a quantum network and corresponding quantum transceiver (including a quantum key transmitting end and a quantum key receiving end) are used between two communication parties to perform quantum key negotiation and distribution, and a trusted quantum relay can be used to extend a transmission distance of session key distribution. The ideal security of the session key distribution can be ensured through the quantum key distribution. After the two communication parties complete the distribution of the session key, the quantum key sending end and the quantum key receiving end respectively use the same session key to encrypt and decrypt the data to be transmitted, and use the traditional network to transmit the encrypted data, so that the secure and secret communication of the two communication parties can be realized. Here, quantum key distribution based on a quantum network is a key step in the operation of a quantum secret communication system, and it is also a very important problem to improve the security of the process. Existing solutions can be largely classified into four categories, including:
the first type: the method comprises the steps that a quantum network-based key distribution method is combined with a traditional key distribution method to realize the distribution of a session key; for example, one method of improving IPSec security by combining quantum key distribution with internet protocol security is shown in fig. 2, specifically: IPSec security is improved by using quantum keys generated by quantum key distribution in combination with traditional keys generated by the internet key exchange protocol (IKE) in IPSec in some combination (e.g., exclusive or, etc.) to generate the final session key (i.e., key set i +1, etc. in fig. 2).
The scheme is only suitable for the classic IPSec protocol and has no wide applicability, and the safety of the IPSec IKE protocol is mainly based on the traditional public key encryption system and has no long-term safety and usability.
The second type: the long-distance session key distribution is realized by introducing a trusted relay scheme into a quantum network; for example: fig. 3 shows a relay method for remote quantum secure communication, specifically: two user terminals (i.e. Alice and Bob) which are linked by a quantum network and a high-speed optical module channel are provided with at least one relay station on a link, the relay station adopts the quantum network to generate a corresponding root key firstly, then utilizes the root key to carry out section-by-section encryption transmission on session keys transmitted by two communication parties, and the relay station distributes and integrates a plurality of point-to-point keys to realize the ultra-long-distance quantum secret communication. The basic principle is as shown in fig. 4, the relay node generates and shares the corresponding root key Ki by segments among (Alice, B1, a1, …, Bi, Ai, … An +1, Bob) through the sub-network, and the session keys of Alice and Bob are encrypted and transmitted segment by using the root key Ki. Wherein Bi represents the ith Bob and Ai represents the ith Alice.
The scheme requires that the relay node must be completely trusted, otherwise an attacker can easily acquire the session key and further steal the communication data of both parties of the session.
In the third category: by introducing a session key distribution mode based on multiple paths in a quantum network, for example: fig. 5 shows a quantum key distribution system based on trusted relay, and in particular, the system may include: quantum key distribution equipment, routing equipment for relaying keys and forwarding encrypted data, and data equipment; each quantum key distribution device is connected with at least one routing device, each quantum key distribution device is connected with at least one data device, and the routing devices are connected with each other to form a mesh topology; the quantum key distribution equipment is used for carrying out key negotiation with opposite-end quantum key distribution equipment by adopting two or more different paths, determining whether the shared key obtained by negotiation needs to be combined or not by adopting a preset strategy, and executing corresponding combination operation when needed.
The scheme depends on a selected path for transmission in an actual transmission process, transmission safety is damaged if an untrusted node exists in the path, and in addition, the scheme cannot provide enough transmission redundancy and error correction and cannot guarantee high availability.
The third scheme may also be a quantum key distribution method shown in fig. 6, where a sending end (i.e., Alice) preprocesses original session key information, splits the original session key information into a plurality of pieces of sub-session key information, and sends the sub-session key information through a plurality of disjoint paths, and a receiving end (i.e., Bob) receives the sub-session key information and recovers the original session key information therefrom. The path selection method of the scheme does not consider the state information of different paths, and simultaneously requires absolute disjointness among a plurality of selected paths, so that the method is difficult to meet in an actual scene and has low applicability.
The fourth type: the session key is preprocessed and post-processed by presetting a key, for example: fig. 7 shows a quantum key distribution method of end-to-end security independent of a trusted relay, specifically: before the session key is transmitted in the quantum relay network, the session key Ks is encoded through a preset key K of the communication opposite ends Alice and Bob to generate a temporary key Kt, the temporary key Kt is transmitted to the receiving party through the quantum relay network, and finally the receiving party uses the key K to reversely encode the Kt so as to obtain the session key Ks.
Although the above scheme can solve the problem that the relay node is not trusted, the method depends on presetting an initial key at the opposite communication terminal and excessively depends on initial configuration, and the processes of updating, managing and the like of the initial key are complicated and difficult, and a quick and effective updating and managing mechanism is lacked.
Based on the above problem, in the solution provided by the embodiment of the present invention, the first terminal determines at least one target path; splitting a first key to be sent to obtain at least one split message; sending the at least one split message over the at least one target path; wherein the at least one split message is received by a second terminal and the first key is determined by the second terminal from the at least one split message; correspondingly, the second terminal receives at least one splitting message through at least one target path; and determining a first key by using a preset data processing method according to the at least one split message.
The present invention will be described in further detail with reference to examples.
Fig. 8 is a schematic flowchart of a key processing method according to an embodiment of the present invention; as shown in fig. 8, the key processing method is applied to a first terminal (such as Alice above); the method comprises the following steps:
step 801, determining at least one target path;
step 802, splitting a first key to be sent to obtain at least one split message;
step 803, sending the at least one split message through the at least one target path;
wherein the at least one split message is received by a second terminal and the first key is determined by the second terminal from the at least one split message.
In one embodiment, the determining at least one target path includes:
determining at least one path to be selected and a safety state metric value of each path to be selected in the at least one path to be selected;
and selecting a path with a safety state meeting a preset condition from the at least one path to be selected as a target path according to the safety state metric value.
Here, the security state metric value is introduced as the metric of the path security state to evaluate the security state of the links of different paths, so that a relatively secure path can be selected for transmission to improve the security of key distribution.
Specifically, the safety state metric value may be obtained from a Network Management System (Network Management System), which is a System for adjusting a Network state by combining software and hardware, so as to ensure that the Network System can operate normally and efficiently, so that resources in a Network are better utilized, and the Network Management System is a set for implementing various Network Management functions on the basis of a Network Management platform.
Specifically, the determining, as a target path, a path whose safety state meets a preset condition from the at least one path to be selected includes:
selecting a target path from the paths with the safety states meeting the preset conditions according to at least one of the following requirements:
each target path passes through a credible node and/or a general node;
any two target paths pass through different common nodes;
any two target paths pass through the same or different trusted nodes.
Specifically, the settings of the trusted node and the general node may be set and stored in advance by a developer according to the security of the node;
for example, if a certain node is a machine room and the security is general, the node can be regarded as a general node; and a certain node is a backbone computer room, has higher safety and can be generally regarded as a trusted node.
The above is merely an example of a trusted node and a general node, and the specific setting manner is not limited.
Here, by allowing multiple disjoint paths to share the same trusted node (i.e. any two target paths pass through the same or different trusted nodes), the applicability of the quantum key distribution system in an actual deployment environment can be improved, and the transmission distance of the quantum key distribution system can be effectively extended.
Here, the quantum key distribution system includes: a first terminal (which may be understood as a transmitting end), a second terminal (which may be understood as a receiving end), and a communication link between the first terminal and the second terminal, which may include at least one generic node, at least one trusted node.
Here, by the above method for selecting the target path from the paths whose security states meet the preset conditions, multiple target paths can be randomly selected from a group of relatively better paths to send the split message, so that the dynamics of the quantum key distribution system can be improved, the attack difficulty is increased for a network attacker, and the security of the split message is improved.
In an embodiment, the splitting the first key to be sent to obtain at least one split message includes:
splitting the first key by using a preset splitting strategy to obtain at least one splitting message;
the preset splitting strategy comprises at least one of the following:
the total number of the split messages is a preset first number;
and any preset second number of split messages in the preset first number of split messages meet the preset polynomial of the finite field.
Here, the splitting policy is set by a developer in advance; the splitting strategy is predetermined and stored in both the first terminal (specifically the sending terminal) and the receiving terminal (marked as the second terminal).
The following examples are provided for the splitting strategy.
Assume the split policy is F and the first key is KiTo K foriSplitting to obtain Kij(i=1,2,…,s;j=1,2,3,…,n),KijRepresenting a Key K by splitting a policyiSplitting to obtain the jth splitting information, namely Kij=F(j,Ki)。
Wherein F is j, KiAs input, and satisfies:
given specific j, KiThe value (i.e. the total number of split messages and the first key determined), KijThe value of (a) can be uniquely determined by calculating F;
given any not less than t groups of valid (j, K)ij) Can uniquely solve for KiA value of (d);
given any no more than t-1 set of valid (j, K)ij),KiThe value of (a) cannot be determined.
For example, F may be embodied by a finite field polynomial, such as:
Kij=F(j,Ki)=Bt-1jt-1+Bt-2jt-2+…+B2j2+B1j+Ki;j=1,2,3,…,n
further explanation is provided for the above splitting strategy.
Determining the total number j of split messages and the first key KiIn the case of (2), each split message K can be uniquely determinedij
Determining any not less than t groups are validij) In the case of (B), it is equivalent to obtain not less than t of the (B) relatedt-1,Bt-2,…,B2,B1,Ki) The equations are linearly related, and the value of Ki can be uniquely solved, namely a first secret key is determined;
(j, K) valid in determining that any no more than t-1 group is presentij) In the case of (A), that is, equivalent to obtaining not more than t-1 of the (B) related informationt-1,Bt-2,…,B2,B1,Ki) And these equations are linearly independent, i.e. the resulting system of equations is underdetermined, KiThe value of (c) may be any element of the value range and thus cannot be uniquely determined.
In one embodiment, the number of the target paths is at least two; the number of the split messages is at least two;
sending at least two split messages over at least two of the target paths, including:
grouping the at least two split messages to obtain a preset third number of split message groups; the split message group comprises at least one split message;
and sending the preset third number of split message groups through the at least two target paths.
Specifically, the at least two target paths include: a first path, a second path and a third path; the at least two split messages include: splitting a message I, a message II, a message III, a message IV and a message V;
grouping the split message I, the split message II, the split message III, the split message IV and the split message V to obtain a first split message group (comprising the split message I), a second split message group (comprising the split message II and the split message III) and a third split message group (comprising the split message IV and the split message V);
the sending the preset third number of split message groups through the at least two target paths includes:
the first split message group is sent by path one, the second split message group is sent by path two, the third split message group is sent by path three, or,
or the first split message group and the second split message group can be sent by the first path, and the third split message group can be sent by the second path;
the above is merely an example, and other transmission manners are possible, and are not limited herein.
The scheme partially solves the problem that the traditional quantum secret communication excessively depends on the credible relay security, namely if at least one path is completely credible, the key transmission security during quantum key distribution can be ensured.
In addition, the scheme transmits the split message through a plurality of paths, so that the accuracy, the availability and the fault tolerance of the quantum network can be ensured, and even if a few paths in the plurality of paths have transmission errors or line interruption, the first key can be completely recovered through the fault tolerance mechanism of the embodiment of the invention. The fault tolerance mechanism is that a first key is split to obtain a plurality of split messages; and obtaining the first key by using a polynomial of a finite field through arbitrarily presetting a second number of split messages in the split messages. Therefore, even if the split message is in error, the final result cannot be influenced.
Therefore, the scheme of the embodiment of the invention does not depend on a specific communication protocol or algorithm, has wide applicability and can meet the requirements of long-term safety and usability. In addition, any private information does not need to be preset at a communication opposite end, and portable management and configuration can be realized.
Fig. 9 is a schematic flowchart of another key processing method according to an embodiment of the present invention; as shown in fig. 9, the key processing method is applied to the second terminal; the method comprises the following steps:
step 901, receiving at least one splitting message through at least one target path;
step 902, determining a first key by using a preset data processing method according to the at least one split message.
In an embodiment, the determining, according to the at least one split message, a first key by using a preset data processing method includes:
randomly selecting at least one target split message set from the at least one split message; the target split message set includes: presetting a second number of splitting messages;
calculating according to each target split message set in the at least one target split message set and a preset polynomial of a finite field to obtain at least one key to be selected;
and comparing the at least one key to be selected, and determining a first key according to a comparison result.
Here, the polynomial of the finite field is set in advance by a developer and stored in the second terminal.
It should be noted that the preset data processing method is related to a preset splitting policy in the method shown in fig. 8; that is, the finite field polynomial used in the splitting policy is the same as the finite field polynomial in the preset data processing method. The polynomial of the finite field can refer to the polynomial in the method shown in fig. 8, and is not limited here.
When the method is applied, the second terminal can calculate the corresponding key by applying the polynomial of the finite field according to any preset second number of split messages;
and splitting the message set through a plurality of targets, calculating to obtain a plurality of keys, selecting the key with the maximum calculated number, and determining the key as a first key.
It should be noted that the polynomial of the finite field used in the splitting policy and the data processing method described above is only an example, and other equations may be used in practical application, and only the following equations are required:
the total number of the split messages is a preset first number;
any preset second number of split messages in the preset first number of split messages meet a preset formula;
therefore, the method provided by the embodiment of the invention can be used for processing the key.
The following provides an application example. Specifically, the transmitting end (referred to as Alice and corresponding to the first terminal) needs to generate the session key K1、K2、K3、…、KsSending the information to an opposite terminal (marked as Bob, which is equivalent to the second terminal); for each key KiThe method provided by the embodiment of the invention is adopted to process the key.
Fig. 10 is a flowchart illustrating a further key processing method according to an embodiment of the present invention; as shown in fig. 10, the method includes:
step 1001, Alice (i.e. a sending end, which is equivalent to the first terminal) preprocesses a first secret key to be sent;
in particular, the present invention relates to a method for producing,the preprocessing method (e.g., a splitting strategy) is denoted by F, and Kij(i-1, 2, …, s; j-1, 2,3, …, n) denotes a pair of first keys K by FiThe j-th splitting information obtained after splitting, i.e.
Kij=F(j,Ki)。
Wherein F is j, KiAs input (said F, j, K)iDetermined), satisfies:
given specific j, KiValue, KijThe value of (a) can be uniquely determined by calculating F;
given any not less than t groups of valid (j, K)ij) Can uniquely solve for KiA value of (d);
given any no more than t-1 set of valid (j, K)ij),KiThe value of (a) cannot be determined.
For example, F may be embodied by a finite field polynomial, namely:
Kij=F(j,Ki)=Bt-1jt-1+Bt-2jt-2+…+B2j2+B1j+Ki(ii) a j is 1,2,3, …, n; wherein, KiRepresenting the original first key, Bt-1,Bt-2,…,B2,B1Are all constant term coefficients;
for the three requirements mentioned above, it can be seen that:
given specific inputs j, KiThen K isijUniquely determining the value of (c);
given any not less than t groups of valid (j, K)ij) That is, it is equivalent to obtain not less than t of the (B)t-1,Bt-2,…,B2,B1,Ki) And the equations are linearly related, and K can be obtained by unique solutioniA value of (d);
given that any no more than t-1 groups are valid (j, K)ij) I.e. equivalent to obtaining not more than t-1 references (B)t-1,Bt-2,…,B2,B1,Ki) And these equations are linearOff, i.e. the resulting system of equations is underdetermined, KiThe value of (c) may be any element of the value range and thus cannot be uniquely determined.
That is, by following KiSplitting the obtained t split messages, and determining the secret key K by using a preset polynomial of a finite fieldi
Step 1002, Alice determines a security state metric value of at least one path, and determines a target path set according to the security state metric value of the at least one path;
specifically, the step 1002 includes:
step 0021, obtaining all or a plurality of optional paths which can be connected with Bob by Alice; respectively denoted as path 1, path 2, …, and path L;
0022, for each acquired path, Alice measures the safety state of the L paths according to network monitoring and operation state data (which can be specifically determined by a network management system), and records the safety state metric value of each path; are respectively marked as R1、R2、R3、…、RL
Step 0023, according to the security state metric of each path, Alice selects a set including M available paths from the L paths, to obtain a target path set, where the target path set includes: target route 1, target route 2, …, target route M.
Here, when a set including M available paths is selected, the selection may be performed in combination with other indicators such as path congestion and delay, that is, the priority of security (specifically, with reference to the security state metric value), and then in combination with indicators such as path congestion and delay. Other indicators of path congestion, delay, etc. may be obtained from a network management system.
It is assumed that the L paths are specifically 10 paths, and the safety state metric values of the 10 paths all exceed a preset threshold (that is, meet the safety requirement), and 5 paths with no path congestion and low delay are selected from the safety state metric values in combination with other indexes such as path congestion and delay, and are used as the target path set.
And 1003, transmitting splitting information by Alice according to each path in the target path set.
Specifically, the step 1003 includes:
step 0031, determine key K based on transmission needs1Split information K after splittingij(j ═ 1,2,3, …, n), partitioning the split information into m disjoint sets;
here, the m disjoint sets can be written as: k1{A1},K1{A2},K1{A3},…,K1{AmAnd satisfy A1+A2+…+AmIs n, and A1,A2,A3,…,Am>0,m<M;
0032, according to M different paths in the target path set, randomly selecting different M entry label paths, and respectively transmitting the M disjoint sets through the M entry label paths, that is, each target path respectively transmits a set of split messages.
Step 0033 for the remaining keys K that need to be transferred2、K3、…、KsAnd repeating the steps 0031 and 0032 to realize transmission.
Note that for each Ki(i ═ 1,2, …, s), the m paths can be chosen in different ways, which can further improve the dynamics and unpredictability of the key distribution process.
Step 1004, Bob (i.e. the receiving end, which is equivalent to the second terminal) receives the split message, and determines the first key according to the split message.
Specifically, the step 1004 includes:
step 0041, Bob receives the splitting information sent by Alice, namely Kij(i=1,2,…,s;j=1,2,3,…,n);
Step 0042 for K1Bob randomly selects t split messages K from n split messages1,j1,K1,j2,…,K1,jtAnd obtaining Ki,ji=F(ji,K1) (i ═ 1,2,3, …, t), and an equation including t equations is solved, that isTo obtain K1One value of (a);
0043, randomly selecting t different split messages from the n split messages according to different modes, repeating the step 0042 and solving the equation to obtain the key K1A plurality of values of (d);
step 0044, Bob follows the secret key K1Selecting the K with the most occurrence frequency from the multiple values1The value is the secret key K initially sent by Alice1I.e. determining the first key;
step 0045 for the remaining key K2、K3、…、KsRepeating the steps 0042, 0043 and 0044 to obtain the secret key K initially sent by Alice2、K3、…、Ks
Based on the method provided by the embodiment of the invention, even if errors, data loss and other abnormalities may occur in the transmission process, a small number of errors do not influence the final determination result, namely, the correct operation of the method provided by the embodiment of the invention is not influenced.
Fig. 11 is a schematic structural diagram of a key processing apparatus according to an embodiment of the present invention; as shown in fig. 11, the key processing apparatus includes: the device comprises a first processing module, a second processing module and a first communication module; wherein the content of the first and second substances,
the first processing module is used for determining at least one target path;
the second processing module is used for splitting the first key to be sent to obtain at least one split message;
the first communication module is configured to send the at least one split message through the at least one target path; the at least one split message is received by a second terminal, and the second terminal determines the first key from the at least one split message.
Specifically, the first processing module is specifically configured to determine at least one path to be selected and a security state metric value of each path to be selected in the at least one path to be selected;
and selecting a path with a safety state meeting a preset condition from the at least one path to be selected as a target path according to the safety state metric value.
Specifically, the first processing module is configured to select a target path from paths whose safety states meet a preset condition according to at least one of the following requirements:
each target path passes through a credible node and/or a general node;
any two target paths pass through different common nodes;
any two target paths pass through the same or different trusted nodes.
Specifically, the second processing module is configured to split the first key by using a preset splitting policy to obtain at least one split message;
the preset splitting strategy comprises at least one of the following:
the total number of the split messages is a preset first number;
and any preset second number of split messages in the preset first number of split messages meet the preset polynomial of the finite field.
Specifically, the number of the target paths is at least two; the number of the split messages is at least two;
the second processing module is configured to group the at least two split messages to obtain a preset third number of split message groups; the split message group comprises at least one split message;
and sending the preset third number of split message groups through the at least two target paths.
It should be noted that: in the key processing apparatus provided in the foregoing embodiment, when implementing the corresponding key processing method, only the division of each program module is illustrated, and in practical applications, the above processing distribution may be completed by different program modules according to needs, that is, the internal structure of the server is divided into different program modules to complete all or part of the above-described processing. In addition, the apparatus provided by the above embodiment and the embodiment of the corresponding method belong to the same concept, and the specific implementation process thereof is described in the method embodiment, which is not described herein again.
Fig. 12 is a schematic structural diagram of another key processing apparatus according to an embodiment of the present invention; as shown in fig. 12, the key processing apparatus includes: the second communication module and the third processing module; wherein the content of the first and second substances,
the second communication module is configured to receive at least one split message through at least one target path;
and the third processing module is configured to determine the first key by using a preset data processing method according to the at least one split message.
Specifically, the third processing module is configured to randomly select at least one target split message set from the at least one split message; the target split message set includes: presetting a second number of splitting messages;
calculating according to each target split message set in the at least one target split message set and a preset polynomial of a finite field to obtain at least one key to be selected;
and comparing the at least one key to be selected, and determining a first key according to a comparison result.
It should be noted that: in the key processing apparatus provided in the foregoing embodiment, when implementing the corresponding key processing method, only the division of each program module is illustrated, and in practical applications, the above processing distribution may be completed by different program modules according to needs, that is, the internal structure of the server is divided into different program modules to complete all or part of the above-described processing. In addition, the apparatus provided by the above embodiment and the embodiment of the corresponding method belong to the same concept, and the specific implementation process thereof is described in the method embodiment, which is not described herein again.
Fig. 13 is a schematic structural diagram of a key processing apparatus according to an embodiment of the present invention; as shown in fig. 13, the apparatus 130 includes: a processor 1301 and a memory 1302 for storing computer programs executable on the processor; wherein the content of the first and second substances,
when the apparatus is applied to a first terminal, the processor 1301 is configured to execute, when running the computer program: determining at least one target path; splitting a first key to be sent to obtain at least one split message; sending the at least one split message over the at least one target path; the at least one split message is received by a second terminal, and the second terminal determines the first key from the at least one split message.
In an embodiment, the processor 1301 is configured to execute, when running the computer program, the following: determining at least one path to be selected and a safety state metric value of each path to be selected in the at least one path to be selected; and selecting a path with a safety state meeting a preset condition from the at least one path to be selected as a target path according to the safety state metric value.
In an embodiment, the processor 1301 is configured to execute, when running the computer program, the following: selecting a target path from the paths with the safety states meeting the preset conditions according to at least one of the following requirements:
each target path passes through a credible node and/or a general node;
any two target paths pass through different common nodes;
any two target paths pass through the same or different trusted nodes.
In an embodiment, the processor 1301 is configured to execute, when running the computer program, the following: splitting the first key by using a preset splitting strategy to obtain at least one splitting message;
the preset splitting strategy comprises at least one of the following:
the total number of the split messages is a preset first number;
and any preset second number of split messages in the preset first number of split messages meet the preset polynomial of the finite field.
In an embodiment, the processor 1301 is configured to execute, when running the computer program, the following: grouping the at least two split messages to obtain a preset third number of split message groups; the split message group comprises at least one split message; and sending the preset third number of split message groups through the at least two target paths.
Specifically, the apparatus specifically executes the method shown in fig. 8, which belongs to the same concept as the embodiment of the key processing method shown in fig. 8, and the specific implementation process thereof is described in detail in the embodiment of the method and is not described herein again.
When the apparatus is applied to a second terminal, the processor 1301 is configured to execute, when running the computer program: receiving at least one split message through at least one target path; and determining a first key by using a preset data processing method according to the at least one split message.
In an embodiment, the processor 1301 is configured to execute, when running the computer program, the following: randomly selecting at least one target split message set from the at least one split message; the target split message set includes: presetting a second number of splitting messages; calculating according to each target split message set in the at least one target split message set and a preset polynomial of a finite field to obtain at least one key to be selected; and comparing the at least one key to be selected, and determining a first key according to a comparison result.
Specifically, the apparatus specifically executes the method shown in fig. 13, and belongs to the same concept as the embodiment of the key processing method shown in fig. 13, and the specific implementation process thereof is described in detail in the embodiment of the method and is not described herein again.
In practical applications, the apparatus 130 may further include: at least one network interface 1303. The various components in the key processing device 130 are coupled together by a bus system 1304. It is understood that the bus system 1304 is used to enable connective communication between these components. The bus system 1304 includes a power bus, a control bus, and a status signal bus in addition to a data bus. For clarity of illustration, however, the various buses are labeled in fig. 13 as the bus system 1304. The number of the processors 1301 can be at least one. The network interface 1303 is used for wired or wireless communication between the key processing apparatus 130 and another device.
The memory 1302 in the embodiment of the present invention is used to store various types of data to support the operation of the key processing apparatus 130.
The method disclosed by the above embodiment of the present invention may be applied to the processor 1301, or implemented by the processor 1301. Processor 1301 may be an integrated circuit chip having signal processing capabilities. In implementation, the steps of the above method may be performed by integrated logic circuits of hardware or instructions in the form of software in the processor 1301. The Processor 1301 may be a general purpose Processor, a DiGital Signal Processor (DSP), or other programmable logic device, discrete gate or transistor logic device, discrete hardware components, or the like. Processor 1301 may implement or perform the methods, steps, and logic blocks disclosed in the embodiments of the present invention. A general purpose processor may be a microprocessor or any conventional processor or the like. The steps of the method disclosed by the embodiment of the invention can be directly implemented by a hardware decoding processor, or can be implemented by combining hardware and software modules in the decoding processor. The software modules may be located in a storage medium that is located in the memory 1302, and the processor 1301 reads the information in the memory 1302 to perform the steps of the aforementioned methods in conjunction with its hardware.
In an exemplary embodiment, the key processing Device 130 may be implemented by one or more Application Specific Integrated Circuits (ASICs), DSPs, Programmable Logic Devices (PLDs), Complex Programmable Logic Devices (CPLDs), Field Programmable Gate Arrays (FPGAs), general purpose processors, controllers, Micro Controllers (MCUs), microprocessors (microprocessors), or other electronic components for performing the foregoing methods.
An embodiment of the present invention further provides a computer-readable storage medium, on which a computer program is stored;
when the computer readable storage medium is applied to a first terminal, the computer program is executed by a processor to execute: determining at least one target path; splitting a first key to be sent to obtain at least one split message; sending the at least one split message over the at least one target path; the at least one split message is received by a second terminal, and the second terminal determines the first key from the at least one split message.
In one embodiment, the computer program, when executed by the processor, performs: determining at least one path to be selected and a safety state metric value of each path to be selected in the at least one path to be selected; and selecting a path with a safety state meeting a preset condition from the at least one path to be selected as a target path according to the safety state metric value.
In one embodiment, the computer program, when executed by the processor, performs: selecting a target path from the paths with the safety states meeting the preset conditions according to at least one of the following requirements:
each target path passes through a credible node and/or a general node;
any two target paths pass through different common nodes;
any two target paths pass through the same or different trusted nodes.
In one embodiment, the computer program, when executed by the processor, performs: splitting the first key by using a preset splitting strategy to obtain at least one splitting message;
the preset splitting strategy comprises at least one of the following:
the total number of the split messages is a preset first number;
and any preset second number of split messages in the preset first number of split messages meet the preset polynomial of the finite field.
In one embodiment, the computer program, when executed by the processor, performs: grouping the at least two split messages to obtain a preset third number of split message groups; the split message group comprises at least one split message; and sending the preset third number of split message groups through the at least two target paths.
When the computer readable storage medium is applied to a second terminal, the computer program is executed by a processor to execute: receiving at least one split message through at least one target path; and determining a first key by using a preset data processing method according to the at least one split message.
In one embodiment, the computer program, when executed by the processor, performs: randomly selecting at least one target split message set from the at least one split message; the target split message set includes: presetting a second number of splitting messages; calculating according to each target split message set in the at least one target split message set and a preset polynomial of a finite field to obtain at least one key to be selected; and comparing the at least one key to be selected, and determining a first key according to a comparison result.
In the several embodiments provided in the present application, it should be understood that the disclosed apparatus and method may be implemented in other ways. The above-described device embodiments are merely illustrative, for example, the division of the unit is only a logical functional division, and there may be other division ways in actual implementation, such as: multiple units or components may be combined, or may be integrated into another system, or some features may be omitted, or not implemented. In addition, the coupling, direct coupling or communication connection between the components shown or discussed may be through some interfaces, and the indirect coupling or communication connection between the devices or units may be electrical, mechanical or other forms.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, that is, may be located in one place, or may be distributed on a plurality of network units; some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, all the functional units in the embodiments of the present invention may be integrated into one processing unit, or each unit may be separately regarded as one unit, or two or more units may be integrated into one unit; the integrated unit can be realized in a form of hardware, or in a form of hardware plus a software functional unit.
Those of ordinary skill in the art will understand that: all or part of the steps for implementing the method embodiments may be implemented by hardware related to program instructions, and the program may be stored in a computer readable storage medium, and when executed, the program performs the steps including the method embodiments; and the aforementioned storage medium includes: a mobile storage device, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
Alternatively, the integrated unit of the present invention may be stored in a computer-readable storage medium if it is implemented in the form of a software functional module and sold or used as a separate product. Based on such understanding, the technical solutions of the embodiments of the present invention may be essentially implemented or a part contributing to the prior art may be embodied in the form of a software product, which is stored in a storage medium and includes several instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the methods described in the embodiments of the present invention. And the aforementioned storage medium includes: a removable storage device, a ROM, a RAM, a magnetic or optical disk, or various other media that can store program code.
The above description is only for the specific embodiments of the present invention, but the scope of the present invention is not limited thereto, and any person skilled in the art can easily conceive of the changes or substitutions within the technical scope of the present invention, and all the changes or substitutions should be covered within the scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the appended claims.

Claims (16)

1. A key processing method, characterized in that the method is applied to a first terminal; the method comprises the following steps:
determining at least one target path;
splitting a first key to be sent to obtain at least one split message;
sending the at least one split message over the at least one target path; the at least one split message is received by a second terminal, and the second terminal determines the first key from the at least one split message.
2. The method of claim 1, wherein determining at least one target path comprises:
determining at least one path to be selected and a safety state metric value of each path to be selected in the at least one path to be selected;
and selecting a path with a safety state meeting a preset condition from the at least one path to be selected as a target path according to the safety state metric value.
3. The method according to claim 2, wherein the determining, as the target path, a path whose safety state meets a preset condition from the at least one path to be selected comprises:
selecting a target path from the paths with the safety states meeting the preset conditions according to at least one of the following requirements:
each target path passes through a credible node and/or a general node;
any two target paths pass through different common nodes;
any two target paths pass through the same or different trusted nodes.
4. The method of claim 1, wherein splitting the first key to be sent to obtain at least one split message comprises:
splitting the first key by using a preset splitting strategy to obtain at least one splitting message;
the preset splitting strategy comprises at least one of the following:
the total number of the split messages is a preset first number;
and any preset second number of split messages in the preset first number of split messages meet the preset polynomial of the finite field.
5. The method of claim 1, wherein the number of target paths is at least two; the number of the split messages is at least two;
sending at least two split messages over at least two of the target paths, including:
grouping the at least two split messages to obtain a preset third number of split message groups; the split message group comprises at least one split message;
and sending the preset third number of split message groups through the at least two target paths.
6. A key processing method, characterized in that the method is applied to a second terminal; the method comprises the following steps:
receiving at least one split message through at least one target path;
and determining a first key by using a preset data processing method according to the at least one split message.
7. The method of claim 6, wherein determining the first key using a predetermined data processing method according to the at least one split message comprises:
randomly selecting at least one target split message set from the at least one split message; the target split message set includes: presetting a second number of splitting messages;
calculating according to each target split message set in the at least one target split message set and a preset polynomial of a finite field to obtain at least one key to be selected;
and comparing the at least one key to be selected, and determining a first key according to a comparison result.
8. A key transmission apparatus, characterized in that the apparatus comprises: the device comprises a first processing module, a second processing module and a first communication module; wherein the content of the first and second substances,
the first processing module is used for determining at least one target path;
the second processing module is used for splitting the first key to be sent to obtain at least one split message;
the first communication module is configured to send the at least one split message through the at least one target path; the at least one split message is received by a second terminal, and the second terminal determines the first key from the at least one split message.
9. The apparatus according to claim 8, wherein the first processing module is specifically configured to determine at least one path to be selected and a security state metric value of each path to be selected in the at least one path to be selected;
and selecting a path with a safety state meeting a preset condition from the at least one path to be selected as a target path according to the safety state metric value.
10. The apparatus of claim 9, wherein the first processing module is configured to select a target path from paths whose safety states meet a preset condition according to at least one of the following requirements:
each target path passes through a credible node and/or a general node;
any two target paths pass through different common nodes;
any two target paths pass through the same or different trusted nodes.
11. The apparatus of claim 8, wherein the second processing module is configured to split the first key by using a preset splitting policy to obtain at least one split message;
the preset splitting strategy comprises at least one of the following:
the total number of the split messages is a preset first number;
and any preset second number of split messages in the preset first number of split messages meet the preset polynomial of the finite field.
12. The apparatus of claim 8, wherein the number of target paths is at least two; the number of the split messages is at least two;
the second processing module is configured to group the at least two split messages to obtain a preset third number of split message groups; the split message group comprises at least one split message;
and sending the preset third number of split message groups through the at least two target paths.
13. A key transmission apparatus, characterized in that the apparatus comprises: the second communication module and the third processing module; wherein the content of the first and second substances,
the second communication module is configured to receive at least one split message through at least one target path;
and the third processing module is configured to determine the first key by using a preset data processing method according to the at least one split message.
14. The apparatus of claim 13, wherein the third processing module is configured to randomly select at least one target split message set from the at least one split message; the target split message set includes: presetting a second number of splitting messages;
calculating according to each target split message set in the at least one target split message set and a preset polynomial of a finite field to obtain at least one key to be selected;
and comparing the at least one key to be selected, and determining a first key according to a comparison result.
15. A key processing apparatus comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor when executing the program implements the steps of the method of any one of claims 1 to 5; alternatively, the first and second electrodes may be,
the processor, when executing the program, implements the steps of the method of claim 6 or 7.
16. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the steps of the method according to any one of claims 1 to 5; alternatively, the first and second electrodes may be,
which computer program, when being executed by a processor, carries out the steps of the method as set forth in claim 6 or 7.
CN202010276333.2A 2020-04-09 2020-04-09 Key processing method, device and storage medium Active CN113517980B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010276333.2A CN113517980B (en) 2020-04-09 2020-04-09 Key processing method, device and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010276333.2A CN113517980B (en) 2020-04-09 2020-04-09 Key processing method, device and storage medium

Publications (2)

Publication Number Publication Date
CN113517980A true CN113517980A (en) 2021-10-19
CN113517980B CN113517980B (en) 2023-07-21

Family

ID=78060424

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010276333.2A Active CN113517980B (en) 2020-04-09 2020-04-09 Key processing method, device and storage medium

Country Status (1)

Country Link
CN (1) CN113517980B (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020071554A1 (en) * 1997-02-13 2002-06-13 Scheidt Edward M. Cryptographic key split combiner
CN106788989A (en) * 2016-11-30 2017-05-31 华为技术有限公司 A kind of method and apparatus for setting up safe encryption channel
CN110009346A (en) * 2019-03-11 2019-07-12 巍乾全球技术有限责任公司 For splitting and restoring method, program product, storage medium and the system of key
CN110826097A (en) * 2019-10-29 2020-02-21 维沃移动通信有限公司 Data processing method and electronic equipment
CN110912703A (en) * 2019-10-29 2020-03-24 上海唯链信息科技有限公司 Network security-based multi-level key management method, device and system

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020071554A1 (en) * 1997-02-13 2002-06-13 Scheidt Edward M. Cryptographic key split combiner
CN106788989A (en) * 2016-11-30 2017-05-31 华为技术有限公司 A kind of method and apparatus for setting up safe encryption channel
CN110009346A (en) * 2019-03-11 2019-07-12 巍乾全球技术有限责任公司 For splitting and restoring method, program product, storage medium and the system of key
CN110826097A (en) * 2019-10-29 2020-02-21 维沃移动通信有限公司 Data processing method and electronic equipment
CN110912703A (en) * 2019-10-29 2020-03-24 上海唯链信息科技有限公司 Network security-based multi-level key management method, device and system

Also Published As

Publication number Publication date
CN113517980B (en) 2023-07-21

Similar Documents

Publication Publication Date Title
US11595196B2 (en) Quantum key distribution method and device, and storage medium
CN111404672B (en) Quantum key distribution method and device
CN110581763B (en) Quantum key service block chain network system
CN108111305B (en) Multi-type quantum terminal compatible converged network access system and method
CN107769914B (en) Method and network device for protecting data transmission security
Mink et al. Quantum key distribution (QKD) and commodity security protocols: Introduction and integration
CN110690928B (en) Quantum relay link virtualization method and device
CN104660602A (en) Quantum key transmission control method and system
CN101599968B (en) Reliable anonymous transmission method and system thereof
Fung et al. Quantum key distribution with delayed privacy amplification and its application to the security proof of a two-way deterministic protocol
Mejri et al. A new group Diffie-Hellman key generation proposal for secure VANET communications
CN112187450B (en) Method, device, equipment and storage medium for key management communication
Ometov et al. Securing network-assisted direct communication: The case of unreliable cellular connectivity
US20070055870A1 (en) Process for secure communication over a wireless network, related network and computer program product
Takahashi et al. A high-speed key management method for quantum key distribution network
KR20220049208A (en) Method and apparatus for quantum key distribution
US20100313021A1 (en) Method for secure communication over heterogeneous networks
Wang et al. A segment-based multipath distribution method in partially-trusted relay quantum networks
CN114401085B (en) Network architecture and key storage method of quantum secret communication network
CN113517980B (en) Key processing method, device and storage medium
WO2022239129A1 (en) Key exchange system, device, key exchange method, and program
CN114286334A (en) Multi-user authentication method and system for mobile communication scene and information processing terminal
Watson et al. MAC-layer Security for Time-Sensitive Switched Ethernet Networks
Huang et al. A novel key distribution scheme based on transmission delays
Walid et al. Trust security mechanism for maritime wireless sensor networks

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant