CN113645032B - Dynamic updating method and device for group key - Google Patents
Dynamic updating method and device for group key Download PDFInfo
- Publication number
- CN113645032B CN113645032B CN202110934678.7A CN202110934678A CN113645032B CN 113645032 B CN113645032 B CN 113645032B CN 202110934678 A CN202110934678 A CN 202110934678A CN 113645032 B CN113645032 B CN 113645032B
- Authority
- CN
- China
- Prior art keywords
- group
- key
- message
- encryption
- encrypted
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0891—Revocation or update of secret information, e.g. encryption key update or rekeying
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/083—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
- H04L9/0833—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP] involving conference or group key
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
- Information Transfer Between Computers (AREA)
Abstract
The invention provides a method and a device for dynamically updating a group key; the method is applied to the server and comprises the following steps: monitoring whether group members of the target group change; if yes, reconstructing a group public key according to the identification of the target group and the ID information of all group members contained in the changed target group; sending a request for regenerating the group encryption private key of the target group to a key center, wherein the request carries the group public key of the target group, so that the key center regenerates the group encryption private key of the target group according to the group public key; and receiving the group encryption private key sent by the key center, and sending the group encryption private key and the group public key to all group member clients. Thus, the privacy and the security of the group chat messages are improved.
Description
Technical Field
The invention relates to the technical field of data processing, in particular to a method and a device for dynamically updating a group key.
Background
In various applications for implementing instant messaging, in order to facilitate multi-user communication, communication among multiple users is often implemented by creating groups, such as a micro-message group, a QQ group, a nail group, and the like.
The inventor of the invention discovers in the research that in the field of instant communication, the security and privacy of network communication data are more and more paid attention to how to process group information, so that the final implementation of safely presenting the group information on a group member client is a key technical problem to be solved urgently.
Disclosure of Invention
In view of the above, the present invention provides a method and apparatus for dynamically updating a group key to improve the security of data in the process of communicating through a group in instant messaging.
Specifically, the invention is realized by the following technical scheme:
in a first aspect, an embodiment of the present invention provides a method for dynamically updating a group key, where the method is applied to a server, and includes:
monitoring whether group members of the target group change;
if yes, reconstructing a group public key according to the identification of the target group and the ID information of all group members contained in the changed target group;
sending a request for regenerating the group encryption private key of the target group to a key center, wherein the request carries the group public key of the target group, so that the key center regenerates the group encryption private key of the target group according to the group public key;
and receiving the group encryption private key sent by the key center, and sending the group encryption private key and the group public key to all group member clients.
In a second aspect, an embodiment of the present invention provides a device for dynamically updating a group key, where the device is applied to a server, and the device includes:
the monitoring module is used for monitoring whether the group members of the target group change or not;
the first generation module is used for generating a group public key according to the identification of the target group and the ID information of all group members contained in the changed target group if the group members of the target group are changed;
the sending module is used for sending a request for regenerating the group encryption private key of the target group to the key center, wherein the request carries the group public key of the target group, so that the key center generates the group encryption private key of the target group according to the group public key;
the first receiving module is used for receiving the group encryption private key sent by the key center and sending the group encryption private key and the group public key to all group member clients.
In a third aspect, embodiments of the present invention provide a computer-readable storage medium having stored thereon a computer program which, when executed by a processor, implements the steps of the method according to the first aspect.
In a fourth aspect, an embodiment of the present invention further provides a computer device, including a processor, a communication interface, a memory, and a communication bus, where the processor, the communication interface, and the memory complete communication with each other through the communication bus;
a memory for storing a computer program;
a processor for performing the method steps as described in the first aspect when executing a program stored on a memory.
The embodiment of the invention provides a method and a device for dynamically updating a group key, wherein a server monitors whether group members of a target group change in real time; if yes, generating a group public key according to the identification of the target group and the ID information of all group members contained in the changed target group; the server sends a message encryption private key request for generating a target group to the key center, wherein the request carries a group public key of the target group, so that the key center generates a group encryption private key of the target group according to the group public key; and the server receives the group encryption private key sent by the key center and sends the group encryption private key and the group public key to all group member clients. In the embodiment of the invention, the group public key and the group encryption private key are dynamically generated according to the change of the group members, and an offline message caching mechanism is provided when the group key is updated, so that even if the member exiting the group acquires the group message, the member cannot decrypt the group message correctly even if the member does not acquire the latest group key, and even if the member is updated when the member is offline, the member can decrypt the offline message correctly, and the security and privacy of the group chat are ensured.
Drawings
FIG. 1 is a schematic diagram of an application scenario of a group key dynamic update method according to an exemplary embodiment of the present invention;
FIG. 2 is a flow chart of a method for dynamically updating group keys according to an exemplary embodiment of the present invention;
FIG. 3 is an illustration of an offline message buffer representation intent in accordance with an exemplary embodiment of the present invention;
FIG. 4 is a schematic diagram of a group key dynamic updating apparatus according to an exemplary embodiment of the present invention;
fig. 5 is a schematic diagram of a computer device according to an exemplary embodiment of the present invention.
Detailed Description
Reference will now be made in detail to exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, the same numbers in different drawings refer to the same or similar elements, unless otherwise indicated. The implementations described in the following exemplary examples do not represent all implementations consistent with the invention. Rather, they are merely examples of apparatus and methods consistent with aspects of the invention as detailed in the accompanying claims.
The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention. As used in this specification and the appended claims, the singular forms "a," "an," and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It should also be understood that the term "and/or" as used herein refers to and encompasses any or all possible combinations of one or more of the associated listed items.
It should be understood that although the terms first, second, third, etc. may be used herein to describe various information, these information should not be limited by these terms. These terms are only used to distinguish one type of information from another. For example, first information may also be referred to as second information, and similarly, second information may also be referred to as first information, without departing from the scope of the invention. The word "if" as used herein may be interpreted as "at … …" or "at … …" or "responsive to a determination", depending on the context.
In the instant messaging field, a group chat mode is used, such as a micro-message group, a QQ group, a nail group and the like, so that the security and the privacy of network information are more and more valued; based on the above, the embodiment of the invention provides a method and a device for dynamically updating a group key.
FIG. 1 is a schematic diagram of a scenario of a method for dynamically updating a group key according to an exemplary embodiment of the present invention; referring to fig. 1, a server 10 establishes a target group in response to a request for a client 30 to establish a group, generates a group public key of the target group, and generates a group encryption private key of the target group with a key center 20.
FIG. 2 is a flow chart of a method for synchronizing data according to an exemplary embodiment of the present application; referring to fig. 2, the method comprises the steps of:
s10, monitoring whether the group members of the target group change.
And S20, if so, regenerating a group public key according to the identification of the target group and the ID information of all group members contained in the changed target group.
S30, sending a request for regenerating the group encryption private key of the target group to a key center, wherein the request carries the group public key of the target group, so that the key center regenerates the group encryption private key of the target group according to the group public key.
And S40, receiving the group encryption private key sent by the key center, and sending the group encryption private key and the group public key to all group member clients.
Optionally, before the monitoring whether the group member of the target group changes, the method further includes the following steps a10-a20:
a10, receiving the creation application of the target group and generating the identification of the target group.
A20, acquiring the identification of the target group and the ID information of the group member contained in the target group, and generating a group public key according to the identification of the target group and the ID information of the group member contained in the target group.
In one embodiment, the method for dynamically updating the group key includes the following steps:
TK=KDF(ID 1 ||ID 2 ||…||ID i ||…||ID n ,klen)
P pub =ID||TK
Wherein, klen E [1,32 ]]For the temporary key byte length, TK is the temporary key, ID i ID representing the ith group member, i e [1, n ]]N is the total number of group members, the KDF function is a key derivation function, the ID is the identification of the group, and the character 'I' represents character string splicing.
step 3, the key center adds the group key (P) pub S) distributing to the server and all group member clients;
step 4, when the group member changes, the server generates a new group public key P 'according to the new group member ID information by adopting the method of the step 1' pub ;
Step 4, repeating the steps 2 and 3 to make the server and all group member clients acquire new group key (P' pub ,S′)。
In another embodiment of the present application, the method further includes the following steps B10-B20:
b10, receiving the encryption message sent by any group member client and the encryption key generated by the client and encrypted by using the target group public key.
B20, forwarding the encrypted message and the encrypted encryption key to other group member clients so that the other group member clients decrypt the encrypted encryption key by using the encryption private key of the target group, and decrypt the encrypted message by using the decrypted encryption key to obtain the group chat message.
In a specific embodiment of the present application, the process of sending the group chat message to the group by the group member is as follows:
1. the group member client generates a random number KEY as an encryption KEY;
2. encrypting the group chat message M by using an encryption KEY to obtain a ciphertext message KEY (M);
3. encrypting a cryptographic key P using a group public key pub (KEY);
4. Group member clients will KEY (M) and P pub (KEY) send to the server;
5. the server forwards the message to other group member clients;
6. after receiving the message, the group member client decrypts P using the group encryption private key S pub And (KEY) to obtain an encryption KEY KEY, and then decrypting the KEY (M) by using the KEY to obtain the group chat message.
Optionally, the method further comprises synchronizing the offline message, as follows steps C10-C40:
c10, encrypting the group encryption private key by using the group public key, then caching the encrypted group encryption private key in a list as an offline message at the initial moment, and marking the current message as a secret key; wherein each encrypted offline message has tag information indicating whether the current message is a group message or a key, each offline message being arranged after its key;
c20, when the group key changes, the key in the offline message list needs to be decrypted by using the historical group encryption private key, then the key is encrypted by using the latest group public key, and the caching position and the marking information are unchanged; meanwhile, the latest group public key is used for encrypting the latest group encryption private key to be used as a first message after the key update to be cached in a message list, the current message is marked as a key, and each offline message corresponding to the current message is arranged behind the current message;
c30, destroying historical group keys of the server and the group member client, namely a historical group public key and a historical group encryption private key;
c40, when the offline messages are synchronized, synchronizing is carried out according to the sequence in an offline message cache list, if the current message to be synchronized is a key, decrypting is carried out by using a group encryption private key, and the obtained key is a decryption key of an encryption key of a subsequent group message; if the current message to be synchronized is a group message, the encrypted encryption key is decrypted by the decryption key of the corresponding encryption key to obtain the encryption key, and then the group chat message is obtained by decrypting the encrypted message by the encryption key until the offline message is synchronized.
In one embodiment of the present application, the synchronization process of the offline group member message includes the following steps:
step 1), encrypting a group public key to a group encryption private key, then caching the encrypted group public key in a list as an offline message at an initial moment, and marking the current message as a secret key;
step 2), each encrypted offline message has marking information to indicate whether the current message is a group message or a secret key;
step 3), each offline message is arranged after its key;
step 4), when the group key changes, the key in the offline message list needs to be decrypted by using the historical group encryption private key, then the key is encrypted by using the latest group public key, and the caching position and the marking information are unchanged; meanwhile, the latest group public key is used for encrypting the latest group encryption private key to be used as a first message after the key update to be cached in a message list, the current message is marked as a key, and each offline message corresponding to the current message is arranged behind the current message;
step 5), destroying the history group keys of the server and the group member client, namely the history group public key and the history group encryption private key;
step 6), when the offline messages are synchronized, the synchronization is strictly carried out according to the sequence in the offline message cache list, if the current message to be synchronized is a key, the decryption is carried out by using the group encryption private key, and the obtained key is the decryption key of the encryption key of the subsequent group message; if the current message to be synchronized is a group message, decrypting P by using the decryption key of the corresponding encryption key pub (KEY) obtaining an encryption KEY KEY, and decrypting the KEY (M) by using the KEY to obtain a group chat message;
for example, referring to fig. 3, the group public key is used to encrypt the group encryption private key to obtain K0, K0 is cached in the list as an offline message at the initial time, and the current message is marked as a key; each encrypted offline message has tag information indicating whether the current message is a group message or a key; each offline message is arranged after its key; k0 is ciphertext of a decryption key of the encryption key of the subsequent group message; when the group key changes, the key in the offline message list needs to decrypt K0 by using the historical group encryption private key, then encrypts by using the latest group public key, and the caching position and the marking information are unchanged; destroying historical group keys of the server and the group member clients; simultaneously, encrypting the latest group encryption private key by using the latest group public key to obtain K1, caching the first message updated by the key in a message list, marking the current message as the key, and arranging each offline message corresponding to the current message behind the key; after the key is changed again, the historical group encryption private key is used for decrypting K0 and K1, then the latest group public key is used for encryption, and the caching position and the marking information are unchanged.
Step 7), according to the operation of the step 6), until the offline message synchronization is completed.
In the application, the group public key is generated by combining group identification and all group member ID information, and dynamically changes along with the change of the group members; after encrypting the private key by the group public key encryption group, storing the private key in a message cache list and marking the private key as a secret key; when the group key is updated, the key in the message list is decrypted by using the historical group encryption private key, the latest group public key is used for encryption, and then the historical group key is destroyed, so that the offline chat message can be correctly read when offline members are online; and even if the member who exits from the group acquires the new encrypted message, the member cannot decrypt the new encrypted message correctly because the member does not acquire the latest group key. The method solves the problems that when the group key is updated, the offline message can not be decrypted when the offline members of the group are online, and the members which exit the group can still decrypt after obtaining the group chat encrypted message. And the privacy and confidentiality of information of the group chat are improved.
FIG. 4 is a schematic diagram of a group key dynamic updating apparatus according to an exemplary embodiment of the present invention; referring to fig. 4, the apparatus is applied to a server, and the apparatus 300 includes:
a monitoring module 301, configured to monitor whether a group member of the target group changes;
a first generation module 302, configured to generate a group public key according to the identification of the target group and the ID information of all group members included in the changed target group if the target group is identified;
a sending module 303, configured to send a request for regenerating a group encryption private key of the target group to a key center, where the request carries a group public key of the target group, so that the key center generates the group encryption private key of the target group according to the group public key;
the first receiving module 304 is configured to receive the group encryption private key sent by the key center, and send the group encryption private key and the group public key to all group member clients.
Optionally, the apparatus 300 further includes:
the second receiving module is used for receiving a creation request of the target group and generating an identification of the target group;
and the second generation module is used for generating a group public key according to the identification of the target group and the ID information of the group members contained in the target group.
Optionally, the apparatus 300 further includes:
the third receiving module is used for receiving the encrypted message sent by the group member client and the encrypted key encrypted by using the target group public key;
and the forwarding module is used for forwarding the encrypted message and the encrypted encryption key to other group member clients so that the clients decrypt the encrypted encryption key by using the encryption private key of the target group and decrypt the encrypted message by using the decrypted encryption key to obtain the group chat message.
Optionally, the apparatus 300 further includes:
the caching module is used for caching the offline message serving as the initial moment in the offline message list after encrypting the group encryption private key by using the group public key, and marking the current message as a key; wherein each encrypted offline message has tag information indicating whether the current message is a group message or a key, each offline message being arranged after its key;
the encryption module is used for decrypting the key in the offline message list by using the historical group encryption private key when the group key changes, and then encrypting by using the latest group public key, wherein the cache position and the marking information are unchanged; meanwhile, the latest group public key is used for encrypting the latest group encryption private key to be used as a first message after the key update to be cached in a message list, the current message is marked as a key, and each offline message corresponding to the current message is arranged behind the current message;
the destroying module is used for destroying the historical group keys of the server and the group member client;
the synchronization module is used for synchronizing according to the sequence in the offline message cache list when the offline messages are synchronized, if the current message to be synchronized is a key, the group encryption private key is used for decrypting, and the obtained key is a decryption key of the encryption key of the subsequent group message; if the current message to be synchronized is a group message, the encrypted encryption key is decrypted by the decryption key of the corresponding encryption key to obtain the encryption key, and then the group chat message is obtained by decrypting the encrypted message by the encryption key until the offline message is synchronized.
FIG. 5 is a schematic diagram of a computer device according to an exemplary embodiment of the invention; an electronic device provided in an embodiment of the present invention, as shown in fig. 5, includes a processor 501, a communication interface 502, a memory 503, and a communication bus 504, where the processor 501, the communication interface 502, and the memory 503 complete communication with each other through the communication bus 504;
a memory 503 for storing a computer program;
a processor 501, configured to implement the steps of a group key dynamic update method described in any of the above embodiments when executing a program stored in a memory 503; the server monitors whether the group members of the target group change in real time; if yes, generating a group public key according to the identification of the target group and the ID information of all group members contained in the changed target group; the server sends a message encryption private key request for generating a target group to the key center, wherein the request carries a group public key of the target group, so that the key center generates a group encryption private key of the target group according to the group public key; and the server receives the group encryption private key sent by the key center and sends the group encryption private key and the group public key to all group member clients. In the embodiment of the invention, the group public key and the group encryption private key are dynamically generated according to the change of the group members, and an offline message caching mechanism is provided when the group key is updated, so that even if the member exiting the group acquires the group message, the member cannot decrypt the group message correctly because the latest group key is not acquired, and even if the key is updated when the offline group member is online, the offline message can be decrypted correctly, and the security and privacy of the group chat are ensured.
The communication bus mentioned by the above terminal may be a peripheral component interconnect standard (Peripheral Component Interconnect, abbreviated as PCI) bus or an extended industry standard architecture (Extended Industry Standard Architecture, abbreviated as EISA) bus, etc. The communication bus may be classified as an address bus, a data bus, a control bus, or the like. For ease of illustration, the figures are shown with only one bold line, but not with only one bus or one type of bus.
The communication interface is used for communication between the terminal and other devices.
The memory may include random access memory (RandomAccess Memory, RAM) or non-volatile memory (non-volatile memory), such as at least one disk memory. Optionally, the memory may also be at least one memory device located remotely from the aforementioned processor.
The processor may be a general-purpose processor, including a central processing unit (Central Processing Unit, CPU for short), a network processor (Network Processor, NP for short), etc.; but also digital signal processors (Digital Signal Processing, DSP for short), application specific integrated circuits (Application Specific Integrated Circuit, ASIC for short), field-programmable gate arrays (Field-Programmable Gate Array, FPGA for short) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components.
The implementation process of the functions and roles of each unit in the above device is specifically shown in the implementation process of the corresponding steps in the above method, and will not be described herein again.
For the device embodiments, reference is made to the description of the method embodiments for the relevant points, since they essentially correspond to the method embodiments. The apparatus embodiments described above are merely illustrative, wherein the elements illustrated as separate elements may or may not be physically separate, and the elements shown as elements may or may not be physical elements, may be located in one place, or may be distributed over a plurality of network elements. Some or all of the modules may be selected according to actual needs to achieve the purposes of the present invention. Those of ordinary skill in the art will understand and implement the present invention without undue burden.
Computer readable media suitable for storing computer program instructions and data include all forms of non-volatile memory, media and memory devices including, for example, semiconductor memory devices (e.g., EPROM, EEPROM, and flash memory devices), magnetic disks (e.g., internal magnetic disks or removable disks), magneto-optical disks, and CD-ROM and DVD-ROM disks. The processor and the memory can be supplemented by, or incorporated in, special purpose logic circuitry.
While this specification contains many specific implementation details, these should not be construed as limitations on the scope of any invention or of what may be claimed, but rather as descriptions of features of specific embodiments of particular inventions. Certain features that are described in this specification in the context of separate embodiments can also be implemented in combination in a single embodiment. On the other hand, the various features described in the individual embodiments may also be implemented separately in the various embodiments or in any suitable subcombination. Furthermore, although features may be acting in certain combinations and even initially claimed as such, one or more features from a claimed combination can in some cases be excised from the combination, and the claimed combination may be directed to a subcombination or variation of a subcombination.
Similarly, although operations are depicted in the drawings in a particular order, this should not be understood as requiring that such operations be performed in the particular order shown or in sequential order, or that all illustrated operations be performed, to achieve desirable results. In some cases, multitasking and parallel processing may be advantageous. Moreover, the separation of various system modules and components in the embodiments described above should not be understood as requiring such separation in all embodiments, and it should be understood that the described program components and systems can generally be integrated together in a single software product or packaged into multiple software products.
Thus, particular embodiments of the subject matter have been described. Other embodiments are within the scope of the following claims. In some cases, the actions recited in the claims can be performed in a different order and still achieve desirable results. Furthermore, the processes depicted in the accompanying drawings are not necessarily required to be in the particular order shown, or sequential order, to achieve desirable results. In some implementations, multitasking and parallel processing may be advantageous.
The foregoing description of the preferred embodiments of the invention is not intended to be limiting, but rather to enable any modification, equivalent replacement, improvement or the like to be made within the spirit and principles of the invention.
Claims (7)
1. A method for dynamically updating a population key, the method being applied to a server and comprising:
monitoring whether group members of the target group change;
if yes, reconstructing a group public key according to the identification of the target group and the ID information of all group members contained in the changed target group;
sending a request for regenerating the group encryption private key of the target group to a key center, wherein the request carries the group public key of the target group, so that the key center regenerates the group encryption private key of the target group according to the group public key;
receiving the group encryption private key sent by the key center, and sending the group encryption private key and the group public key to all group member clients;
the method further comprises the steps of:
the group public key is used for encrypting the group encryption private key and then is used as an offline message at the initial moment to be cached in a list, and the current message is marked as a secret key; wherein each encrypted offline message has tag information indicating whether the current message is a group message or a key, each offline message being arranged after its key;
when the group key changes, the key in the offline message list needs to be decrypted by using the historical group encryption private key, then the key is encrypted by using the latest group public key, and the caching position and the marking information are unchanged; meanwhile, the latest group public key is used for encrypting the latest group encryption private key to be used as a first message after the key update to be cached in a message list, the current message is marked as a key, and each offline message corresponding to the current message is arranged behind the current message;
destroying historical group keys, namely a historical group public key and a historical group encryption private key, of the server and the group member client;
when the offline messages are synchronized, synchronizing is carried out according to the sequence in an offline message cache list, if the current message to be synchronized is a key, decrypting is carried out by using a group encryption private key, and the obtained key is a decryption key of an encryption key of a subsequent group message; if the current message to be synchronized is a group message, the encrypted encryption key is decrypted by the decryption key of the corresponding encryption key to obtain the encryption key, and the group chat message can be obtained by decrypting the encrypted message by the encryption key until the offline message is synchronized.
2. The method of claim 1, wherein prior to the monitoring whether a group member of the target group has changed, the method further comprises:
receiving a creation application of the target group, and generating an identification of the target group;
and acquiring the identification of the target group and the ID information of the group member contained in the target group, and generating a group public key according to the identification of the target group and the ID information of the group member contained in the target group.
3. The method according to claim 1 or 2, characterized in that the method further comprises:
receiving an encrypted message sent by any group member client and an encrypted key generated by the client and encrypted using the target group public key;
and forwarding the encrypted message and the encrypted encryption key to other group member clients so that the other group member clients decrypt the encrypted encryption key by using the encryption private key of the target group and decrypt the encrypted message by using the decrypted encryption key to obtain a group chat message.
4. A population key dynamic updating apparatus, the apparatus being applied to a server, the apparatus comprising:
the monitoring module is used for monitoring whether the group members of the target group change or not;
the first generation module is used for generating a group public key according to the identification of the target group and the ID information of all group members contained in the changed target group if the group members of the target group are changed;
the sending module is used for sending a request for regenerating the group encryption private key of the target group to the key center, wherein the request carries the group public key of the target group, so that the key center generates the group encryption private key of the target group according to the group public key;
the first receiving module is used for receiving the group encryption private key sent by the key center and sending the group encryption private key and the group public key to all group member clients;
the device further comprises:
the caching module is used for caching the offline message serving as the initial moment in the offline message list after encrypting the group encryption private key by using the group public key, and marking the current message as a key; wherein each encrypted offline message has tag information indicating whether the current message is a group message or a key, each offline message being arranged after its key;
the encryption module is used for decrypting the key in the offline message list by using the historical group encryption private key when the group key changes, and then encrypting by using the latest group public key, wherein the cache position and the marking information are unchanged; meanwhile, the latest group public key is used for encrypting the latest group encryption private key to be used as a first message after the key update to be cached in a message list, the current message is marked as a key, and each offline message corresponding to the current message is arranged behind the current message;
the destroying module is used for destroying the history group keys of the server and the group member client, namely the history group public key and the history group encryption private key;
the synchronization module is used for synchronizing according to the sequence in the offline message cache list when the offline messages are synchronized, if the current message to be synchronized is a key, the group encryption private key is used for decrypting, and the obtained key is a decryption key of the encryption key of the subsequent group message; if the current message to be synchronized is a group message, the encrypted encryption key is decrypted by the decryption key of the corresponding encryption key to obtain the encryption key, and then the group chat message is obtained by decrypting the encrypted message by the encryption key until the offline message is synchronized.
5. The apparatus of claim 4, wherein the apparatus further comprises:
the second receiving module is used for receiving a creation request of the target group and generating an identification of the target group;
and the second generation module is used for generating a group public key according to the identification of the target group and the ID information of the group members contained in the target group.
6. The apparatus according to claim 4 or 5, characterized in that the apparatus further comprises:
the third receiving module is used for receiving the encrypted message sent by the group member client and the encrypted key encrypted by using the target group public key;
and the forwarding module is used for forwarding the encrypted message and the encrypted encryption key to other group member clients so that the clients decrypt the encrypted encryption key by using the encryption private key of the target group and decrypt the encrypted message by using the decrypted encryption key to obtain the group chat message.
7. A computer readable storage medium, on which a computer program is stored, characterized in that the program, when being executed by a processor, implements the steps of the method according to any of claims 1-3.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110934678.7A CN113645032B (en) | 2021-08-16 | 2021-08-16 | Dynamic updating method and device for group key |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110934678.7A CN113645032B (en) | 2021-08-16 | 2021-08-16 | Dynamic updating method and device for group key |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113645032A CN113645032A (en) | 2021-11-12 |
| CN113645032B true CN113645032B (en) | 2023-06-09 |
Family
ID=78421900
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110934678.7A Active CN113645032B (en) | 2021-08-16 | 2021-08-16 | Dynamic updating method and device for group key |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113645032B (en) |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR20060013029A (en) * | 2004-08-05 | 2006-02-09 | 삼성전자주식회사 | Rekeying method in secure group in case of user-join and communicating system using the same |
| CN108199844A (en) * | 2018-04-09 | 2018-06-22 | 北京无字天书科技有限公司 | Method for supporting off-line SM9 algorithm key first application downloading |
| CN108880787A (en) * | 2017-05-08 | 2018-11-23 | 腾讯科技(深圳)有限公司 | A kind of processing method and relevant device of information key |
| CN109981663A (en) * | 2019-03-31 | 2019-07-05 | 杭州复杂美科技有限公司 | A kind of privacy group chat method, equipment and storage medium |
| JP2019125956A (en) * | 2018-01-18 | 2019-07-25 | 日本電信電話株式会社 | Key exchange method, key exchange system, key exchange server device, communication device, and program |
| CN110784318A (en) * | 2019-10-31 | 2020-02-11 | 广州华多网络科技有限公司 | Group key updating method, device, electronic equipment, storage medium and communication system |
| CN112804133A (en) * | 2020-12-25 | 2021-05-14 | 江苏通付盾区块链科技有限公司 | Encrypted group chat method and system based on block chain technology |
| CN112906038A (en) * | 2021-03-26 | 2021-06-04 | 成都卫士通信息产业股份有限公司 | SM9 key-based thresholding method, device, equipment and storage medium |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8837738B2 (en) * | 2011-04-08 | 2014-09-16 | Arizona Board Of Regents On Behalf Of Arizona State University | Methods, systems, and apparatuses for optimal group key management for secure multicast communication |
| DE112017008311T5 (en) * | 2017-12-29 | 2020-09-17 | Intel Corporation | TECHNOLOGIES FOR INTERNET OF THINGS KEY MANAGEMENT |
| US11177947B2 (en) * | 2019-12-03 | 2021-11-16 | Microsoft Technology Licensing, Llc | Management of encryption key updates based on activity of a user group |
-
2021
- 2021-08-16 CN CN202110934678.7A patent/CN113645032B/en active Active
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR20060013029A (en) * | 2004-08-05 | 2006-02-09 | 삼성전자주식회사 | Rekeying method in secure group in case of user-join and communicating system using the same |
| CN108880787A (en) * | 2017-05-08 | 2018-11-23 | 腾讯科技(深圳)有限公司 | A kind of processing method and relevant device of information key |
| JP2019125956A (en) * | 2018-01-18 | 2019-07-25 | 日本電信電話株式会社 | Key exchange method, key exchange system, key exchange server device, communication device, and program |
| CN108199844A (en) * | 2018-04-09 | 2018-06-22 | 北京无字天书科技有限公司 | Method for supporting off-line SM9 algorithm key first application downloading |
| CN109981663A (en) * | 2019-03-31 | 2019-07-05 | 杭州复杂美科技有限公司 | A kind of privacy group chat method, equipment and storage medium |
| CN110784318A (en) * | 2019-10-31 | 2020-02-11 | 广州华多网络科技有限公司 | Group key updating method, device, electronic equipment, storage medium and communication system |
| CN112804133A (en) * | 2020-12-25 | 2021-05-14 | 江苏通付盾区块链科技有限公司 | Encrypted group chat method and system based on block chain technology |
| CN112906038A (en) * | 2021-03-26 | 2021-06-04 | 成都卫士通信息产业股份有限公司 | SM9 key-based thresholding method, device, equipment and storage medium |
Non-Patent Citations (1)
| Title |
|---|
| 无线传感器网络中自治愈的群组密钥管理方案;彭清泉;裴庆祺;马建峰;庞辽军;;电子学报(第01期);全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113645032A (en) | 2021-11-12 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9485096B2 (en) | Encryption / decryption of data with non-persistent, non-shared passkey | |
| US20170180117A1 (en) | One-time pad communications network | |
| CN108985099B (en) | Proxy cloud storage security control method and system based on public key pool | |
| EP3598714A1 (en) | Method, device, and system for encrypting secret key | |
| US20160285635A1 (en) | Secure communication of data between devices | |
| JP2009532970A5 (en) | ||
| EP3086585B1 (en) | Method and system for securing data communicated in a network | |
| US11075753B2 (en) | System and method for cryptographic key fragments management | |
| EP3149642B1 (en) | Systems and methods for controlling media distribution | |
| CN113300999B (en) | Information processing method, electronic device, and readable storage medium | |
| EP3282670A1 (en) | Maintaining data security in a network device | |
| CN105868987B (en) | A kind of method and system of shared information between devices | |
| JP2016139894A (en) | Re-encryption method, re-encryption system, and re-encryption device | |
| CN114338005A (en) | Data transmission encryption method and device, electronic equipment and storage medium | |
| CN109120576B (en) | Data sharing method and device, computer equipment and storage medium | |
| JP2024025805A (en) | Storage system download terminal, key terminal, and storage server processing encrypted file while keeping private key hidden in key terminal | |
| CN113645032B (en) | Dynamic updating method and device for group key | |
| JP5512559B2 (en) | ENCRYPTION DEVICE, DECRYPTION DEVICE, ENCRYPTION SYSTEM, ENCRYPTION METHOD, PROGRAM | |
| CN114050897B (en) | SM 9-based asynchronous key negotiation method and device | |
| CN109525747B (en) | Picture uploading method, encryption and decryption method, device and system and electronic equipment | |
| JP2019121999A (en) | Data sharing method, data sharing system, communication terminal, data sharing server, and program | |
| CN111368309B (en) | Information processing method, system and equipment | |
| JP2018032908A (en) | Information transmission method, information processing method, program, decoding method, and program | |
| CN112350920A (en) | Instant communication system based on block chain | |
| CN112491922B (en) | Centralized gateway data protection method, gateway equipment, data server and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |