CN114173328A - Key exchange method and device and electronic equipment - Google Patents

Key exchange method and device and electronic equipment Download PDF

Info

Publication number
CN114173328A
CN114173328A CN202111487530.XA CN202111487530A CN114173328A CN 114173328 A CN114173328 A CN 114173328A CN 202111487530 A CN202111487530 A CN 202111487530A CN 114173328 A CN114173328 A CN 114173328A
Authority
CN
China
Prior art keywords
key
target
terminal
target terminal
short message
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202111487530.XA
Other languages
Chinese (zh)
Inventor
徐锐
王健
槐正
孙鹏
马单
付迎鑫
徐东明
吴保青
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Telecom Corp Ltd
Original Assignee
China Telecom Corp Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Telecom Corp Ltd filed Critical China Telecom Corp Ltd
Priority to CN202111487530.XA priority Critical patent/CN114173328A/en
Publication of CN114173328A publication Critical patent/CN114173328A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/047Key management, e.g. using generic bootstrapping architecture [GBA] without using a trusted network node as an anchor
    • H04W12/0471Key exchange
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/03Protecting confidentiality, e.g. by encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/041Key generation or derivation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/12Messaging; Mailboxes; Announcements
    • H04W4/14Short messaging services, e.g. short message services [SMS] or unstructured supplementary service data [USSD]

Abstract

The application provides a key exchange method, a device and an electronic device, wherein the method comprises the following steps: sending an initial session request to a communication server, so that the communication server sends the initial session request to a target terminal and receives basic information returned by the target terminal aiming at the initial session request; sending a short message request to a target terminal based on the short message address so that the target terminal generates a first secret key according to the short message request and the identification of the target terminal; receiving a notification message returned by the target terminal aiming at the short message request, and generating a second key which is the same as the first key according to the basic information and the short message request; and carrying out public key exchange between the initiating terminal and the target terminal according to the second secret key and the first secret key. According to the technical scheme of the embodiment of the application, the information transmission in the key exchange process is completed through the communication server and the short message communication, the safety risk caused by the fact that a single centralized service is broken can be effectively avoided, the security of the key exchange is higher, and therefore end-to-end safety communication can be effectively guaranteed.

Description

Key exchange method and device and electronic equipment
Technical Field
The present application relates to the field of mobile communication technologies, and in particular, to a method, an apparatus, and an electronic device for exchanging a key.
Background
The end-to-end is the basis of network communication, and in some communication scenarios, the security of the end-to-end communication needs to be strictly guaranteed, for example, in a ubiquitous communication scenario (enterprise office, personal privacy protection, core secret protection, and the like) with extremely high requirements for information security and privacy, in a public place network (public WIFI and the like) credibility doubt scenario, and in a single center (telecom operator or service provider) security and credibility doubt scenario. If the end-to-end communication security cannot be guaranteed, leakage of data such as user privacy and enterprise data in communication is caused, and huge loss is easily brought to a communication end side.
The end-to-end communication security can depend on encryption, and the traditional end-to-end encryption scheme is based on a completely trusted Certificate Authority (CA) or requires that the end side has to unconditionally trust the service provider in a key exchange stage, namely, the key exchange stage is centralized, so that the problems of credibility of the CA and the service provider, man-in-the-middle attack, network and service side security and the like cannot be thoroughly avoided by the existing end-to-end encryption scheme, and the information security is difficult to guarantee.
Disclosure of Invention
In order to solve the above technical problem, embodiments of the present application provide a key exchange method and apparatus, and an electronic device, which implement end-to-end key exchange through communication between a communication server and a short message, and improve security of the key exchange.
Other features and advantages of the present application will be apparent from the following detailed description, or may be learned by practice of the application.
According to an aspect of an embodiment of the present application, there is provided a key exchange method applied to an initiating terminal, the method including: sending an initial session request to a communication server, so that the communication server sends the initial session request to a target terminal and receives basic information returned by the target terminal aiming at the initial session request, wherein the basic information comprises a short message address and an identifier of the target terminal; sending a short message request to the target terminal based on the short message address so that the target terminal generates a first secret key according to the short message request and the identification of the target terminal; receiving a notification message returned by the target terminal aiming at the short message request, and generating a second key which is the same as the first key according to the basic information and the short message request; and performing public key exchange between the initiating terminal and the target terminal according to the second secret key and the first secret key.
In an embodiment, the short message request includes a session identifier and a random number, and the first key is generated by the target terminal according to the session identifier, the random number, and an identifier of the target terminal.
In an embodiment, the performing public key exchange between the initiating terminal and the target terminal according to the second key and the first key includes:
encrypting a second preset public key through a target encryption algorithm and the second key to obtain a second ciphertext, and sending the second ciphertext to the target terminal, so that the target terminal decrypts the second ciphertext through the target encryption algorithm and the first key to obtain the second preset public key;
and acquiring a first ciphertext sent by the target terminal, and decrypting the first ciphertext through the target encryption algorithm and the second key to obtain a first preset public key of the target terminal, wherein the first ciphertext is obtained by encrypting the first preset public key through the target encryption algorithm and the first key.
In an embodiment, before the encrypting a second preset public key by using a target encryption algorithm and the second key to obtain a second ciphertext and sending the second ciphertext to the target terminal, so that the target terminal decrypts the second ciphertext by using the target encryption algorithm and the first key to obtain the second preset public key, the method further includes:
acquiring an encryption algorithm set supported by the target terminal from the basic information;
and selecting the target encryption algorithm from the encryption algorithm set, and sending the target encryption algorithm to the target terminal through the short message request.
In an embodiment, the performing public key exchange between the initiating terminal and the target terminal according to the second key and the first key includes:
generating a second asymmetric key pair, the second asymmetric key pair comprising a second target public key;
encrypting a second target public key through a target encryption algorithm and the second key to obtain a second target ciphertext, and sending the second target ciphertext to the target terminal, so that the target terminal decrypts the second target ciphertext through the target encryption algorithm and the first key to obtain a second target public key;
and acquiring a first target ciphertext sent by the target terminal, and decrypting the first target ciphertext through the target encryption algorithm and the second key to obtain a first target public key of the target terminal, wherein the first target ciphertext is obtained by encrypting the first target public key by the target terminal through the target encryption algorithm and the first key, and the first target public key is a public key in a first asymmetric key pair generated by the target terminal.
In an embodiment, after the public key exchange between the initiating terminal and the target terminal is performed according to the second key and the first key, the method further includes:
encrypting first data to be transmitted through a first target public key, and sending the encrypted data to be transmitted to the target terminal so that the target terminal decrypts the encrypted first data to be transmitted through a first target private key to obtain the first data to be transmitted, wherein the first target public key is one of a first asymmetric key pair generated by the target terminal in advance, and the first target private key is one of a first asymmetric key pair; or the like, or, alternatively,
and receiving the encrypted second data to be transmitted sent by the target terminal, decrypting the encrypted second data to be transmitted through a second target private key to obtain second data to be transmitted, wherein the encrypted second data to be transmitted is obtained by encrypting the data to be transmitted through a second target public key by the target terminal, the second target private key is one private key of a pre-generated second asymmetric key pair, and the second target public key is one public key of the pre-generated second asymmetric key pair.
According to an aspect of an embodiment of the present application, there is provided a key exchange method applied to a target terminal, the method including: sending basic information to an initiating terminal in response to an initial session request, wherein the initial session request is sent to a communication server by the initiating terminal and forwarded based on the communication server, and the basic information comprises a short message address and an identifier; receiving a short message request sent by the initiating terminal based on the short message address, and generating a first secret key according to the short message request and the identification; after the first key is generated, responding to the short message request to send a notice to the initiating terminal so that the initiating terminal generates a second key which is the same as the first key according to basic information and the short message request; and performing public key exchange between the target terminal and the initiating terminal according to the second secret key and the first secret key.
According to an aspect of the embodiments of the present application, there is provided a key exchange apparatus, applied to an initiating terminal, the apparatus including: a first initial module, configured to send an initial session request to a communication server, so that the communication server sends the initial session request to a target terminal, and receives basic information returned by the target terminal for the initial session request, where the basic information includes a short message address and an identifier of the target terminal; the first key generation module is configured to send a short message request to the target terminal based on the short message address so that the target terminal generates a first key according to the short message request and the identifier of the target terminal; a second key generation module configured to receive a notification message returned by the target terminal for the short message request, and generate a second key identical to the first key according to the basic information and the short message request; and the first exchange module is configured to exchange a public key between the initiating terminal and the target terminal according to the second key and the first key.
According to an aspect of the embodiments of the present application, there is provided a key exchange apparatus applied to a target terminal, the apparatus including: the second initial module is configured to respond to an initial session request and send basic information to the initiating terminal, the initial session request is sent to the communication server by the initiating terminal and forwarded based on the communication server, and the basic information comprises a short message address and an identifier; the first key acquisition module is configured to receive a short message request sent by the initiating terminal based on the short message address and generate a first key according to the short message request and the identifier; the second key acquisition module is configured to respond to the short message request and send a notification to the initiating terminal after the first key is generated, so that the initiating terminal generates a second key which is the same as the first key according to basic information and the short message request; and the second exchange module is configured to exchange a public key between the target terminal and the initiating terminal according to the second key and the first key.
According to an aspect of an embodiment of the present application, there is provided an electronic device including one or more processors; storage means for storing one or more computer programs that, when executed by the one or more processors, cause the electronic device to implement the key exchange method as described above.
According to an aspect of embodiments of the present application, there is provided a computer-readable storage medium having stored thereon computer-readable instructions which, when executed by a processor of a computer, cause the computer to execute a key exchange method as described above.
According to an aspect of embodiments herein, there is provided a computer program product or computer program comprising computer instructions stored in a computer readable storage medium. The processor of the computer device reads the computer instructions from the computer-readable storage medium, and the processor executes the computer instructions to cause the computer device to perform the key exchange method provided in the various alternative embodiments described above.
In the technical scheme provided by the embodiment of the application, the information transmission in the key exchange process is completed through the communication server and the short message communication, so that the safety risk caused by the single centralized service being broken can be effectively avoided, the security of the key exchange is higher, and the end-to-end safety communication can be effectively ensured.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the application.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the present application and together with the description, serve to explain the principles of the application. It is obvious that the drawings in the following description are only some embodiments of the application, and that for a person skilled in the art, other drawings can be derived from them without inventive effort. In the drawings:
FIG. 1 is a schematic illustration of an implementation environment to which the present application relates;
FIG. 2 is a flow chart illustrating a method of key exchange in accordance with an exemplary embodiment of the present application;
FIG. 3 is a flow chart of step S270 in the embodiment shown in FIG. 2 in an exemplary embodiment;
FIG. 4 is a flow chart of a key exchange method shown in another exemplary embodiment of the present application;
FIG. 5 is a flow chart of step S270 in the embodiment shown in FIG. 2 in another exemplary embodiment;
FIG. 6 is a flow chart of a key exchange method shown in another exemplary embodiment of the present application;
FIG. 7 is a flow chart of a key exchange method shown in another exemplary embodiment of the present application;
fig. 8 is a schematic structural diagram of a key exchange device shown in an exemplary embodiment of the present application;
fig. 9 is a schematic structural diagram of a key exchange device shown in another exemplary embodiment of the present application;
FIG. 10 illustrates a schematic structural diagram of a computer system suitable for use in implementing the electronic device of an embodiment of the present application.
Detailed Description
Reference will now be made in detail to the exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, like numbers in different drawings represent the same or similar elements unless otherwise indicated. The embodiments described in the following exemplary embodiments do not represent all embodiments consistent with the present application. Rather, they are merely examples of apparatus and methods consistent with certain aspects of the present application, as detailed in the appended claims.
The block diagrams shown in the figures are functional entities only and do not necessarily correspond to physically separate entities. I.e. these functional entities may be implemented in the form of software, or in one or more hardware modules or integrated circuits, or in different networks and/or processor means and/or microcontroller means.
The flow charts shown in the drawings are merely illustrative and do not necessarily include all of the contents and operations/steps, nor do they necessarily have to be performed in the order described. For example, some operations/steps may be decomposed, and some operations/steps may be combined or partially combined, so that the actual execution sequence may be changed according to the actual situation.
It should also be noted that: reference to "a plurality" in this application means two or more. "and/or" describe the association relationship of the associated objects, meaning that there may be three relationships, e.g., A and/or B may mean: a exists alone, A and B exist simultaneously, and B exists alone. The character "/" generally indicates that the former and latter associated objects are in an "or" relationship.
The embodiment of the application can acquire and process related data based on an artificial intelligence technology. Among them, Artificial Intelligence (AI) is a theory, method, technique and application system that simulates, extends and expands human Intelligence using a digital computer or a machine controlled by a digital computer, senses the environment, acquires knowledge and uses the knowledge to obtain the best result.
The artificial intelligence infrastructure generally includes technologies such as sensors, dedicated artificial intelligence chips, cloud computing, distributed storage, big data processing technologies, operation/interaction systems, mechatronics, and the like. The artificial intelligence software technology mainly comprises a computer vision technology, a robot technology, a biological recognition technology, a voice processing technology, a natural language processing technology, machine learning/deep learning and the like.
The key exchange method and apparatus, the electronic device, and the storage medium according to the embodiments of the present application relate to artificial intelligence technology and machine learning technology, and the embodiments will be described in detail below.
Referring first to fig. 1, fig. 1 is a schematic diagram of an implementation environment related to the present application. The implementation environment comprises an initiating terminal 101, a target terminal 103, a communication server 200 and a base station 300, wherein the initiating terminal 101 and the target terminal 103 can both communicate with the communication server 200 through a wired or wireless network, and the initiating terminal 101 and the target terminal 103 can also both communicate with the base station 300 through a wired or wireless network.
In this embodiment, the initiating terminal 101 and the target terminal 103 transmit messages through the communication server 200 or the base station 300, the initiating terminal 101 and the target terminal 103 exchange basic information of both parties through the communication server 200, then the initiating terminal 101 and the target terminal 103 complete key negotiation through the base station 300, finally the initiating terminal 101 and the target terminal 103 complete key exchange through the communication server 200 again, and after the initiating terminal 101 and the target terminal 103 complete key exchange, information transmission between the initiating terminal 101 and the target terminal 103 can be performed through the exchanged keys.
Illustratively, the initiating terminal 101 sends an initial session request to the target terminal 103 through the communication server 200, and the target terminal 103 receives the initial session request and then passes through the communication server 200 to obtain basic information, where the basic information includes a short message address and an identifier of the target terminal 103; then, the initiating terminal 101 sends a short message request to the target terminal 103 through the base station 300 according to the short message address, the target terminal 103 generates a first secret key according to the short message request and the identifier of the target terminal 103, and sends a notification message to the initiating terminal 101 through the base station 300 after generating the first secret key, the initiating terminal 101 generates a second secret key which is the same as the first secret key according to the basic information and the short message request, and then the initiating terminal 101 and the target terminal 103 complete public key exchange between the two through the communication server 200 according to the second secret key and the first secret key.
The initiating terminal 101 and the target terminal 103 may be any electronic device capable of implementing data visualization, such as a smart phone, a tablet, a notebook, a computer, and the like, and the present disclosure is not limited thereto. The server 200 may be an independent physical server, or a server cluster or a distributed system formed by a plurality of physical servers, where the plurality of servers may form a block chain, and the server is a node on the block chain, and the communication server 200 may also be a cloud server providing basic cloud computing services such as cloud service, cloud database, cloud computing, cloud function, cloud storage, Network service, cloud communication, middleware service, domain name service, security service, CDN (Content Delivery Network ), big data, and artificial intelligence platform, which is not limited herein; the base station 300 may be a base station of any operator, and is used for transmitting short message messages.
Fig. 2 is a flow chart illustrating a method of key exchange according to an example embodiment. As shown in fig. 2, in an exemplary embodiment, the method is applied to the initiating terminal, and the method may include steps S210 to S270, which are described in detail as follows:
step S210: and sending an initial session request to a communication server, so that the communication server sends the initial session request to the target terminal and receives basic information returned by the target terminal aiming at the initial session request.
In this embodiment, before the initiating terminal and the target terminal perform information transmission, in order to ensure the security of the information transmission, key exchange is performed first, specifically, the initiating terminal initiates an initial Session request to the communication server first, and forwards the initial Session request to the target terminal through the communication server, where the initial Session request includes a Session identifier (i.e., Session-ID, a globally unique identifier of the initiating terminal in the key exchange process), identity information of the target terminal, identity information of the initiating terminal, and an identifier of the initiating terminal.
The identity information of the target terminal and the identity information of the initiating terminal are used for the communication server to identify the identity information of the target terminal and the initiating terminal, so that messages can be conveniently transmitted between the target terminal and the initiating terminal, and the session identifier can be used for inquiring session content, messages and the like of the initiating terminal through the session identifier in the whole key exchange process.
After receiving the initial session request, the target terminal stores the content of the initial session request and returns basic information of the target terminal to the communication server, and the communication server forwards the basic information to the initiating terminal; the basic information includes the identification of the target terminal, the short message address of the target terminal (the short message address is used for receiving short messages subsequently, and can be a mobile phone number, bluetooth information, etc.), the encryption algorithm set supported by the target terminal, and the subsequent initiating terminal and the target terminal negotiate an encryption algorithm in the encryption algorithm set for the exchange process of the secret key.
Step S230: and sending a short message request to the target terminal based on the short message address so that the target terminal generates a first secret key according to the short message request and the identification of the target terminal.
In this embodiment, after receiving the basic information of the target terminal, the originating terminal sends a short message request to the target terminal through the base station according to the short message address in the basic information, where the base station may be a base station of any operator, the short message request includes a session identifier, a random number and a target encryption algorithm selected by the originating terminal in an encryption algorithm set, and the random number is a large random prime number.
After receiving the short message request, the target terminal queries the identifier of the originating terminal and its own identifier in the stored information according to the session identifier (the target terminal stores the content of the initial session request in step S210), and then generates the identifier of the originating terminal, the identifier of the target terminal, and the random number according to a predetermined key rule to obtain a first key, where the key rule may be obtained by a quotient between the originating terminal and the target terminal in the transmission process of the initial session request and the basic information, or by presetting a same key rule for the originating terminal and the target terminal, and in an embodiment, the key rule for generating the first key is: key1 is SHA256(a-IP + B-IP + Nonce), Key1 is the first Key, SHA256 is a hash algorithm with a hash value length of 256 bits, a-IP is the identifier of the originating terminal, B-IP is the identifier of the target terminal, Nonce is the random number in the short message request; of course, in other embodiments, other rules may be used to obtain the first key, such as different hash algorithms, different combinations of each terminal and the random number, and the like, which is not limited herein.
In this embodiment, the short message request may be composed of an effective character set, that is, a half-angle number, an english capital and lower case letter, and a vertical line separator "|", where "IKE" is a fixed part of a key exchange protocol, "Session-ID ]", "Nonce ]" is a random number, and "Selected Algorithm ]" is a target encryption Algorithm, and in an embodiment, the sending of the short message request from the initiating terminal to the target terminal is: "IKE |14A6D4E4450B5823B55D214975D47CA3|634635948813411| AES 256", it is known that "14 A6D4E4450B5823B55D214975D47CA 3" is the session identification, "634635948813411" is the random number, and "AES 256" is the target encryption algorithm.
Step S250: and receiving a notification message returned by the target terminal aiming at the short message request, and generating a second key which is the same as the first key according to the basic information and the short message request.
In this step, the target terminal returns a notification message to the base station after generating the first key, the base station sends the notification message to the initiating terminal to notify that the session between the initiating terminal and the target terminal is successfully established, at this time, the initiating terminal generates the second key according to the same key rule, for example, in an embodiment, the second key is generated according to the SHA256(a-IP + B-IP + Nonce) key rule provided in step S230, specifically, the initiating terminal can obtain the identifier of the target terminal from the basic information in step S210, obtain the identifier of the initiating terminal in the initial session request or session identifier, obtain the random number in the short message request, and then generate the second key identical to the first key according to the identifier of the initiating terminal, the identifier of the target terminal, and the random number data key rule.
In this embodiment, by generating the second key that is the same as the first key in the target terminal, it is convenient for subsequent encryption and decryption of the intermediate public key exchange between the initiator terminal and the target terminal.
Step S270: and carrying out public key exchange between the initiating terminal and the target terminal according to the second secret key and the first secret key.
In this embodiment, after the initiating terminal and the target terminal generate the first key and the second key respectively, public key exchange between the initiating terminal and the target terminal can be completed through the first key and the second key.
For example, in an embodiment, the initiating terminal encrypts the public key of the initiating terminal through the encryption algorithm selected in the short message request and the second key to obtain a second ciphertext, and then sends the second ciphertext to the target terminal through the communication server, so that the target terminal can decrypt the second ciphertext through the encryption algorithm selected in the short message request and the first key to obtain the public key of the initiating terminal.
Similarly, the target terminal encrypts the public key of the target terminal through the target encryption algorithm selected in the short message request and the second key to obtain a first ciphertext, and then sends the first ciphertext to the initiating terminal through the communication server, so that the initiating terminal can decrypt the first ciphertext through the target encryption algorithm selected in the short message request and the second key to obtain the public key of the target terminal.
In this embodiment, the communication server and the base station are used as two centralized services in the key exchange process, and only a part of the original basis information of key agreement between the initiating terminal and the target terminal can be obtained, so that CA intervention is not required, the security risk caused by the attack of a single centralized service can be effectively avoided, as long as two centers are not controlled by the same attacker at the same time, even under the premise that the centers on any side are not trusted (namely, the attack grasps the end-to-end key exchange information of one center), the end-to-end secure communication can be ensured, and the security of key exchange is higher.
Fig. 3 is a flowchart of step S270 in an exemplary embodiment in the embodiment shown in fig. 2. As shown in fig. 3, in an exemplary embodiment, the process of exchanging a public key between the initiating terminal and the target terminal according to the second key and the first key may include steps S310 to S330, which are described in detail as follows:
step S310: and encrypting the second preset public key through the target encryption algorithm and the second key to obtain a second ciphertext, and sending the second ciphertext to the target terminal, so that the target terminal decrypts the second ciphertext through the target encryption algorithm and the first key to obtain the second preset public key.
The target encryption algorithm in this embodiment is an encryption algorithm in a short message request sent by an initiating terminal, that is, an encryption algorithm selected from an encryption algorithm set, and the encryption algorithm may be a symmetric encryption algorithm or other encryption algorithms, and is not particularly limited herein.
The second preset public key in this embodiment is a public key that exists in the initiating terminal itself, after the second preset public key is encrypted into a second ciphertext through the target encryption algorithm and the second key, the initiating terminal sends the second ciphertext to the communication server, the communication server forwards the second ciphertext to the target terminal, and the target terminal decrypts the second ciphertext through the target encryption algorithm and the first key in the short message request to obtain the second preset public key of the initiating terminal.
Step S330: and acquiring a first ciphertext sent by the target terminal, and decrypting the first ciphertext through a target encryption algorithm and a second key to obtain a first preset public key of the target terminal.
In this embodiment, after obtaining the second preset public key, the target terminal also encrypts the first preset public key through the target encryption algorithm and the first secret key to obtain a first ciphertext, and forwards the first ciphertext to the initiating terminal through the communication server, where the first preset public key is a public key existing in the target terminal itself.
After the initiating terminal obtains the first ciphertext, the initiating terminal decrypts the first ciphertext through the target encryption algorithm and the second key, so that a first preset public key of the target terminal is obtained.
If the initiating terminal encrypts the message to be transmitted through the first preset public key and then sends the encrypted message to the target terminal, the target terminal can decrypt the encrypted message through the private key of the target terminal to obtain the message to be transmitted, or the target terminal encrypts the message to be transmitted through the second preset public key and then sends the encrypted message to the initiating terminal, and the initiating terminal can decrypt the encrypted message through the private key of the target terminal to obtain the message to be transmitted.
The public key exchange mode between the initiating terminal and the target terminal is provided in the embodiment, so that the public key exchange between the initiating terminal and the target terminal can be safely completed, and the subsequent end-to-end communication between the initiating terminal and the target terminal is effectively ensured.
Fig. 4 is a flow chart illustrating a method of key exchange according to another exemplary embodiment. As shown in fig. 4, in an exemplary embodiment, the method may be implemented before step S310 of fig. 3, and the method may include steps S410 to S430, which are described in detail as follows:
step S410: and acquiring the encryption algorithm set supported by the target terminal from the basic information.
In this embodiment, before public key exchange is performed, the initiating terminal and the target terminal need to negotiate an encryption algorithm, and then exchange is performed by encrypting respective public keys through the encryption algorithm.
The encryption algorithm set supported by the target terminal can be obtained from basic information returned by the communication server by the target terminal responding to the initial session request, and then an encryption algorithm is selected from the encryption algorithm set to be used as an encryption algorithm used by the initiating terminal and the target terminal together in the later period.
Step S430: and selecting a target encryption algorithm from the encryption algorithm set, and sending the target encryption algorithm to the target terminal through a short message request.
In this embodiment, the initiating terminal selects a target encryption algorithm from the encryption algorithm set, and the subsequent initiating terminal can encrypt the public key of the initiating terminal through the target encryption algorithm, where the target encryption algorithm may be a symmetric encryption algorithm or other encryption algorithms, such as an asymmetric encryption algorithm, and the like, and no specific limitation is made herein; meanwhile, in order that the target terminal can decrypt the ciphertext obtained by encrypting the public key of the initiating terminal by the initiating terminal through the target encryption algorithm, the target terminal also needs to use the target encryption algorithm, so that the initiating terminal can request to send the selected target encryption algorithm to the target terminal through the base station through a short message, and the target terminal is informed to use the target encryption algorithm when the ciphertext encrypted by the public key of the initiating terminal is decrypted or the own public key is encrypted.
In this embodiment, a target encryption algorithm is negotiated between the initiating terminal and the target terminal in a communication server and short message communication manner, and the respective public keys can be encrypted by the target encryption algorithm so that the subsequent initiating terminal and the target terminal complete the exchange of the respective public keys, and meanwhile, the communication server and the short message communication dual center are used for negotiating the encryption algorithm, so that the communication security can be improved.
Fig. 5 is a flowchart of step S270 in an exemplary embodiment in the embodiment shown in fig. 2. As shown in fig. 5, in an exemplary embodiment, the process of exchanging a public key between the initiating terminal and the target terminal according to the second key and the first key may include steps S510 to S550, which are described in detail as follows:
step S510: a second asymmetric key pair is generated.
In this embodiment, in order to improve the security of public key exchange and the security of subsequent data transmission, the initiating terminal may be configured to generate a second asymmetric key pair, where the second asymmetric key pair is a disposable asymmetric key pair used by the initiating terminal, that is, the second asymmetric key pair is only used in a key exchange process to implement public key exchange between the initiating terminal and the target terminal and a data transmission process to complete data transmission between the initiating terminal and the target terminal through the exchanged public key; a new second asymmetric key pair is regenerated before another round of key exchange and data transmission.
The second asymmetric key pair includes a second target public key and a second target private key.
Step S530: and encrypting the second target public key through the target encryption algorithm and the second key to obtain a second target ciphertext, and sending the second target ciphertext to the target terminal, so that the target terminal decrypts the second target ciphertext through the target encryption algorithm and the first key to obtain the second target public key.
The target encryption algorithm in this embodiment is still a target encryption algorithm negotiated between the initiating terminal and the target terminal, for example, the target encryption algorithm obtained by referring to the method in fig. 4.
Step S550: and acquiring a first target ciphertext sent by the target terminal, and decrypting the first target ciphertext through a target encryption algorithm and a second key to obtain a first target public key of the target terminal.
In this embodiment, the target terminal also generates a first asymmetric key pair, where the first asymmetric key pair includes a first target public key and a first target private key, and the first asymmetric key pair is also used in only one key exchange process to implement public key exchange between the initiating terminal and the target terminal and one data transmission process to complete data transmission between the initiating terminal and the target terminal through the exchanged public key.
After the target terminal generates the first asymmetric key pair, the target terminal encrypts the first target public key into a first target ciphertext through a target encryption algorithm, then the first target ciphertext is sent to the initiating terminal through the communication server, and the initiating terminal decrypts the first target ciphertext through the target encryption algorithm and the second key to obtain the first target public key of the target terminal.
After the initiating terminal and the target terminal respectively obtain the target public key of the other party, data transmission can be carried out through the target public key and the target private key of the other party, if the initiating terminal transmits the encrypted data to the target terminal through the first target public key, the target terminal can decrypt the encrypted data through the first target private key, and if the target terminal transmits the encrypted data to the initiating terminal through the second target public key, the initiating terminal can decrypt the encrypted data through the second target private key.
In the embodiment, the initiating terminal and the target terminal respectively generate the one-time asymmetric key pair, the one-time public key exchange and the data transmission are completed through the one-time asymmetric key pair, and the one-time asymmetric key pair for each time of public key exchange and data transmission is different, so that the safety of public key exchange and the safety of data transmission are greatly improved.
Fig. 6 is a flowchart illustrating a key exchange method according to another exemplary embodiment. The embodiment shown in fig. 6 may be implemented after step S270 in fig. 2, and as shown in fig. 6, in an exemplary embodiment, the method may include step S610 and step S630, which are described in detail as follows:
step S610: and encrypting the first to-be-transmitted data through the first target public key, and sending the encrypted first to-be-transmitted data to the target terminal, so that the target terminal decrypts the encrypted first to-be-transmitted data through the first target private key to obtain the to-be-transmitted data.
The first target public key in this embodiment is a public key in a first asymmetric key pair generated in advance by the target terminal, and the first target private key is a private key in the first asymmetric key pair, that is, all steps in this embodiment may be implemented after the manner of completing public key exchange by the originating terminal and the target terminal respectively generating a disposable asymmetric key pair as shown in fig. 5.
In this embodiment, the initiating terminal obtains a first target public key of the target terminal, and the target terminal obtains a second target public key of the initiating terminal, if the initiating terminal transmits data to the target terminal, the initiating terminal may encrypt the first data to be transmitted through the first target public key, and then send the encrypted first data to be transmitted to the target terminal, and the target terminal may decrypt the encrypted first data to be transmitted through the first target private key to obtain the first data to be transmitted that the initiating terminal really wants to transmit to the target terminal.
Step S630: and receiving the encrypted second data to be transmitted sent by the target terminal, and decrypting the encrypted second data to be transmitted through a second target private key to obtain the second data to be transmitted.
In this embodiment, the second target private key is one private key of a second asymmetric key pair generated in advance, and the second target public key is one public key of the second asymmetric key pair generated in advance.
In this embodiment, when the target terminal transmits data to the initiator terminal, the target terminal may encrypt the second to-be-transmitted data through the second target public key, and then send the encrypted second to-be-transmitted data to the initiator terminal, and the initiator terminal may decrypt the encrypted first to-be-transmitted data through the second target private key to obtain the second to-be-transmitted data that the target terminal really wants to transmit to the initiator terminal.
Step S610 and step S630 in this embodiment may be implemented simultaneously or separately, and the implementation order of step S610 and step S630 is not particularly limited, for example, step S610 may be implemented before step S630, or step S630 may be implemented before step S.
The present embodiment provides a method for performing data transmission by generating a disposable asymmetric key pair by an initiator terminal and a target terminal, where the disposable asymmetric key pair is used, and the disposable asymmetric key pair is different when performing data transmission each time, so that security of end-to-end communication between the initiator terminal and the target terminal can be greatly improved.
Fig. 7 is a flowchart illustrating a key exchange method according to another exemplary embodiment. As shown in fig. 7, in an exemplary embodiment, the method is applied to a target terminal, and the method may specifically include step S710 and step S770, which are described in detail as follows:
step S710: and sending the basic information to the initiating terminal in response to the initial session request.
In this embodiment, after receiving an initial session request sent by an initiating terminal and forwarded to a target terminal through a communication server, a target terminal sends basic information to the initiating terminal, and the basic information is forwarded to the initiating terminal through the communication server.
In this embodiment, the initial session request includes a session identifier generated by the initiating terminal, identity information of the target terminal, identity information of the initiating terminal, and an identifier of the initiating terminal; the basic information comprises the identification of the target terminal, the short message address of the target terminal and the encryption algorithm set supported by the target terminal. That is, in this step, the information interaction between the initiating terminal and the target terminal is completed.
Step S730: and receiving a short message request sent by the initiating terminal based on the short message address, and generating a first secret key according to the short message request and the identification.
In this embodiment, after receiving the basic information of the target terminal, the originating terminal sends a short message request to the target terminal through the base station according to the short message address in the basic information, where the short message request includes a session identifier, a random number and an encryption algorithm selected by the originating terminal in an encryption algorithm set, and the random number is a large random prime number.
After receiving the short message request, the target terminal inquires the identification of the initiating terminal and the identification of the target terminal in the stored information according to the session identification, and then generates a first key according to the identification of the initiating terminal, the identification of the target terminal and the random number according to a preset key rule.
Step S750: and after the first key is generated, sending a notice to the initiating terminal in response to the short message request so that the initiating terminal generates a second key which is the same as the first key according to the basic information and the short message request.
And after the target terminal generates the first key, returning a notification message to the base station, sending the notification message to the initiating terminal by the base station to inform that the session between the initiating terminal and the target terminal is successfully established, and generating a second key by the initiating terminal through the same key rule.
Step S770: and carrying out public key exchange between the target terminal and the initiating terminal according to the second secret key and the first secret key.
In this embodiment, after the initiating terminal and the target terminal generate the first key and the second key respectively, public key exchange between the initiating terminal and the target terminal can be completed through the first key and the second key.
If the initiating terminal encrypts the public key of the initiating terminal through the encryption algorithm selected in the short message request and the second secret key to obtain a second ciphertext, and then sends the second ciphertext to the target terminal through the communication server, the target terminal can decrypt the second ciphertext through the encryption algorithm selected in the short message request and the first secret key to obtain the public key of the initiating terminal, and the initiating terminal can also obtain the public key of the target terminal by using the same method. Of course, the above is only one proposed public key exchange method, and the public key exchange between the initiating terminal and the target terminal can also be performed through a one-time asymmetric key pair.
After the public key exchange between the initiating terminal and the target terminal, the data transmission between the initiating terminal and the target terminal can be completed through the exchanged public key.
It should be noted that the concept of the key exchange process proposed in this embodiment belongs to the same concept as the key exchange process provided in the embodiments of fig. 2 to fig. 6, and the specific manner of each step has been described in detail in the embodiments described in fig. 2 to fig. 6, and is not described again here.
Similarly, the target terminal encrypts the public key of the target terminal through the encryption algorithm selected in the short message request and the second key to obtain a first ciphertext, and then sends the first ciphertext to the initiating terminal through the communication server, so that the initiating terminal can decrypt the first ciphertext through the encryption algorithm selected in the short message request and the second key to obtain the public key of the target terminal.
In the embodiment, the communication server and the base station are used as two centralized service points in the key exchange process, and a single centralized service point can only obtain a part of the original basis information of the key negotiation between the initiating terminal and the target terminal, so that the security risk caused by the attack of the single centralized service can be effectively avoided, and the security of the key exchange is improved.
Fig. 8 is a schematic diagram illustrating a structure of a key exchange device according to an exemplary embodiment. As shown in fig. 8, in an exemplary embodiment, the key exchange apparatus is applied to an initiating terminal, and includes:
a first initialization module 810 configured to send an initial session request to a communication server, so that the communication server sends the initial session request to a target terminal, and receives basic information returned by the target terminal for the initial session request, where the basic information includes a short message address and an identifier of the target terminal;
the first key generation module 830 is configured to send a short message request to the target terminal based on the short message address, so that the target terminal generates a first key according to the short message request and an identifier of the target terminal, where the short message request includes a session identifier and a random number, and the first key is generated by the target terminal according to the session identifier, the random number, and the identifier of the target terminal;
a second key generation module 850, configured to receive a notification message returned by the target terminal for the short message request, and generate a second key that is the same as the first key according to the basic information and the short message request;
the first exchanging module 870 is configured to perform public key exchange between the initiating terminal and the target terminal according to the second key and the first key.
In this embodiment, the key exchange device with the above structure can effectively avoid the security risk caused by the breach of the single centralized service, and improve the security of key exchange and data transmission.
In one embodiment, the first switching module 870 includes:
the second preset public key obtaining unit is configured to encrypt the second preset public key through the target encryption algorithm and the second key to obtain a second ciphertext, and send the second ciphertext to the target terminal, so that the target terminal decrypts the second ciphertext through the target encryption algorithm and the first key to obtain the second preset public key;
the first preset public key obtaining unit is configured to obtain a first ciphertext sent by the target terminal, decrypt the first ciphertext through a target encryption algorithm and a second key to obtain a first preset public key of the target terminal, and encrypt the first preset public key through the target encryption algorithm and the first key to obtain the first ciphertext.
In one embodiment, the key exchange device further comprises:
the encryption algorithm set acquisition module is configured to acquire an encryption algorithm set supported by the target terminal from the basic information;
and the target encryption algorithm acquisition module is configured to select a target encryption algorithm from the encryption algorithm set and send the target encryption algorithm to the target terminal through a short message request.
In one embodiment, the first switching module 870 includes:
a second asymmetric key pair generation unit configured to generate a second asymmetric key pair, the second asymmetric key pair including a second target public key;
the second target public key obtaining unit is configured to encrypt a second target public key through a target encryption algorithm and a second key to obtain a second target ciphertext, and send the second target ciphertext to the target terminal, so that the target terminal decrypts the second target ciphertext through the target encryption algorithm and the first key to obtain the second target public key;
the first target public key obtaining unit is configured to obtain a first target ciphertext sent by the target terminal, decrypt the first target ciphertext through a target encryption algorithm and a second key to obtain a first target public key of the target terminal, wherein the first target ciphertext is obtained by the target terminal encrypting the first target public key through the target encryption algorithm and the first key, and the first target public key is a public key in a first asymmetric key pair generated by the target terminal.
In one embodiment, the key exchange device further comprises:
the first data transmission module is configured to encrypt first data to be transmitted through a first target public key and send the encrypted first data to be transmitted to a target terminal so that the target terminal decrypts the encrypted first data to be transmitted through the first target private key to obtain the first data to be transmitted, the first target public key is one public key of a first asymmetric key pair generated by the target terminal in advance, and the first target private key is one private key of the first asymmetric key pair; or the like, or, alternatively,
the second data transmission module is configured to receive the encrypted second to-be-transmitted data sent by the target terminal, decrypt the encrypted second to-be-transmitted data through a second target private key to obtain second transmission data, the encrypted second to-be-transmitted data is obtained by the target terminal encrypting the second to-be-transmitted data through a second target public key, the second target private key is one private key of a pre-generated second asymmetric key pair, and the second target public key is one public key of the pre-generated second asymmetric key pair.
Fig. 9 is a schematic diagram illustrating a structure of a key exchange device according to another exemplary embodiment. As shown in fig. 9, in an exemplary embodiment, the key exchange apparatus applied to a target terminal includes:
a second initiation module 910, configured to send a basic information to the initiating terminal in response to the initial session request, where the initial session request is sent to the communication server by the initiating terminal and forwarded based on the communication server, and the basic information includes a short message address and an identifier;
a first key obtaining module 930 configured to receive a short message request sent by the initiating terminal based on the short message address, and generate a first key according to the short message request and the identifier;
a second key obtaining module 950 configured to send a notification to the originating terminal in response to the short message request after generating the first key, so that the originating terminal generates a second key identical to the first key according to the basic information and the short message request;
the second exchanging module 970 is configured to exchange a public key between the target terminal and the initiating terminal according to the second key and the first key.
It should be noted that the key exchange apparatus provided in the foregoing embodiment and the key exchange method provided in the foregoing embodiment belong to the same concept, and specific ways for each module and unit to perform operations have been described in detail in the method embodiment, and are not described herein again.
An embodiment of the present application further provides an electronic device, including: one or more processors; a storage device for storing one or more programs, which when executed by one or more processors, cause an electronic device to implement the key exchange method provided in the above-described embodiments.
FIG. 10 illustrates a schematic structural diagram of a computer system suitable for use in implementing the electronic device of an embodiment of the present application.
It should be noted that the computer system 1600 of the electronic device shown in fig. 10 is only an example, and should not bring any limitation to the functions and the scope of use of the embodiments of the present application.
As shown in fig. 10, computer system 1600 includes a Central Processing Unit (CPU)1601, which can perform various appropriate actions and processes, such as executing the methods in the above-described embodiments, according to a program stored in a Read-Only Memory (ROM) 1602 or a program loaded from a storage portion 1608 into a Random Access Memory (RAM) 1603. In the RAM 1603, various programs and data necessary for system operation are also stored. The CPU 1601, ROM 1602, and RAM 1603 are connected to each other via a bus 1604. An Input/Output (I/O) interface 1605 is also connected to the bus 1604.
The following components are connected to the I/O interface 1605: an input portion 1606 including a keyboard, a mouse, and the like; an output section 1607 including a Cathode Ray Tube (CRT), a Liquid Crystal Display (LCD), and the like, a speaker, and the like; a storage portion 1608 including a hard disk and the like; and a communication section 1609 including a Network interface card such as a LAN (Local Area Network) card, a modem, or the like. The communication section 1609 performs communication processing via a network such as the internet. The driver 1610 is also connected to the I/O interface 1605 as needed. A removable medium 1611 such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like is mounted on the drive 1610 as necessary, so that a computer program read out therefrom is mounted in the storage portion 1608 as necessary.
In particular, according to embodiments of the application, the processes described above with reference to the flow diagrams may be implemented as computer software programs. For example, embodiments of the present application include a computer program product comprising a computer program embodied on a computer readable medium, the computer program comprising a computer program for performing the method illustrated by the flow chart. In such embodiments, the computer program may be downloaded and installed from a network via the communication portion 1609, and/or installed from the removable media 1611. When the computer program is executed by a Central Processing Unit (CPU)1601, various functions defined in the system of the present application are executed.
It should be noted that the computer readable medium shown in the embodiments of the present application may be a computer readable signal medium or a computer readable storage medium or any combination of the two. The computer readable storage medium may be, for example, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples of the computer readable storage medium may include, but are not limited to: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a Read-Only Memory (ROM), an Erasable Programmable Read-Only Memory (EPROM), a flash Memory, an optical fiber, a portable Compact Disc Read-Only Memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the present application, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. In this application, however, a computer readable signal medium may include a propagated data signal with a computer program embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. The computer program embodied on the computer readable medium may be transmitted using any appropriate medium, including but not limited to: wireless, wired, etc., or any suitable combination of the foregoing.
The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present application. Each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams or flowchart illustration, and combinations of blocks in the block diagrams or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
The units described in the embodiments of the present application may be implemented by software, or may be implemented by hardware, and the described units may also be disposed in a processor. Wherein the names of the elements do not in some way constitute a limitation on the elements themselves.
Another aspect of the present application also provides a computer-readable storage medium having stored thereon a computer program which, when executed by a processor, implements the key exchange method as before. The computer-readable storage medium may be included in the electronic device described in the above embodiment, or may exist separately without being incorporated in the electronic device.
Another aspect of the application also provides a computer program product or computer program comprising computer instructions stored in a computer readable storage medium. The processor of the computer device reads the computer instructions from the computer-readable storage medium, and the processor executes the computer instructions to cause the computer device to execute the key exchange method provided in the above-described embodiments.
The above description is only a preferred exemplary embodiment of the present application, and is not intended to limit the embodiments of the present application, and those skilled in the art can easily make various changes and modifications according to the main concept and spirit of the present application, so that the protection scope of the present application shall be subject to the protection scope of the claims.

Claims (10)

1. A key exchange method applied to an initiating terminal, the method comprising:
sending an initial session request to a communication server, so that the communication server sends the initial session request to a target terminal and receives basic information returned by the target terminal aiming at the initial session request, wherein the basic information comprises a short message address and an identifier of the target terminal;
sending a short message request to the target terminal based on the short message address so that the target terminal generates a first secret key according to the short message request and the identification of the target terminal;
receiving a notification message returned by the target terminal aiming at the short message request, and generating a second key which is the same as the first key according to the basic information and the short message request;
and performing public key exchange between the initiating terminal and the target terminal according to the second secret key and the first secret key.
2. The method of claim 1, wherein the SMS request comprises a session identifier and a random number, and wherein the first key is generated by the target terminal according to the session identifier, the random number, and an identifier of the target terminal.
3. The method of claim 1, wherein the exchanging public keys between the initiating terminal and the target terminal according to the second key and the first key comprises:
encrypting a second preset public key through a target encryption algorithm and the second key to obtain a second ciphertext, and sending the second ciphertext to the target terminal, so that the target terminal decrypts the second ciphertext through the target encryption algorithm and the first key to obtain the second preset public key;
and acquiring a first ciphertext sent by the target terminal, and decrypting the first ciphertext through the target encryption algorithm and the second key to obtain a first preset public key of the target terminal, wherein the first ciphertext is obtained by encrypting the first preset public key through the target encryption algorithm and the first key.
4. The method according to claim 3, wherein before the encrypting the second preset public key by the target encryption algorithm and the second key to obtain a second ciphertext and sending the second ciphertext to the target terminal, so that the target terminal decrypts the second ciphertext by the target encryption algorithm and the first key to obtain the second preset public key, the method further comprises:
acquiring an encryption algorithm set supported by the target terminal from the basic information;
and selecting the target encryption algorithm from the encryption algorithm set, and sending the target encryption algorithm to the target terminal through the short message request.
5. The method of claim 1, wherein the exchanging public keys between the initiating terminal and the target terminal according to the second key and the first key comprises:
generating a second asymmetric key pair, the second asymmetric key pair comprising a second target public key;
encrypting a second target public key through a target encryption algorithm and the second key to obtain a second target ciphertext, and sending the second target ciphertext to the target terminal, so that the target terminal decrypts the second target ciphertext through the target encryption algorithm and the first key to obtain a second target public key;
and acquiring a first target ciphertext sent by the target terminal, and decrypting the first target ciphertext through the target encryption algorithm and the second key to obtain a first target public key of the target terminal, wherein the first target ciphertext is obtained by encrypting the first target public key by the target terminal through the target encryption algorithm and the first key, and the first target public key is a public key in a first asymmetric key pair generated by the target terminal.
6. The method according to claim 1, wherein after said public key exchange between the initiating terminal and the target terminal according to the second key and the first key, the method further comprises:
encrypting first data to be transmitted through a first target public key, and sending the encrypted data to be transmitted to the target terminal so that the target terminal decrypts the encrypted first data to be transmitted through a first target private key to obtain the first data to be transmitted, wherein the first target public key is one of a first asymmetric key pair generated by the target terminal in advance, and the first target private key is one of a first private key of the first asymmetric key pair; alternatively, the first and second electrodes may be,
and receiving the encrypted second to-be-transmitted data sent by the target terminal, decrypting the encrypted second to-be-transmitted data through a second target private key to obtain second to-be-transmitted data, wherein the encrypted to-be-transmitted data is obtained by the target terminal through encryption of the second to-be-transmitted data through a second target public key, the second target private key is one private key of a pre-generated second asymmetric key pair, and the second target public key is one public key of the pre-generated second asymmetric key pair.
7. A key exchange method applied to a target terminal, the method comprising:
sending basic information to an initiating terminal in response to an initial session request, wherein the initial session request is sent to a communication server by the initiating terminal and forwarded based on the communication server, and the basic information comprises a short message address and an identifier;
receiving a short message request sent by the initiating terminal based on the short message address, and generating a first secret key according to the short message request and the identification;
after the first key is generated, responding to the short message request to send a notice to the initiating terminal so that the initiating terminal generates a second key which is the same as the first key according to basic information and the short message request;
and performing public key exchange between the target terminal and the initiating terminal according to the second secret key and the first secret key.
8. A key exchange apparatus, applied to an originating terminal, the apparatus comprising:
a first initial module, configured to send an initial session request to a communication server, so that the communication server sends the initial session request to a target terminal, and receives basic information returned by the target terminal for the initial session request, where the basic information includes a short message address and an identifier of the target terminal;
the first key generation module is configured to send a short message request to the target terminal based on the short message address so that the target terminal generates a first key according to the short message request and the identifier of the target terminal;
a second key generation module configured to receive a notification message returned by the target terminal for the short message request, and generate a second key identical to the first key according to the basic information and the short message request;
and the first exchange module is configured to exchange a public key between the initiating terminal and the target terminal according to the second key and the first key.
9. A key exchange apparatus, applied to a target terminal, the apparatus comprising:
the second initial module is configured to respond to an initial session request and send basic information to the initiating terminal, the initial session request is sent to the communication server by the initiating terminal and forwarded based on the communication server, and the basic information comprises a short message address and an identifier;
the first key acquisition module is configured to receive a short message request sent by the initiating terminal based on the short message address and generate a first key according to the short message request and the identifier;
the second key acquisition module is configured to respond to the short message request and send a notification to the initiating terminal after the first key is generated, so that the initiating terminal generates a second key which is the same as the first key according to basic information and the short message request;
and the second exchange module is configured to exchange a public key between the target terminal and the initiating terminal according to the second key and the first key.
10. An electronic device, comprising:
one or more processors;
storage means for storing one or more computer programs that, when executed by the one or more processors, cause the electronic device to implement the method of any of claims 1-7.
CN202111487530.XA 2021-12-06 2021-12-06 Key exchange method and device and electronic equipment Pending CN114173328A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111487530.XA CN114173328A (en) 2021-12-06 2021-12-06 Key exchange method and device and electronic equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111487530.XA CN114173328A (en) 2021-12-06 2021-12-06 Key exchange method and device and electronic equipment

Publications (1)

Publication Number Publication Date
CN114173328A true CN114173328A (en) 2022-03-11

Family

ID=80484085

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111487530.XA Pending CN114173328A (en) 2021-12-06 2021-12-06 Key exchange method and device and electronic equipment

Country Status (1)

Country Link
CN (1) CN114173328A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114584306A (en) * 2022-05-05 2022-06-03 腾讯科技(深圳)有限公司 Data processing method and related device

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114584306A (en) * 2022-05-05 2022-06-03 腾讯科技(深圳)有限公司 Data processing method and related device
CN114584306B (en) * 2022-05-05 2022-08-02 腾讯科技(深圳)有限公司 Data processing method and related device

Similar Documents

Publication Publication Date Title
EP3534565B1 (en) Data transmission method, apparatus and system
US10785019B2 (en) Data transmission method and apparatus
US8595807B2 (en) Method, system, and device for implementing device addition in Wi-Fi device to device network
US20160269176A1 (en) Key Configuration Method, System, and Apparatus
CN104301107A (en) Methods and systems for verifying privacy of web real-time communications (WebRTC) media channels via corresponding WebRTC data channels
CN107483383B (en) Data processing method, terminal, background server and storage medium
US20200162245A1 (en) Method and system for performing ssl handshake
CN109698746B (en) Method and system for generating sub-keys of binding equipment based on master key negotiation
US10680835B2 (en) Secure authentication of remote equipment
CN110493272B (en) Communication method and communication system using multiple keys
CN103997405B (en) A kind of key generation method and device
CN103986723B (en) A kind of secret communication control, secret communication method and device
CN107196919B (en) Data matching method and device
CN114173328A (en) Key exchange method and device and electronic equipment
CN111246407B (en) Data encryption and decryption method and device for short message transmission
CN108549824A (en) A kind of data desensitization method and device
CN110601825B (en) Ciphertext processing method and device, storage medium and electronic device
CN114301677A (en) Key negotiation method, device, electronic equipment and storage medium
CN113452513B (en) Key distribution method, device and system
CN112422275A (en) Key negotiation method, system, equipment and computer storage medium in UART communication
CN109257630B (en) Data transmission system, method, device and storage medium in video-on-demand
CN111526128B (en) Encryption management method and device
CN110839240B (en) Method and device for establishing connection
CN110890968B (en) Instant messaging method, device, equipment and computer readable storage medium
RU2693192C1 (en) Computer-implemented method of providing secure group communications with failure properties, perfect direct privacy and correspondence of text of correspondence

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination