CN114338141A - Communication key processing method, device, nonvolatile storage medium and processor - Google Patents
Communication key processing method, device, nonvolatile storage medium and processor Download PDFInfo
- Publication number
- CN114338141A CN114338141A CN202111617065.7A CN202111617065A CN114338141A CN 114338141 A CN114338141 A CN 114338141A CN 202111617065 A CN202111617065 A CN 202111617065A CN 114338141 A CN114338141 A CN 114338141A
- Authority
- CN
- China
- Prior art keywords
- key
- communication
- condition
- target objects
- parameter information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 230000006854 communication Effects 0.000 title claims abstract description 179
- 238000004891 communication Methods 0.000 title claims abstract description 171
- 238000003672 processing method Methods 0.000 title claims abstract description 23
- 238000000034 method Methods 0.000 claims abstract description 26
- 238000012545 processing Methods 0.000 claims abstract description 20
- 230000005540 biological transmission Effects 0.000 claims description 22
- 230000015654 memory Effects 0.000 description 24
- 238000010586 diagram Methods 0.000 description 5
- 230000000694 effects Effects 0.000 description 4
- 230000008878 coupling Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 3
- 230000008569 process Effects 0.000 description 3
- 238000010295 mobile communication Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012544 monitoring process Methods 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 230000009471 action Effects 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 239000003999 initiator Substances 0.000 description 1
- 230000000977 initiatory effect Effects 0.000 description 1
- 239000004973 liquid crystal related substance Substances 0.000 description 1
- 230000005055 memory storage Effects 0.000 description 1
Images
Abstract
The invention discloses a communication key processing method, a communication key processing device, a nonvolatile storage medium and a processor. Wherein, the method comprises the following steps: acquiring parameter information of a first key, wherein the first key is used for communication encryption and decryption between target objects, and the first key is also used for returning to the target objects under the condition that the target objects send communication key requests; acquiring a second key under the condition that the parameter information of the first key meets a preset condition, wherein the second key is used for encrypting and decrypting communication between target objects; and receiving a communication key request sent by the target object, and returning the second key to the target object. The invention solves the technical problem of reduced safety caused by not changing the key for a long time in the communication process.
Description
Technical Field
The present invention relates to the field of communications, and in particular, to a method and an apparatus for processing a communication key, a non-volatile storage medium, and a processor.
Background
With the development of computer network technology, in the field of network communication, various platform keys are eavesdropped, maliciously stolen and maliciously stolen, and the technology of attacking servers is endlessly developed, which has a great threat to the security of enterprise data. In view of this situation, communication security has been a problem that is continuously concerned and emphasized by large enterprises. In the communication process of the two parties, once the communication key is lost or stolen, the safety and the stability of the communication cannot be guaranteed, and the communication can only be stopped at the moment, so that the communication efficiency is greatly influenced.
In view of the above problems, no effective solution has been proposed.
Disclosure of Invention
The embodiment of the invention provides a communication key processing method and device, a nonvolatile storage medium and a processor, which are used for at least solving the technical problem of low safety caused by not replacing a key for a long time in the communication process.
According to an aspect of the embodiments of the present invention, there is provided a communication key processing method, including: acquiring parameter information of a first key, wherein the first key is used for communication encryption and decryption between target objects, and the first key is also used for returning to the target objects under the condition that the target objects send communication key requests; acquiring a second key under the condition that the parameter information of the first key meets a preset condition, wherein the second key is used for encrypting and decrypting communication between the target objects; and receiving a communication key request sent by the target object, and returning the second key to the target object.
Optionally, the obtaining a second key when the parameter information of the first key meets a predetermined condition includes: determining the remaining duration of the first key based on the parameter information of the first key, wherein the parameter information of the first key comprises the creation time and the effective duration of the first key; and acquiring the second key under the condition that the remaining duration meets the preset condition.
Optionally, the remaining duration satisfies the predetermined condition, including: the remaining duration is less than a predetermined time threshold.
Optionally, the returning the second key to the target object includes: determining a reception time at which the communication key request is received; determining the state of the first key at the receiving time according to the creation time and the effective duration of the first key; returning the first key to the target object when the state of the first key is valid; and returning the second key to the target object under the condition that the state of the first key is invalid.
Optionally, obtaining the second key includes: acquiring service type information of the target object; and generating the second key according to the service type information of the target object and a key generation rule.
Optionally, the generating the second key according to the service type information of the target object and a key generation rule includes: acquiring a service security password corresponding to the service type information of the target object and acquiring a current timestamp; and generating the second key according to a key generation rule, the security password and the current timestamp, and appointing the effective duration of the second key according to the key generation rule.
According to another aspect of the embodiments of the present invention, there is provided a communication key processing method, including: the method comprises the steps that a key center obtains parameter information of a first key, wherein the first key is used for encryption and decryption of communication between target objects, the first key is also used for returning to the target objects under the condition that the target objects send communication key requests, and the target objects comprise first objects and second objects; under the condition that the parameter information of the first key meets a preset condition, the key center acquires a second key, wherein the second key is used for encrypting and decrypting communication between the target objects; the key center receives a communication key request sent by the first object and returns the second key to the first object; the first object encrypts communication content by using the second key to obtain transmission data, and sends the transmission data to the second object; the second object sends a communication key request to the key center and receives the second key returned by the key center under the condition that the transmission data cannot be decrypted by using the first key; and the second object decrypts the transmission data by using the second key to obtain the communication content.
According to another aspect of the embodiments of the present invention, there is also provided a communication key processing apparatus, including: the device comprises a first obtaining module, a first encryption module and a second obtaining module, wherein the first obtaining module is used for obtaining parameter information of a first secret key, the first secret key is used for encrypting and decrypting communication between target objects, and the first secret key is also used for returning to the target objects under the condition that the target objects send communication secret key requests; a second obtaining module, configured to obtain a second key when parameter information of the first key meets a predetermined condition, where the second key is used for encryption and decryption of communication between the target objects; and the return module is used for receiving the communication key request sent by the target object and returning the second key to the target object.
According to still another aspect of the embodiments of the present invention, there is also provided a nonvolatile storage medium, where the nonvolatile storage medium includes a stored program, and when the program runs, a device in which the nonvolatile storage medium is located is controlled to execute any one of the above communication key processing methods.
According to still another aspect of the embodiments of the present invention, there is further provided a processor, where the processor is configured to execute a program, where the program executes the communication key processing method described in any one of the above.
In the embodiment of the invention, parameter information of a first key is obtained, wherein the first key is used for encrypting and decrypting communication between target objects, and the first key is also used for returning to the target objects under the condition that the target objects send communication key requests; acquiring a second key under the condition that the parameter information of the first key meets a preset condition, wherein the second key is used for encrypting and decrypting communication between target objects; the method and the device receive a communication key request sent by a target object and return a second key to the target object, so that the purpose that both parties of encrypted communication exchange communication keys is achieved, the technical effect of improving the safety of encrypted communication is achieved, and the technical problem that the safety is reduced because the keys are not exchanged for a long time in the communication process is solved.
Drawings
The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this application, illustrate embodiment(s) of the invention and together with the description serve to explain the invention without limiting the invention. In the drawings:
fig. 1 shows a hardware configuration block diagram of a computer terminal for implementing a communication key processing method;
fig. 2 is a flowchart illustrating a first communication key processing method according to an embodiment of the present invention;
fig. 3 is a flowchart illustrating a second communication key processing method according to an embodiment of the present invention;
FIG. 4 is a key switch flow diagram for encrypted communications provided in accordance with an alternative embodiment of the present invention;
fig. 5 is a block diagram of a communication key processing apparatus according to an embodiment of the present invention.
Detailed Description
In order to make the technical solutions of the present invention better understood, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
It should be noted that the terms "first," "second," and the like in the description and claims of the present invention and in the drawings described above are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used is interchangeable under appropriate circumstances such that the embodiments of the invention described herein are capable of operation in sequences other than those illustrated or described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
In accordance with an embodiment of the present invention, there is provided a communication key processing method embodiment, it is noted that the steps illustrated in the flowchart of the drawings may be performed in a computer system such as a set of computer executable instructions, and that while a logical order is illustrated in the flowchart, in some cases the steps illustrated or described may be performed in an order different than here.
The method provided by the first embodiment of the present application may be executed in a mobile terminal, a computer terminal, or a similar computing device. Fig. 1 shows a hardware configuration block diagram of a computer terminal for implementing a communication key processing method. As shown in fig. 1, the computer terminal 10 may include one or more (shown as 102a, 102b, … …, 102 n) processors 102 (the processors 102 may include, but are not limited to, a processing device such as a microprocessor MCU or a programmable logic device FPGA), and memory 104 for storing data. Besides, the method can also comprise the following steps: a display, an input/output interface (I/O interface), a Universal Serial BUS (USB) port (which may be included as one of the ports of the BUS), a network interface, a power source, and/or a camera. It will be understood by those skilled in the art that the structure shown in fig. 1 is only an illustration and is not intended to limit the structure of the electronic device. For example, the computer terminal 10 may also include more or fewer components than shown in FIG. 1, or have a different configuration than shown in FIG. 1.
It should be noted that the one or more processors 102 and/or other data processing circuitry described above may be referred to generally herein as "data processing circuitry". The data processing circuitry may be embodied in whole or in part in software, hardware, firmware, or any combination thereof. Further, the data processing circuit may be a single stand-alone processing module, or incorporated in whole or in part into any of the other elements in the computer terminal 10. As referred to in the embodiments of the application, the data processing circuit acts as a processor control (e.g. selection of a variable resistance termination path connected to the interface).
The memory 104 may be used to store software programs and modules of application software, such as program instructions/data storage devices corresponding to the communication key processing method in the embodiment of the present invention, and the processor 102 executes various functional applications and data processing by executing the software programs and modules stored in the memory 104, that is, implements the communication key processing method of the application program. The memory 104 may include high speed random access memory, and may also include non-volatile memory, such as one or more magnetic storage devices, flash memory, or other non-volatile solid-state memory. In some examples, the memory 104 may further include memory located remotely from the processor 102, which may be connected to the computer terminal 10 via a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
The display may be, for example, a touch screen type Liquid Crystal Display (LCD) that may enable a user to interact with the user interface of the computer terminal 10.
Fig. 2 is a flowchart illustrating a first communication key processing method according to an embodiment of the present invention, as shown in fig. 2, the method includes the following steps:
step S202, acquiring parameter information of a first key, wherein the first key is used for encryption and decryption of communication between target objects, and the first key is also used for returning to the target objects under the condition that the target objects send communication key requests. Optionally, the parameter information of the first key may include attribute information of the first key, and the target objects may include a plurality of objects, and the target objects are agreed to perform encryption and decryption by using the first key. Optionally, the method may be applied to a key center, and when the target object communicates, the key center obtains the key by sending a communication key request to the key center, and distributes the key to the target object and returns the key to the target object.
And step S204, acquiring a second key under the condition that the parameter information of the first key meets a preset condition, wherein the second key is used for encrypting and decrypting the communication between the target objects. In this step, the key center may determine whether the parameter information of the first key satisfies a predetermined condition, obtain the second key if the parameter information of the first key satisfies the predetermined condition, and allow the target objects to continue to use the first key for communication if the parameter information of the first key does not satisfy the predetermined condition, that is, not return the key to the target object or return the first key to the target object.
Step S206, receiving the communication key request sent by the target object, and returning the second key to the target object. Optionally, after the key center acquires the second key, a switching action may be performed to replace the first key with the second key as an encryption/decryption key for the target object during communication. After the switching is successful, the key center returns a second key to the target object after receiving the communication key request sent by the target object, and the target object can perform communication encryption and decryption by adopting the second key, so that the key used by the target object in the communication process is switched, an attacker is more difficult to crack the communication key, and the communication safety is improved.
Through the steps, parameter information of a first key is obtained, wherein the first key is used for encrypting and decrypting communication between the target objects, and the first key is also used for returning to the target objects under the condition that the target objects send communication key requests; acquiring a second key under the condition that the parameter information of the first key meets a preset condition, wherein the second key is used for encrypting and decrypting communication between target objects; the method and the device receive a communication key request sent by a target object and return a second key to the target object, so that the purpose that both parties of encrypted communication exchange communication keys is achieved, the technical effect of improving the safety of encrypted communication is achieved, and the technical problem that the safety is reduced because the keys are not exchanged for a long time in the communication process is solved.
As an alternative embodiment, whether the parameter information of the first key satisfies the predetermined condition may be determined as follows: firstly, determining the remaining duration of a first key based on parameter information of the first key, wherein the parameter information of the first key comprises the creation time and the effective duration of the first key; and acquiring a second key under the condition that the remaining time length meets a preset condition.
In this alternative embodiment, a valid duration may be set for the first key, which may also be referred to as a time-to-live of the first key. When the key center uses the first key to reach the effective duration, the first key is abandoned and the second key is switched to use, so that the effects of replacing the communication key regularly and guaranteeing the communication safety are achieved. Optionally, the creation time and the effective duration of the first key may be recorded in the parameter information of the first key, and then the remaining duration of the first key is calculated based on the current time. As an alternative embodiment, the remaining time length satisfies the predetermined condition, and the remaining time length may be smaller than the predetermined time threshold. When the remaining time period meets a predetermined condition, for example, less than 10 minutes, the second key is acquired to prepare for switching the communication key. The predetermined time threshold may be used for calculating a new second key and for key switching or key backup at the key center.
As an alternative embodiment, the second key may be obtained as follows: acquiring service type information of a target object; and generating a second key according to the service type information of the target object and the key generation rule.
In this alternative embodiment, the second key may be a key generated according to a certain rule. For example, the second key may be generated based on the type of communication traffic between the target objects. For example, a complex second key may be generated for high-security level communication according to the security requirement of the service type of the target object and the key generation rule defined by the key center, such a key is more secure although it is inefficient, or a lighter-weight second key may be generated for low-security level communication according to the key generation rule, and the communication rate of the lighter-weight second key is faster, so that daily communication is more supported.
As an alternative embodiment, generating the second key according to the service type information of the target object and the key generation rule, may further include the following steps: acquiring a service security password corresponding to the service type information of the target object and acquiring a current timestamp; and generating a second key according to the key generation rule, the security password and the current timestamp, and appointing the effective duration of the second key according to the key generation rule.
Alternatively, the second key may be generated as follows: and splicing the items according to a fixed connection relation to obtain a second secret key by adopting a mode of randomly generating 64-bit codes and a safety secret key by adopting the current timestamp, the configurable safety code and the English number. The configurable security code may be agreed by both communication parties of the target object, for example, a security password set in a key center between the target objects; the security key may be a key set by the key center itself for generating the communication key. By the method, different unique keys can be set for different communication objects, key repetition or similarity is avoided, and the security of the communication keys is improved.
As an alternative embodiment, the second key may be returned to the target object by: determining a receiving time when the communication key request is received; determining the state of the first key at the receiving time according to the creation time and the effective duration of the first key; returning the first key to the target object under the condition that the state of the first key is valid; and returning the second key to the target object when the state of the first key is invalid.
Alternatively, after the second key is generated, the second key may not be directly used to replace the first key, but the second key is saved, and when the first key is invalid, the second key is used to replace the first key. When the key center stores both the first key and the second key, the time for receiving the communication key request of the target object can be checked, whether the first key is invalid at the moment is judged, whether the first key or the second key is returned to the target object is determined according to the state of the first key, the smooth switching of the first key and the second key is realized, and the influence on the communication process caused by unsmooth key switching is avoided.
Fig. 3 is a schematic flowchart of a second communication key processing method according to an embodiment of the present invention, and as shown in fig. 3, the method includes the following steps:
step S301, the key center obtains parameter information of a first key, wherein the first key is used for encryption and decryption of communication between target objects, the first key is also used for returning to the target objects under the condition that the target objects send communication key requests, and the target objects comprise the first objects and the second objects.
Step S302, under the condition that the parameter information of the first key meets the preset condition, the key center acquires a second key, wherein the second key is used for encrypting and decrypting the communication between the target objects.
Step S303, the key center receives the communication key request sent by the first object, and returns the second key to the first object.
In step S304, the first object encrypts the communication content using the second key to obtain transmission data, and sends the transmission data to the second object.
In step S305, the second object sends a communication key request to the key center and receives a second key returned by the key center when the transmission data cannot be decrypted by using the first key.
And S306, the second object decrypts the transmission data by using the second key to obtain the communication content.
Through the steps, the purpose of replacing the communication key for both sides of the encrypted communication is achieved, so that the technical effect of improving the safety of the encrypted communication is achieved, and the technical problem that the safety is reduced because the key is not replaced for a long time in the communication process is solved.
In this embodiment, the second object as the communication receiver in the target object does not need to request the key from the key center each time, and the second object may request the key from the key center only when the second object cannot decrypt the communication ciphertext using the key in the hand. For example, the first object may request a key from the key center at each communication, obtain the first key, encrypt the communication content using the first key, and send the encrypted communication content to the second object, and if the second object does not have a key in hand, request the key from the key center, also obtain the first key, and decrypt the encrypted communication content using the key. In each subsequent communication, the second object does not need to request the key from the key center again, but directly uses the first key to process the ciphertext until the encrypted data transmitted by the first object cannot be decrypted, at this time, the first object can be considered to be replaced by the encryption key, at this time, the second object can send a communication key request to the key center, the key center returns the latest key, for example, the second key, and the second object decrypts the encrypted data by using the second key to obtain the communication content.
Fig. 4 is a key switching flowchart of encrypted communication according to an alternative embodiment of the present invention, and as shown in fig. 4, a dashed box is a flow step of a key center, where the key center determines whether an effective duration of a key is about to expire soon by monitoring a current key, for example, a first key, and if so, generates a new communication key, for example, a second key, according to a security rule, and sets an effective duration for the second key; at this time, the key center has a first key and a second key, and by comparing the valid duration of the first key and the second key, it can be determined whether the first key is valid or whether the first key needs to be discarded, and when the second key needs to be switched, the first key is discarded, and the key switching is performed.
The communication initiator wants the key center to request the current effective key each time initiating communication, and encrypts the key and sends the encrypted message to the communication receiver. If the communication receiver can decrypt by using the key at hand, directly decrypting, if the decryption fails, monitoring the key center, downloading the latest key from the key center, and comparing whether the latest key is consistent with the key at hand, if the key is consistent, indicating that the decryption failure is not caused by the key, and possibly someone tampers with the encrypted message; if the secret keys are not consistent, the secret key at hand is replaced by the latest secret key, the encrypted message is decrypted, communication content is obtained, and communication is completed.
According to an embodiment of the present invention, there is further provided a communication key processing apparatus for implementing the first communication key processing method, and fig. 5 is a block diagram of a structure of the communication key processing apparatus according to an embodiment of the present invention, as shown in fig. 5, the communication key processing apparatus includes: a first obtaining module 52, a second obtaining module 54 and a returning module 56, which are described below.
A first obtaining module 52, configured to obtain parameter information of a first key, where the first key is used for encryption and decryption of communication between target objects, and the first key is also used for returning to the target object when the target object sends a communication key request;
a second obtaining module 54, connected to the first obtaining module 52, configured to obtain a second key when parameter information of the first key meets a predetermined condition, where the second key is used for encryption and decryption of communication between target objects;
and a returning module 56, connected to the second obtaining module 54, for receiving the communication key request sent by the target object and returning the second key to the target object.
It should be noted here that the first acquiring module 52, the second acquiring module 54 and the returning module 56 correspond to steps S202 to S206 in embodiment 1, and the three modules are the same as the corresponding steps in the implementation example and the application scenario, but are not limited to the disclosure in embodiment 1. It should be noted that the above modules may be operated in the computer terminal 10 provided in embodiment 1 as a part of the apparatus.
An embodiment of the present invention may provide a computer device, and optionally, in this embodiment, the computer device may be located in at least one network device of a plurality of network devices of a computer network. The computer device includes a memory and a processor.
The memory may be configured to store software programs and modules, such as program instructions/modules corresponding to the communication key processing method and apparatus in the embodiments of the present invention, and the processor executes various functional applications and data processing by running the software programs and modules stored in the memory, so as to implement the communication key processing method. The memory may include high speed random access memory, and may also include non-volatile memory, such as one or more magnetic storage devices, flash memory, or other non-volatile solid-state memory. In some examples, the memory may further include memory located remotely from the processor, and these remote memories may be connected to the computer terminal through a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
The processor can call the information and application program stored in the memory through the transmission device to execute the following steps: acquiring parameter information of a first key, wherein the first key is used for communication encryption and decryption between target objects, and the first key is also used for returning to the target objects under the condition that the target objects send communication key requests; acquiring a second key under the condition that the parameter information of the first key meets a preset condition, wherein the second key is used for encrypting and decrypting communication between target objects; and receiving a communication key request sent by the target object, and returning the second key to the target object.
The processor can also call the information stored in the memory and the application program through the transmission device to execute the following steps: the key center acquires parameter information of a first key, wherein the first key is used for encryption and decryption of communication between target objects, the first key is also used for returning to the target objects under the condition that the target objects send communication key requests, and the target objects comprise first objects and second objects; under the condition that the parameter information of the first key meets a preset condition, the key center acquires a second key, wherein the second key is used for encrypting and decrypting communication between target objects; the key center receives a communication key request sent by the first object and returns a second key to the first object; the first object encrypts the communication content by using the second key to obtain transmission data, and sends the transmission data to the second object; the second object sends a communication key request to the key center and receives a second key returned by the key center under the condition that the first key cannot decrypt the transmission data; the second object decrypts the transmission data by using the second key to obtain the communication content.
Those skilled in the art will appreciate that all or part of the steps in the methods of the above embodiments may be implemented by a program instructing hardware associated with the terminal device, where the program may be stored in a non-volatile storage medium, and the storage medium may include: flash disks, Read-Only memories (ROMs), Random Access Memories (RAMs), magnetic or optical disks, and the like.
Embodiments of the present invention also provide a non-volatile storage medium. Optionally, in this embodiment, the nonvolatile storage medium may be configured to store the program code executed by the communication key processing method provided in embodiment 1.
Optionally, in this embodiment, the nonvolatile storage medium may be located in any one of computer terminals in a computer terminal group in a computer network, or in any one of mobile terminals in a mobile terminal group.
Optionally, in this embodiment, the non-volatile storage medium is configured to store program code for performing the following steps: acquiring parameter information of a first key, wherein the first key is used for communication encryption and decryption between target objects, and the first key is also used for returning to the target objects under the condition that the target objects send communication key requests; acquiring a second key under the condition that the parameter information of the first key meets a preset condition, wherein the second key is used for encrypting and decrypting communication between target objects; and receiving a communication key request sent by the target object, and returning the second key to the target object.
Optionally, in this embodiment, the non-volatile storage medium is configured to store program code for performing the following steps: the key center acquires parameter information of a first key, wherein the first key is used for encryption and decryption of communication between target objects, the first key is also used for returning to the target objects under the condition that the target objects send communication key requests, and the target objects comprise first objects and second objects; under the condition that the parameter information of the first key meets a preset condition, the key center acquires a second key, wherein the second key is used for encrypting and decrypting communication between target objects; the key center receives a communication key request sent by the first object and returns a second key to the first object; the first object encrypts the communication content by using the second key to obtain transmission data, and sends the transmission data to the second object; the second object sends a communication key request to the key center and receives a second key returned by the key center under the condition that the first key cannot decrypt the transmission data; the second object decrypts the transmission data by using the second key to obtain the communication content.
The above-mentioned serial numbers of the embodiments of the present invention are merely for description and do not represent the merits of the embodiments.
In the above embodiments of the present invention, the descriptions of the respective embodiments have respective emphasis, and for parts that are not described in detail in a certain embodiment, reference may be made to related descriptions of other embodiments.
In the embodiments provided in the present application, it should be understood that the disclosed technology can be implemented in other ways. The above-described embodiments of the apparatus are merely illustrative, and for example, a division of a unit may be a division of a logic function, and an actual implementation may have another division, for example, a plurality of units or components may be combined or may be integrated into another system, or some features may be omitted, or may not be executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, units or modules, and may be in an electrical or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit.
The integrated unit, if implemented in the form of a software functional unit and sold or used as a stand-alone product, may be stored in a non-volatile memory storage medium. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a removable hard disk, a magnetic or optical disk, and other various media capable of storing program codes.
The foregoing is only a preferred embodiment of the present invention, and it should be noted that it is obvious to those skilled in the art that various modifications and improvements can be made without departing from the principle of the present invention, and these modifications and improvements should also be considered as the protection scope of the present invention.
Claims (10)
1. A method for processing a communication key, comprising:
acquiring parameter information of a first key, wherein the first key is used for communication encryption and decryption between target objects, and the first key is also used for returning to the target objects under the condition that the target objects send communication key requests;
acquiring a second key under the condition that the parameter information of the first key meets a preset condition, wherein the second key is used for encrypting and decrypting communication between the target objects;
and receiving a communication key request sent by the target object, and returning the second key to the target object.
2. The method according to claim 1, wherein the obtaining a second key in a case that the parameter information of the first key satisfies a predetermined condition comprises:
determining the remaining duration of the first key based on the parameter information of the first key, wherein the parameter information of the first key comprises the creation time and the effective duration of the first key;
and acquiring the second key under the condition that the remaining duration meets the preset condition.
3. The method of claim 2, wherein the remaining duration satisfies the predetermined condition, comprising: the remaining duration is less than a predetermined time threshold.
4. The method of claim 2, wherein returning the second key to the target object comprises:
determining a reception time at which the communication key request is received;
determining the state of the first key at the receiving time according to the creation time and the effective duration of the first key;
returning the first key to the target object when the state of the first key is valid;
and returning the second key to the target object under the condition that the state of the first key is invalid.
5. The method of claim 1, wherein obtaining the second key comprises:
acquiring service type information of the target object;
and generating the second key according to the service type information of the target object and a key generation rule.
6. The method of claim 5, wherein generating the second key according to the service type information of the target object and a key generation rule comprises:
acquiring a service security password corresponding to the service type information of the target object and acquiring a current timestamp;
and generating the second key according to a key generation rule, the security password and the current timestamp, and appointing the effective duration of the second key according to the key generation rule.
7. A method for processing a communication key, comprising:
the method comprises the steps that a key center obtains parameter information of a first key, wherein the first key is used for encryption and decryption of communication between target objects, the first key is also used for returning to the target objects under the condition that the target objects send communication key requests, and the target objects comprise first objects and second objects;
under the condition that the parameter information of the first key meets a preset condition, the key center acquires a second key, wherein the second key is used for encrypting and decrypting communication between the target objects;
the key center receives a communication key request sent by the first object and returns the second key to the first object;
the first object encrypts communication content by using the second key to obtain transmission data, and sends the transmission data to the second object;
the second object sends a communication key request to the key center and receives the second key returned by the key center under the condition that the transmission data cannot be decrypted by using the first key;
and the second object decrypts the transmission data by using the second key to obtain the communication content.
8. A communication key processing apparatus, comprising:
the device comprises a first obtaining module, a first encryption module and a second obtaining module, wherein the first obtaining module is used for obtaining parameter information of a first secret key, the first secret key is used for encrypting and decrypting communication between target objects, and the first secret key is also used for returning to the target objects under the condition that the target objects send communication secret key requests;
a second obtaining module, configured to obtain a second key when parameter information of the first key meets a predetermined condition, where the second key is used for encryption and decryption of communication between the target objects;
and the return module is used for receiving the communication key request sent by the target object and returning the second key to the target object.
9. A non-volatile storage medium, comprising a stored program, wherein when the program is executed, a device in which the non-volatile storage medium is located is controlled to execute the communication key processing method according to any one of claims 1 to 7.
10. A processor, configured to execute a program, wherein the program executes the communication key processing method according to any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111617065.7A CN114338141A (en) | 2021-12-27 | 2021-12-27 | Communication key processing method, device, nonvolatile storage medium and processor |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111617065.7A CN114338141A (en) | 2021-12-27 | 2021-12-27 | Communication key processing method, device, nonvolatile storage medium and processor |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114338141A true CN114338141A (en) | 2022-04-12 |
Family
ID=81015896
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111617065.7A Pending CN114338141A (en) | 2021-12-27 | 2021-12-27 | Communication key processing method, device, nonvolatile storage medium and processor |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114338141A (en) |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2002217896A (en) * | 2001-01-23 | 2002-08-02 | Matsushita Electric Ind Co Ltd | Method for cipher communication and gateway device |
| CN101262331A (en) * | 2007-03-05 | 2008-09-10 | 株式会社日立制作所 | Communication content audit support system |
| CN102387500A (en) * | 2011-10-25 | 2012-03-21 | 中兴通讯股份有限公司 | Service key management method and system |
| CN102611561A (en) * | 2011-01-25 | 2012-07-25 | 中兴通讯股份有限公司 | Method and system for identifying charging or counting information of peer-to-peer network |
| CN109274494A (en) * | 2018-11-27 | 2019-01-25 | 新华三技术有限公司 | A kind of method and device of key maintenance |
| CN110535648A (en) * | 2018-05-24 | 2019-12-03 | 腾讯科技(深圳)有限公司 | Electronic certificate is generated and verified and key controlling method, device, system and medium |
| CN113056898A (en) * | 2021-02-26 | 2021-06-29 | 华为技术有限公司 | Method and device for obtaining secret key and secret key management system |
-
2021
- 2021-12-27 CN CN202111617065.7A patent/CN114338141A/en active Pending
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2002217896A (en) * | 2001-01-23 | 2002-08-02 | Matsushita Electric Ind Co Ltd | Method for cipher communication and gateway device |
| CN101262331A (en) * | 2007-03-05 | 2008-09-10 | 株式会社日立制作所 | Communication content audit support system |
| CN102611561A (en) * | 2011-01-25 | 2012-07-25 | 中兴通讯股份有限公司 | Method and system for identifying charging or counting information of peer-to-peer network |
| CN102387500A (en) * | 2011-10-25 | 2012-03-21 | 中兴通讯股份有限公司 | Service key management method and system |
| CN110535648A (en) * | 2018-05-24 | 2019-12-03 | 腾讯科技(深圳)有限公司 | Electronic certificate is generated and verified and key controlling method, device, system and medium |
| CN109274494A (en) * | 2018-11-27 | 2019-01-25 | 新华三技术有限公司 | A kind of method and device of key maintenance |
| CN113056898A (en) * | 2021-02-26 | 2021-06-29 | 华为技术有限公司 | Method and device for obtaining secret key and secret key management system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10785019B2 (en) | Data transmission method and apparatus | |
| CN109714185B (en) | Strategy deployment method, device and system of trusted server and computing system | |
| US20180219688A1 (en) | Information Transmission Method and Mobile Device | |
| CN110661748B (en) | Log encryption method, log decryption method and log encryption device | |
| CN112989426B (en) | Authorization authentication method and device, and resource access token acquisition method | |
| CN112822177B (en) | Data transmission method, device, equipment and storage medium | |
| CN112564887A (en) | Key protection processing method, device, equipment and storage medium | |
| CN108650302A (en) | A kind of cloud case safe practice based on block chain | |
| CN112400299A (en) | Data interaction method and related equipment | |
| CN114465803A (en) | Object authorization method, device, system and storage medium | |
| US10432596B2 (en) | Systems and methods for cryptography having asymmetric to symmetric key agreement | |
| WO2024021958A1 (en) | Communication processing method and system, client, communication server and supervision server | |
| CN113067816A (en) | Data encryption method and device | |
| CN110912683B (en) | Password storage method and device and password verification method and device | |
| CN109412788B (en) | Anti-quantum computing agent cloud storage security control method and system based on public key pool | |
| CN109600631B (en) | Video file encryption and publishing method and device | |
| CN111246407A (en) | Data encryption and decryption method and device for short message transmission | |
| CN113452513B (en) | Key distribution method, device and system | |
| CN114338141A (en) | Communication key processing method, device, nonvolatile storage medium and processor | |
| CN109302283B (en) | Anti-quantum computing agent cloud storage method and system based on public asymmetric key pool | |
| CN112468291A (en) | Method, device and system for synchronizing sensitive data, computer equipment and computer readable storage medium | |
| CN114448609A (en) | Group key management method, device, related equipment and storage medium | |
| KR20150101896A (en) | System and method for data sharing of intercloud enviroment | |
| CN110210236B (en) | Data association method and device | |
| US11201732B1 (en) | Private and public key exchange method preventing man-in-the-middle attack without electronic certificate and digital signature |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |