CN115361222A - Communication processing method, device and system - Google Patents

Communication processing method, device and system Download PDF

Info

Publication number
CN115361222A
CN115361222A CN202211033279.4A CN202211033279A CN115361222A CN 115361222 A CN115361222 A CN 115361222A CN 202211033279 A CN202211033279 A CN 202211033279A CN 115361222 A CN115361222 A CN 115361222A
Authority
CN
China
Prior art keywords
message
key
reading
sending
fragment
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202211033279.4A
Other languages
Chinese (zh)
Other versions
CN115361222B (en
Inventor
巫鹏涛
徐晟�
徐伟南
徐欣
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hangzhou Ansiyuan Technology Co ltd
Original Assignee
Hangzhou Ansiyuan Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hangzhou Ansiyuan Technology Co ltd filed Critical Hangzhou Ansiyuan Technology Co ltd
Priority to CN202211033279.4A priority Critical patent/CN115361222B/en
Publication of CN115361222A publication Critical patent/CN115361222A/en
Application granted granted Critical
Publication of CN115361222B publication Critical patent/CN115361222B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/02Details
    • H04L12/16Arrangements for providing special services to substations
    • H04L12/18Arrangements for providing special services to substations for broadcast or conference, e.g. multicast
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/065Network architectures or network communication protocols for network security for supporting key management in a packet data network for group communications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/085Secret sharing or secret splitting, e.g. threshold schemes

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

The disclosure relates to a communication processing method, a communication processing device and a communication processing system, and relates to the technical field of information security. The communication processing method comprises the following steps: generating a message sending private key, a message reading private key, a message sending public key and a message reading public key of the group chat, wherein the message sending private key and the message reading private key are not stored in a plaintext mode; respectively encrypting a message sending private key and a message reading private key by using a message sending protection key and a message reading protection key; respectively executing a threshold encryption algorithm on the message sending protection key and the message reading protection key; encrypting the message sending key fragments and the message reading key fragments respectively to obtain a plurality of message sending encryption fragments and a plurality of message reading encryption fragments; and sending and storing the encrypted message sending private key, the encrypted message reading private key, the plurality of message sending encryption fragments and the plurality of message reading encryption fragments to the communication server. The technical scheme of the disclosure can improve the communication safety.

Description

Communication processing method, device and system
Technical Field
The present disclosure relates to the field of information security technologies, and in particular, to a communication processing method, a communication processing apparatus, a communication processing system, an electronic device, and a non-volatile computer-readable storage medium.
Background
With the development of society, people pay more and more attention to privacy problems of personal data, and communication products based on an end-to-end encryption technology are used by more users. Theoretically, the concept of end-to-end encryption is that users can communicate ciphertext, communication contents are ciphertext and can not be decrypted for communication service providers and network service providers, and users of two parties only receiving and sending messages can see chat data in plaintext at a client.
In the related art, in order to facilitate system design, a communication service provider may design the whole encrypted communication system in a manner that a service side holds a key instead.
Disclosure of Invention
The inventors of the present disclosure found that the following problems exist in the related art described above: the client cannot safely store the key, so that the safety encryption and decryption of information cannot be guaranteed under the conditions of key loss, password change and the like, and the communication safety is reduced.
In view of this, the present disclosure provides a communication processing technical solution, which can improve communication security.
According to some embodiments of the present disclosure, there is provided a communication processing method, performed by a client, including: generating a message sending private key, a message reading private key, a message sending public key and a message reading public key of the group chat, wherein the message sending private key and the message reading private key are not stored in a plaintext mode; encrypting the message sending private key by using the message sending protection key to obtain an encrypted message sending private key, encrypting the message reading private key by using the message reading protection key to obtain an encrypted message reading private key, wherein the message sending protection key and the message reading protection key are non-reproducible randomly generated keys generated by the client; executing a threshold encryption algorithm on the message sending protection key to obtain a plurality of message sending key fragments, executing the threshold encryption algorithm on the message reading protection key to obtain a plurality of message reading key fragments, wherein at least a preset number of message sending key fragments are required for restoring the message sending protection key, and at least a preset number of message reading key fragments are required for restoring the message reading protection key; encrypting the plurality of message sending key fragments to obtain a plurality of message sending encryption fragments, and encrypting the plurality of message reading key fragments to obtain a plurality of message reading encryption fragments, wherein the plurality of message sending encryption fragments comprise first message sending encryption fragments obtained by encrypting through a user side key which cannot be sensed by a communication service terminal, and the plurality of message reading encryption fragments comprise first message reading encryption fragments obtained by encrypting through the user side key which cannot be sensed by the communication service terminal; the encrypted message sending private key, the encrypted message reading private key, the multiple message sending encryption fragments and the multiple message reading encryption fragments are sent and stored to a communication service end, the message sending encryption fragments larger than or equal to a preset number cannot be decrypted by the communication service end, the encrypted message sending private key, the encrypted message reading private key and the message sending encryption fragments at least in the preset number are used for reducing the message sending private key and the message reading private key in a terminal memory of a user participating in group chat through a message sending protection key and a message reading protection key which are reduced according to a user side key, the message sending private key and the message reading public key are used for encrypting a message sent from the terminal, and the message reading private key and the message sending public key are used for decrypting an encrypted message which is received by the user terminal and is obtained by encrypting the message sending private key and the message reading public key.
In some embodiments, the plurality of message sending key fragments include a first message sending key fragment and a second message sending key fragment, the plurality of message reading key fragments include a first message reading key fragment and a second message reading key fragment, the encrypting the plurality of message sending key fragments to obtain the plurality of message sending encryption fragments, the encrypting the plurality of message reading key fragments to obtain the plurality of message reading encryption fragments includes: when the group chat is a non-public group chat, the public key of a group administrator of the group chat is utilized to carry out asymmetric encryption on the first sending message key fragment and the first reading message key fragment to obtain a first sending message encryption fragment ciphertext and a first reading message key fragment ciphertext; and carrying out asymmetric encryption on the second message sending key fragment and the second message reading key fragment by using the public key of the communication server to obtain a second message sending encryption fragment ciphertext and a second message reading key fragment ciphertext.
In some embodiments, encrypting the plurality of message sending key fragments to obtain a plurality of message sending encryption fragments, and encrypting the plurality of message reading key fragments to obtain a plurality of message reading encryption fragments comprises: under the condition that the group chat is public group chat, generating a symmetric encryption key by using random seed data according to a random password generation method, wherein the symmetric encryption key can be recovered according to the random seed data; encrypting the first send message key fragment and the first read message key fragment by using the symmetric encryption key to obtain a first send message encryption fragment ciphertext and a first read message key fragment ciphertext; the communication processing method further includes: and sending the random seed data to a communication server for storage.
In some embodiments, the communication processing method further comprises: under the condition that a user is allowed to join the non-public group chat, decrypting the first message sending encryption fragment ciphertext and the first message reading key fragment ciphertext by using a private key of a group administrator to obtain a first message sending key fragment and a first message reading key fragment; the method comprises the steps that a public key of a user is utilized to carry out asymmetric encryption on a first sending message key fragment and a first reading message key fragment to obtain an encrypted first sending message key fragment and an encrypted first reading message key fragment; and sending the first sending message key fragment and the encrypted first reading message key fragment to a communication service terminal for storage, so that the communication service terminal sends the first sending message key fragment, the encrypted first reading message key fragment, the second sending message key fragment, the second reading message key fragment, the encrypted sending message private key, the encrypted reading message private key, the sending message public key and the reading message public key to a terminal of a user.
In some embodiments, the message private key and the read message private key are decrypted by: decrypting the first message sending encryption fragment ciphertext and the first message reading key fragment ciphertext by using a private key of a user to obtain a first message sending key fragment and a first message reading key fragment; restoring a message sending protection key by using the first message sending key fragment and the second message sending key fragment, and restoring a message reading protection key by using the first message reading key fragment and the second message reading key fragment; and respectively decrypting the encrypted message sending private key and the encrypted message reading private key by using the message sending protection key and the message reading protection key to obtain the message sending private key and the message reading private key.
In some embodiments, the message private key and the read message private key are decrypted by: generating a symmetric encryption key at a terminal of a user by using random seed data, wherein the random seed data is acquired from a communication service end when the user joins in group chat; decrypting the first send message encryption fragment ciphertext and the first read message key fragment ciphertext by using the symmetric encryption key to obtain a first send message key fragment and a first read message key fragment; restoring a message sending protection key by using the first message sending key fragment and the second message sending key fragment, and restoring a message reading protection key by using the first message reading key fragment and the second message reading key fragment; and respectively decrypting the encrypted message sending private key and the encrypted message reading private key by using the message sending protection key and the message reading protection key to obtain the message sending private key and the message reading private key.
In some embodiments, the communication processing method further comprises: when the group chat is changed from public group chat to non-public group chat, recovering the symmetric encryption key by using random seed data according to a random password generation method; decrypting the first message sending encryption fragment ciphertext and the first message reading key fragment ciphertext by using the symmetric encryption key to obtain a first message sending key fragment and a first message reading key fragment; the method comprises the steps that a public key of a group administrator of the group chat is used for carrying out asymmetric encryption on a first message sending key fragment and a first message reading key fragment to obtain the first message sending key fragment and the first message reading key fragment which are asymmetrically encrypted; decrypting the asymmetrically encrypted first message sending key fragment and the first message reading key fragment under the condition that a group administrator agrees to add a new user into a group chat application to obtain the first message sending key fragment and the first message reading key fragment; and carrying out asymmetric encryption on the first message sending key fragment and the first message reading key fragment by using the public key of a new user.
In some embodiments, the communication processing method further comprises: when the group chat is changed from the non-public group chat to the public group chat, decrypting the first message sending encryption fragment ciphertext and the first message reading key fragment ciphertext by using a private key of a group administrator to obtain a first message sending key fragment and a first message reading key fragment; generating a symmetric encryption key by using random seed data according to a random password generation method; symmetrically encrypting the first message sending key fragment and the first message reading key fragment by using a symmetric encryption key to obtain the symmetrically encrypted first message sending key fragment and first message reading key fragment; storing the symmetrically encrypted first sending message key fragment and first reading message key fragment in group information of group chat; under the condition that a new user applies to join the group chat, recovering the symmetric encryption key by using random seed data according to a random password generation method; decrypting the symmetrically encrypted first send message key fragment and the first read message key fragment by using the symmetric encryption key; and encrypting the first sending message key fragment and the first reading message key fragment by using the public key of the new user and then storing the encrypted first sending message key fragment and the encrypted first reading message key fragment in the group information of the new user.
In some embodiments, the communication processing method further comprises: and determining whether to allow the user to acquire a private key for sending the message according to whether the user participating in the group chat has the authority for sending the message in the group chat.
In some embodiments, generating the private messaging key, the private read message key, the public messaging key, and the public read message key for the group chat includes: in case that a group administrator of the group chat creates the group chat, a message private key, a message read private key, a message sent public key, and a message read public key are generated locally at a client of the group administrator.
In some embodiments, the user-side key comprises at least one of a personal password, a gesture password, a digital certificate, and a preset picture feature of the user.
In some embodiments, the communication processing method further comprises: generating a new message sending protection key and a new message reading protection key under the condition that a group administrator performs group entry identity verification again on more than a threshold number of group members, or a plurality of message sending key fragments or a plurality of message reading key fragments are leaked; re-encrypting the message sending private key by using the new message sending protection key, and re-encrypting the message reading private key by using the message reading protection key; and carrying out fragmentation processing and encryption processing on the new message sending protection key and the new read message protection key again.
According to another embodiment of the present disclosure, a communication processing method, executed by a communication server, includes: and receiving and storing the encrypted message sending private key, the encrypted message reading private key, the plurality of message sending encryption fragments and the plurality of message reading encryption fragments from the client, wherein the encrypted message sending private key, the encrypted message reading private key, the plurality of message sending encryption fragments and the plurality of message reading encryption fragments are obtained by the communication processing method executed by the client in any embodiment.
According to still other embodiments of the present disclosure, there is provided a communication processing apparatus, provided at a client, including: the generating unit is used for generating a message sending private key, a message reading private key, a message sending public key and a message reading public key of the group chat, wherein the message sending private key and the message reading private key are not stored in a plaintext mode; the encryption unit is used for encrypting the message sending private key by using the message sending protection key to obtain an encrypted message sending private key, encrypting the message reading private key by using the message reading protection key to obtain an encrypted message reading private key, and encrypting a plurality of message sending key fragments to obtain a plurality of message sending encryption fragments by using the message sending protection key and the message reading protection key as a non-reproducible randomly generated key generated by the client; the fragmentation unit is used for executing a threshold encryption algorithm on the message sending protection key to obtain a plurality of message sending key fragments, executing the threshold encryption algorithm on the message reading protection key to obtain a plurality of message reading key fragments, wherein at least a preset number of message sending key fragments are required for restoring the message sending protection key, and at least a preset number of message reading key fragments are required for restoring the message reading protection key; the sending unit is used for sending and storing the encrypted message sending private key, the encrypted message reading private key, the plurality of message sending encryption fragments and the plurality of message reading encryption fragments to the communication service terminal, the message sending encryption fragments larger than or equal to the preset number cannot be decrypted by the communication service terminal, the encrypted message sending private key, the encrypted message reading private key and the message sending encryption fragments with at least the preset number are used for reducing the message sending private key and the message reading private key in a terminal memory of a user participating in group chat through a message sending protection key and a message reading protection key which are reduced according to a user side key, the message sending private key and the message reading public key are used for encrypting a message sent from the terminal, and the message reading private key and the message sending public key are used for decrypting an encrypted message received by the user terminal and obtained by encrypting the message sending private key and the message reading public key.
In some embodiments, the plurality of messaging key fragments comprises a first messaging key fragment and a second messaging key fragment, and the plurality of read message key fragments comprises a first read message key fragment and a second read message key fragment. The encryption unit asymmetrically encrypts the first message sending key fragment and the first message reading key fragment by using a public key of a group administrator of the group chat under the condition that the group chat is a non-public group chat to obtain a first message sending encryption fragment ciphertext and a first message reading key fragment ciphertext; and carrying out asymmetric encryption on the second message sending key fragment and the second read message key fragment by using the public key of the communication service terminal to obtain a second message sending encryption fragment ciphertext and a second read message key fragment ciphertext.
In some embodiments, the encryption unit generates a symmetric encryption key using random seed data according to a random password generation method when the group chat is the public group chat, the symmetric encryption key being recoverable according to the random seed data; encrypting the first send message key fragment and the first read message key fragment by using the symmetric encryption key to obtain a first send message encryption fragment ciphertext and a first read message key fragment ciphertext; and the sending unit sends the random seed data to the communication server for storage.
In some embodiments, the communication processing apparatus further comprises: the decryption unit is used for decrypting the first message sending encryption fragment ciphertext and the first message reading key fragment ciphertext by using a private key of a group administrator under the condition that a user is allowed to join the non-public group chat to obtain a first message sending key fragment and a first message reading key fragment; the encryption unit carries out asymmetric encryption on the first sending message key fragment and the first reading message key fragment by using a public key of a user to obtain an encrypted first sending message key fragment and an encrypted first reading message key fragment; the fragmentation unit sends the first sending message key fragmentation and the encrypted first reading message key fragmentation to the communication service terminal for storage, so that the communication service terminal issues the first sending message key fragmentation, the encrypted first reading message key fragmentation, the second sending message key fragmentation, the second reading message key fragmentation, the encrypted sending message private key, the encrypted reading message private key, the sending message public key and the reading message public key to a terminal of a user.
In some embodiments, the message sending private key and the message reading private key are decrypted by: decrypting the first message sending encryption fragment ciphertext and the first message reading key fragment ciphertext by using a private key of a user to obtain a first message sending key fragment and a first message reading key fragment; restoring a message sending protection key by using the first message sending key fragment and the second message sending key fragment, and restoring a message reading protection key by using the first message reading key fragment and the second message reading key fragment; and respectively decrypting the encrypted message sending private key and the encrypted message reading private key by using the message sending protection key and the message reading protection key to obtain the message sending private key and the message reading private key.
In some embodiments, the message sending private key and the message reading private key are decrypted by: generating a symmetric encryption key at a terminal of a user by using random seed data, wherein the random seed data is obtained from a communication service terminal when the user joins in group chat; decrypting the first send message encryption fragment ciphertext and the first read message key fragment ciphertext by using the symmetric encryption key to obtain a first send message key fragment and a first read message key fragment; reducing the message sending protection key by using the first message sending key fragment and the second message sending key fragment, and reducing the message reading protection key by using the first message reading key fragment and the second message reading key fragment; and respectively decrypting the encrypted message sending private key and the encrypted message reading private key by using the message sending protection key and the message reading protection key to obtain the message sending private key and the message reading private key.
In some embodiments, the generating unit recovers the symmetric encryption key using the random seed data according to a random password generation method in a case where the group chat is changed from the public group chat to the non-public group chat; the decryption unit decrypts the first message sending encryption fragment ciphertext and the first message reading key fragment ciphertext by using the symmetric encryption key to obtain a first message sending key fragment and a first message reading key fragment; the encryption unit asymmetrically encrypts the first message sending key fragment and the first message reading key fragment by using a public key of a group administrator of the group chat to obtain the asymmetrically encrypted first message sending key fragment and first message reading key fragment; the decryption unit decrypts the asymmetrically encrypted first message sending key fragment and the first message reading key fragment under the condition that the group administrator agrees to add a new user into the group chat application, and obtains the first message sending key fragment and the first message reading key fragment; the encryption unit asymmetrically encrypts the first send message key fragment and the first read message key fragment by using the public key of the new user.
In some embodiments, the decryption unit decrypts the first origination message encryption fragment ciphertext and the first read message key fragment ciphertext by using a private key of a group administrator when the group chat is changed from the non-public group chat to the public group chat, to obtain the first origination message key fragment and the first read message key fragment; the generating unit generates a symmetric encryption key by using random seed data according to a random password generating method; the encryption unit symmetrically encrypts the first message sending key fragment and the first message reading key fragment by using a symmetric encryption key to obtain the symmetrically encrypted first message sending key fragment and first message reading key fragment; the communication processing apparatus further includes: a storage unit, configured to store the first sending message key fragment and the first reading message key fragment, which are symmetrically encrypted, in group information of the group chat; under the condition that a new user applies to join the group chat, the generating unit recovers the symmetric encryption key by using random seed data according to a random password generating method; decrypting the symmetrically encrypted first message sending key fragment and the first message reading key fragment by using the symmetric encryption key; the encryption unit encrypts the first message sending key fragment and the first message reading key fragment by using a public key of a new user, and then the storage unit stores the first message sending key fragment and the first message reading key fragment in the group information of the new user.
In some embodiments, the communication processing apparatus further comprises: and the judging unit is used for determining whether the user is allowed to obtain the message sending private key or not according to whether the user participating in the group chat has the authority of sending the message in the group chat.
In some embodiments, the generating unit generates the private message sending key, the private message reading key, the public message sending key, and the public message reading key locally at a client of the group administrator in case that the group administrator of the group chat creates the group chat.
In some embodiments, the user-side key comprises at least one of a personal password, a gesture password, a digital certificate, and a preset picture feature of the user.
In some embodiments, the generating unit generates a new message sending protection key and a new message reading protection key when the group administrator performs the group entry identity audit on more than a threshold number of group members, or a plurality of message sending key fragments or a plurality of message reading key fragments are leaked; the encryption unit re-encrypts the message sending private key by using the new message sending protection key and re-encrypts the message reading private key by using the message reading protection key; and the fragmentation unit and the encryption unit perform fragmentation processing and encryption processing again on the new message sending protection key and the new message reading protection key.
According to still other embodiments of the present disclosure, there is provided a communication processing apparatus, provided at a communication service end, including: a receiving unit, configured to receive an encrypted message sending private key, an encrypted message reading private key, multiple message sending encryption fragments, and multiple message reading encryption fragments from a client, where the encrypted message sending private key, the encrypted message reading private key, the multiple message sending encryption fragments, and the multiple message reading encryption fragments are obtained through a communication processing method executed by the client in any of the embodiments; and the storage unit is used for storing the encrypted message sending private key, the encrypted message reading private key, the plurality of message sending encryption fragments and the plurality of message reading encryption fragments.
According to still further embodiments of the present disclosure, there is provided a communication processing system including: a communication processing device of the client, configured to execute the communication processing method of the client in any of the above embodiments; the communication processing device of the communication server is used for executing the communication processing method of the server in any one of the embodiments.
According to still further embodiments of the present disclosure, there is provided an electronic device including: a memory; and a processor coupled to the memory, the processor configured to perform the communication processing method of any of the above embodiments based on instructions stored in the memory device.
According to still further embodiments of the present disclosure, there is provided a non-transitory computer-readable storage medium having stored thereon a computer program which, when executed by a processor, implements the communication processing method in any of the above embodiments.
In the above embodiment, the client encrypts the generated group chat private key by using the protection key, and encrypts each segment after segmenting the protection key. Therefore, the communication service provider can not decrypt the information without the client password, and the client can modify the password at will without influencing normal encrypted communication and historical information check, thereby ensuring the safe encryption and decryption of the information and improving the communication safety.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments of the disclosure and together with the description, serve to explain the principles of the disclosure.
The present disclosure may be more clearly understood from the following detailed description, taken with reference to the accompanying drawings, in which:
fig. 1 illustrates a flow diagram of some embodiments of a communication processing method of the present disclosure;
fig. 2 illustrates a schematic diagram of some embodiments of a communication processing method of the present disclosure;
FIG. 3 illustrates a flow diagram of further embodiments of a communication processing method of the present disclosure;
fig. 4a, 4b illustrate block diagrams of some embodiments of communication processing devices of the present disclosure;
fig. 5 illustrates a block diagram of some embodiments of an electronic device of the present disclosure;
FIG. 6 shows a block diagram of further embodiments of the electronic device of the present disclosure;
fig. 7 illustrates a block diagram of some embodiments of a communication processing system of the present disclosure.
Detailed Description
Various exemplary embodiments of the present disclosure will now be described in detail with reference to the accompanying drawings. It should be noted that: the relative arrangement of parts and steps, numerical expressions and numerical values set forth in these embodiments do not limit the scope of the present disclosure unless specifically stated otherwise.
Meanwhile, it should be understood that the sizes of the respective portions shown in the drawings are not drawn in an actual proportional relationship for the convenience of description.
The following description of at least one exemplary embodiment is merely illustrative in nature and is in no way intended to limit the disclosure, its application, or uses.
Techniques, methods, and apparatus known to one of ordinary skill in the relevant art may not be discussed in detail, but are intended to be part of the specification where appropriate.
In all examples shown and discussed herein, any particular value should be construed as exemplary only and not as limiting. Thus, other examples of the exemplary embodiments may have different values.
It should be noted that: like reference numbers and letters refer to like items in the following figures, and thus, once an item is defined in one figure, it need not be discussed further in subsequent figures.
As described above, although the implementation of the server-side key-holding scheme is relatively simple, the scheme may face technical problems of difficulty in server-side information disclosure, control of opacity, and the like. Overall, this approach does not comply with the definition of end-to-end encryption.
The adoption of a server side to hold the key is mainly affected by technical problems in several aspects: how to safely store the key and handle the condition of key loss by the client; if the client needs to change the password, the server does not have a key, so that the synchronous updating of the information and the decryption of the historical information are ensured; under the condition that a server side has no secret key, how to ensure that information transmission can support multi-terminal login and multi-terminal synchronization of history information.
In view of the above technical problems, the technical solution of the present disclosure can achieve the following objects.
1. Client-to-client encryption. For example, the a client encrypts the message, and the ciphertext message reaches the B client after encrypted transmission, and is decrypted at the B client. The encryption and decryption processes are all finished on the server side, the server side only serves as a transmission channel without knowing the specific process, and the server side stores the information as the encrypted information.
2. The communication service provider cannot decrypt the information without the client password. For example, communication service providers only provide software and hardware service capability and encrypted information storage capability required for timely communication, but communication service providers and software developers cannot decrypt messages without client passwords for ciphertext data of users to obtain original texts of the messages.
3. And multiple devices can log in the same account to send and receive information and synchronize historical information in real time.
4. The client can modify the password at will. Users can flexibly switch chat equipment and modify personal password information, and normal encrypted communication and historical information viewing cannot be influenced.
For example, the technical solutions of the present disclosure can be realized by the following embodiments.
Fig. 1 illustrates a flow diagram of some embodiments of a communication processing method of the present disclosure.
As shown in fig. 1, in step 110, a message sending private key, a message reading private key, a message sending public key, and a message reading public key of the group chat are generated, and the message sending private key and the message reading private key are not stored in a plain text manner.
In some embodiments, where a group administrator of the group chat creates the group chat, the private message sending key, the private message reading key, the public message sending key, and the public message reading key are generated locally at a client of the group administrator.
For example, when a group administrator creates a group, a public-private key pair for use in group encrypted communications is generated locally at the group administrator's clients. Because there are two scenarios of message reading and message sending in the group chat process, two sets of key pairs, namely, a message sending key pair and a message reading key pair, can be generated here. For example, a key pair may be generated by using a double-ratchet key generation method, and the key pair may be composed of several sets of asymmetric encryption keys.
For example, when the user a issues a message in a group chat, the user a needs to encrypt the message original text by using a private key for sending the message and a public key for receiving the message in a group key pair. For example, the encryption may be performed using an X3DH scheme. When a user B, a user C and the like in the group check and receive the ciphertext message of the user A, the ciphertext message needs to be decrypted by using a message receiving private key and a message sending public key in the group key to obtain a message original text.
For example, the key pair for group chat is generated at the client of the group owner only when the group owner creates the group chat, and the server cannot perceive the generation rule and replay the group key in any way.
In some embodiments, the encryption key is generated by the client. For example, when a user or group is created at registration, a one-time non-replayable asymmetrically encrypted public-private key pair is generated by a client. The public key is used for encrypting the message before the message sender sends the message, and the private key is used for decrypting the message. Hereafter referred to as public key, privateKey (here implementation may be a combination of multiple public and private keys to ensure higher security, and subsequently a principle is simplified by a pair of public and private keys).
For example, a single-to-single chat may exchange public keys with each other; for group chat, it can be understood that a public and private key pair of a pair of group chat is also provided when the group chat is created, a public key of the group chat corresponds to the public key of the group chat and can be used for group messaging, a private key of the group chat can be used for checking group messages, and a group owner or authorized personnel distributes the group public and private keys to realize end-to-end secure communication of the group messages.
In some embodiments, the client implements end-to-end single chat information encryption. For example, when an account is created by a client a and a client B, a pair of asymmetric encryption keys, denoted as pubikk key _ a and PrivateKey _ a, and pubikk key _ B and PrivateKey _ B, is generated for a and B by the two parties a and B of the session, respectively.
When a user A needs to send a message to a user B, the user A and the user B need to exchange public keys with each other (for example, a friend adding process) first; then, the client A encrypts the chat information by using the public key PublicKey _ B of the client B and the private key PrivateKey _ A of the user A; then, the ciphertext is sent to a user (a secure transmission layer protocol scheme which can use transmission encryption and does not influence content encryption) B through a communication service provider; after receiving the message, the user B decrypts the message by using the private key PrivateKey _ B of the user B and the public key PublickKey _ A of the user A on the client side of the user B. The key to the overall process is how to protect PrivateKey _ a and PrivateKey _ B.
In some embodiments, the client implements end-to-end group chat information encryption. For example, a group Q is currently created, and two pairs of public and private keys, denoted as public key _ QS and PrivateKey _ QR, and public key _ QR and PrivateKey _ QS, are generated for the group by using an asymmetric encryption algorithm when the group is created.
For example, similar to single chat, when a group Q sends information, it is encrypted with PublicKey _ QS and PrivateKey _ QS; group Q receiving and reading messages are decrypted by using PublickKey _ QR and PrivateKey _ QR; when any member is invited to join the group, the member is given two pairs of 4 keys for use in sending and receiving information.
Therefore, it is essential for the group to protect the two keys publickey _ QR and PrivateKey _ QR associated with the read information, but it is also possible to protect the other two keys for sending information.
In step 120, the message sending private key is encrypted by using the message sending protection key to obtain an encrypted message sending private key, the message reading private key is encrypted by using the message reading protection key to obtain an encrypted message reading private key, and the message sending protection key and the message reading protection key are non-reproducible randomly generated keys generated by the client.
In some embodiments, the key is encrypted symmetrically. For a Key needing to be protected, when the Key is generated at a client for the first time, using a specified symmetric encryption method, and generating an RBK (Recovery Bundle Key) through random salt; and symmetrically encrypting the private key of the user by using the RBK, and recording the encryption result as RBK _ Encrypt.
Because it is a specified symmetric encryption algorithm, when the algorithm is solved, the protected key can be decrypted if the RBK is in possession. Therefore, the RBK can not be obtained and stored externally, and the RBK _ Encrypt needs to be uploaded to a server for storage.
In some embodiments, decryption is performed in memory. For example, it is only possible for the original key to appear in memory. For the key and the RBK which need to be protected, the disk is not allowed to be dropped at the client, and the key and the RBK are recovered in the memory through the RBK when the key and the RBK are needed to be used and then destroyed after the key and the RBK are used. For example, a decryption call of symmetric encryption can be written in the call part as a function parameter, so that the memory for storing the key falls in the temporary stack area, thereby increasing the local cracking difficulty.
In step 130, a threshold encryption algorithm is performed on the message sending protection key to obtain a plurality of message sending key fragments, and a threshold encryption algorithm is performed on the message reading protection key to obtain a plurality of message reading key fragments. The message sending key fragments with at least the preset number are required for restoring the message sending protection key, and the message reading key fragments with at least the preset number are required for restoring the message reading protection key.
In some embodiments, the RBK is subject to encryption threshold splitting. For example, the RBK is split by using a key and a threshold splitting class algorithm, and the RBK is split into N parts of fragments; when the RBK needs to be unlocked, original keys can be recovered only by providing P (2 & lt P & lt N & gt) shares of key fragments. For example, P is the key reconstruction threshold. N and P can be set by themselves and P is at least 2.
For example, the total number N of fragments may be set to 3, or may be set to a larger number to support other scenarios such as decryption, multi-server service, etc., supervision scenarios, etc. The threshold P is set to be 2, namely the RBK is divided into 3 parts which are respectively RBK _1, RBK _2 and RBK _3 (can be discarded), when in use, only two fragments are needed to restore the RBK, and then the RBK is restored from RBK _ Encrypt to a secret key for use.
For example, unlike keys and RBKs, RBK _1, RBK _2 are preserved, but require encryption to prevent 2 fragments from being held at the same time causing leakage, especially the communication service provider cannot own 2 original fragments.
For example, two RBKs (such as a message sending protection key and a message reading protection key) are randomly generated, and a message receiving private key and a message sending private key of the group chat are symmetrically encrypted by using the RBKs; and carrying out threshold splitting on the RBKs of the two private keys. For example, it is set that the RBK has more than a threshold number of fragments to restore the original RBK (e.g., two fragments).
In step 140, the plurality of message sending key fragments are encrypted to obtain a plurality of message sending encryption fragments, and the plurality of message reading key fragments are encrypted to obtain a plurality of message reading encryption fragments. The plurality of message sending encryption fragments comprise a first message sending encryption fragment obtained by encrypting a user side key which cannot be perceived by a communication service terminal, and the plurality of message reading encryption fragments comprise a first message reading encryption fragment obtained by encrypting the user side key which cannot be perceived by the communication service terminal.
In some embodiments, the user-side key comprises at least one of a personal password, a gesture password, a digital certificate, and a preset picture feature of the user.
In some embodiments, the plurality of messaging key fragments comprises a first messaging key fragment and a second messaging key fragment, and the plurality of read message key fragments comprises a first read message key fragment and a second read message key fragment.
In some embodiments, when the group chat is a non-public group chat, the public key of the group administrator of the group chat is used to perform asymmetric encryption on the first sending message key fragment and the first reading message key fragment to obtain a first sending message encryption fragment ciphertext and a first reading message key fragment ciphertext; and carrying out asymmetric encryption on the second message sending key fragment and the second message reading key fragment by using the public key of the communication server to obtain a second message sending encryption fragment ciphertext and a second message reading key fragment ciphertext.
For example, two fragments 1 (i.e. a first send message key fragment and a first read message key fragment) of a send-receive message are asymmetrically encrypted by using a public key in a personal key of a group owner; the public key of the server is utilized to carry out asymmetric encryption on the two fragments 2 (namely the second message sending key fragment and the second read message key); the encrypted message receiving fragment 1 ciphertext (i.e., the first message reading encryption fragment), the message sending fragment 1 ciphertext (i.e., the first message sending encryption fragment), the message receiving fragment 2 ciphertext (i.e., the second message reading encryption fragment), the message sending fragment 2 ciphertext (i.e., the second message sending encryption fragment), and the private key ciphertext and the public key of the message receiving and sending are synchronously sent to the communication service provider for storage.
In some embodiments, when a group member initiates an encrypted chat in a group chat, it is first necessary to have a messaging key pair for the group chat. Through the above process, two private keys (namely, a message receiving private key and a message sending private key) of the group chat are encrypted by the RBK, and the RBK is subjected to threshold splitting.
For example, the communication service provider has decryption capability for two segment 2, so that the communication service provider can synchronize group members; the originals of the two fragments 1 can only be unlocked by the individual private key of the group administrator. Therefore, in the above situation, the key exchange core of the group is to transmit the message sending fragment 1 and the message receiving fragment 1 to the group members safely without leakage risk.
In some embodiments, in the case that the group chat is a public group chat, generating a symmetric encryption key using random seed data according to a random password generation method, the symmetric encryption key being recoverable from the random seed data; encrypting the first message sending key fragment and the first message reading key fragment by using a symmetric encryption key to obtain a first message sending encryption fragment ciphertext and a first message reading key fragment ciphertext; and sending the random seed data to a communication server for storage.
For example, for open group chat, a group member joining the group chat does not require an administrator to approve the synchronization. There is no process described above for a group administrator to transmit keys, as compared to a private group. The key interaction for the public group can be designed as follows.
At the initial stage of group establishment of public group chat, the encryption mode of the fragment 1 can generate a group of symmetric encryption keys by using random salt through a key derivation KDF function built in a client; slice 1 is encrypted by this key. In addition to the information after the group encryption, salt used in the encryption of the segment 1 needs to be stored to the communication service provider.
After the group members join the group and the synchronous salt of the communication service provider is obtained, the same key can be generated in the encryption fragment 1 at the client by using the key derivation function; the original text of the fragment 1 can be obtained by restoring the key; through a process similar to the private group, a private key required for group messaging can be obtained, and then encrypted communication can be started.
In some embodiments, under the condition that the user is allowed to join the non-public group chat, decrypting the first messaging encryption fragment ciphertext and the first message reading key fragment ciphertext by using a private key of a group administrator to obtain a first messaging key fragment and a first message reading key fragment; the method comprises the steps that a public key of a user is utilized to carry out asymmetric encryption on a first message sending key fragment and a first message reading key fragment to obtain an encrypted first message sending key fragment and an encrypted first message reading key fragment; and sending the first sending message key fragment and the encrypted first reading message key fragment to a communication service terminal for storage, so that the communication service terminal sends the first sending message key fragment, the encrypted first reading message key fragment, the second sending message key fragment, the second reading message key fragment, the encrypted sending message private key, the encrypted reading message private key, the sending message public key and the reading message public key to a terminal of a user.
For example, there are two main ways of joining a group for a private group (i.e., non-public group chat), namely, a group administrator actively invites the group to join, and a user applies for joining and then joins the group after being approved by the group administrator. The key interaction in the above two scenarios can be designed as follows.
The group administrator decrypts the original text of the two fragments 1 of the receiving and sending message through the personal private key; the method comprises the following steps of carrying out asymmetric encryption on the original texts of the two fragments 1 through a public key of a user who actively invites or applies for joining; and sending the encrypted two segment 1 ciphertexts to a communication service provider for storage.
After the group members enter the group, the communication service provider issues the two encrypted message transmitting and receiving fragments 1, the two fragments 2 stored by the communication service provider and the public and private keys of the group message to the client of the user; the user decrypts the segment 1 ciphertext by using the personal private key to obtain a segment 1 original text; restoring to obtain two RBKs of the group protection key by utilizing the message receiving and transmitting fragment 1 and the message receiving and transmitting fragment 2; the RKB is used for decryption to obtain a private key for group message transceiving, and then encrypted communication can be started.
In some embodiments, the storage manner of the threshold encryption shard may include: if any end obtains two fragments, the RBK can be decrypted and restored, so that the RBK _1 fragment needs to be symmetrically encrypted by using the password of the user to obtain RBK _1 \/C, and the condition that the RBK _1 \/C is separated from the client and cannot be restored is ensured; RKB _2 can be encrypted by using a public key of a communication service provider to obtain RBK _2 \S, and the communication service end can restore RKB _2.
For example, RBK _1_C, RBK _2_S, and RBK _ Encrypt may all be hosted by the server storage of the communication service, and may be obtained from the communication service when needed, where the communication service may be unilaterally unable to recover the key.
For example, after receiving the RBK _2 \s, the communication service provider decrypts the RBK _2 \byusing a private key corresponding to the communication service provider, and restores the RBK _2; RBK _2 is then encrypted to RBK _2_S _Cusing the communication service provider private key. Since the communication service's public key is public to the client, future clients can decrypt RBK _2_S _Cwith the communication service's public key to restore RBK _2.
In step 150, the encrypted message sending private key, the encrypted message reading private key, the plurality of message sending encryption fragments and the plurality of message reading encryption fragments are sent and stored to the communication server.
For example, the message sending encryption fragments and the message reading encryption fragments which are greater than or equal to the preset number cannot be decrypted by the communication server.
For example, the encrypted message sending private key, the encrypted message reading private key, and at least a preset number of message sending encryption fragments and message reading encryption fragments used by a user participating in group chat restore the message sending private key and the message reading private key in a terminal memory of the user through a message sending protection key and a message reading protection key restored according to a user side key.
For example, the message private key and the message public key are used to encrypt a message sent from the terminal, and the message private key and the message public key decrypt an encrypted message received by the user terminal and encrypted by using the message private key and the message public key.
In some embodiments, the message private key and the read message private key are decrypted by: decrypting the first message sending encryption fragment ciphertext and the first message reading key fragment ciphertext by using a private key of a user to obtain a first message sending key fragment and a first message reading key fragment; restoring a message sending protection key by using the first message sending key fragment and the second message sending key fragment, and restoring a message reading protection key by using the first message reading key fragment and the second message reading key fragment; and respectively decrypting the encrypted message sending private key and the encrypted message reading private key by using the message sending protection key and the message reading protection key to obtain the message sending private key and the message reading private key.
In some embodiments, the message private key and the read message private key are decrypted by: generating a symmetric encryption key at a terminal of a user by using random seed data, wherein the random seed data is acquired from a communication service end when the user joins in group chat; decrypting the first message sending encryption fragment ciphertext and the first message reading key fragment ciphertext by using the symmetric encryption key to obtain a first message sending key fragment and a first message reading key fragment; restoring a message sending protection key by using the first message sending key fragment and the second message sending key fragment, and restoring a message reading protection key by using the first message reading key fragment and the second message reading key fragment; and respectively decrypting the encrypted message sending private key and the encrypted message reading private key by using the message sending protection key and the message reading protection key to obtain the message sending private key and the message reading private key.
In some embodiments, in a case where the group chat is changed from the public group chat to the non-public group chat, recovering the symmetric encryption key using the random seed data according to a random password generation method; decrypting the first message sending encryption fragment ciphertext and the first message reading key fragment ciphertext by using the symmetric encryption key to obtain a first message sending key fragment and a first message reading key fragment; the method comprises the steps that a public key of a group administrator of the group chat is used for carrying out asymmetric encryption on a first message sending key fragment and a first message reading key fragment to obtain the first message sending key fragment and the first message reading key fragment which are asymmetrically encrypted; decrypting the asymmetrically encrypted first message sending key fragment and the first message reading key fragment under the condition that a group administrator agrees to add a new user into a group chat application to obtain the first message sending key fragment and the first message reading key fragment; and carrying out asymmetric encryption on the first message sending key fragment and the first message reading key fragment by using the public key of a new user.
For example, when the public group chat is changed to the non-public group chat, the group administrator decrypts the encrypted segment of segment 1 by using the key derivation function and the random seed data local to the client; the segment 1 is asymmetrically encrypted by using the personal public key of the administrator; when a new member applies for group entry, the administrator is required to agree and then the fragment 1 is decrypted; and the segment 1 is asymmetrically encrypted by using the public key of the applicant.
In this way, already joined members are not affected. If the added member is abnormal, the group members can be reexamined totally or one member can be kicked out singly.
In some embodiments, when the group chat is changed from the non-public group chat to the public group chat, decrypting the first messaging encryption fragment ciphertext and the first read message key fragment ciphertext with a private key of a group administrator to obtain a first messaging key fragment and a first read message key fragment; generating a symmetric encryption key by using random seed data according to a random password generation method; symmetrically encrypting the first sending message key fragment and the first reading message key fragment by using a symmetric encryption key to obtain the symmetrically encrypted first sending message key fragment and first reading message key fragment; storing the first sending message key fragment and the first reading message key fragment which are symmetrically encrypted in group chat group information; under the condition that a new user applies to join the group chat, recovering the symmetric encryption key by using random seed data according to a random password generation method; decrypting the symmetrically encrypted first message sending key fragment and the first message reading key fragment by using the symmetric encryption key; and encrypting the first message sending key fragment and the first message reading key fragment by using the public key of the new user and then storing the encrypted first message sending key fragment and the encrypted first message reading key fragment in the group information of the new user.
For example, when the non-public group chat is changed into the public group chat, the group administrator completes decryption of the segment 1 at the client by using the personal private key; randomly generating a key through a key derivation function, and symmetrically encrypting the fragment 1; storing the encrypted fragment 1 and a random seed for key derivation into group information; when a new member applies to enter a public group, a secret key can be recovered by using a random seed derived from the secret key, and the encrypted fragment 1 is decrypted; the segment 1 is encrypted by its own public key and stored in the personal group information. In this way, already joined members are not affected.
In some embodiments, it is determined whether to allow the user to obtain the private messaging key based on whether the user participating in the group chat has the authority to send messages in the group chat.
For example, since two sets of key pairs exist in the group chat, the group member needs to possess the private message sending key of the group chat when sending the ciphertext message. Under the condition that an administrator wants to control the message sending authority of group members, the administrator can only provide a message reading private key and a message sending public key for users when entering the group; the user can only decrypt and view the ciphertext message in the group chat, and the capacity of sending the ciphertext message is unavailable.
In some embodiments, when the group administrator performs the group entry identity audit again on more than a threshold number of group members, or a plurality of message sending key fragments or a plurality of message reading key fragments are leaked, a new message sending protection key and a new message reading protection key are generated; re-encrypting the message sending private key by using the new message sending protection key, and re-encrypting the message reading private key by using the message reading protection key; and carrying out fragmentation processing and encryption processing on the new message sending protection key and the new read message protection key again.
For example, when a group administrator needs to re-check the group entry identities of most or all members in batch, or when the fragments used in group communication are leaked, the protection key of the private key of the group chat can be replaced; re-encrypting the private key of the group chat to enable the fragments taken by all members of the current group chat to be invalid; and re-executing the fragmentation and encryption steps, re-generating fragmentation and encryption operation, and re-judging whether the group members are allowed to enter the group. This operation does not affect any history reads.
Fig. 2 illustrates a schematic diagram of some embodiments of a communication processing method of the present disclosure.
As shown in fig. 2, in the implementation of the end-to-end encryption communication technology, firstly, the encryption and decryption of the message content needs to be implemented by adopting an asymmetric encryption mode. The design flow is as follows.
In some embodiments, the encryption key is generated by the client. For example, when a user or group is created at registration, a one-time non-replayable asymmetrically encrypted public-private key pair is generated by a client. The public key is used for encrypting the message before the message sender sends the message, and the private key is used for decrypting the message. Hereafter referred to as public key, privateKey (here implementation may be a combination of multiple public and private keys to ensure higher security, and subsequently a principle is simplified by a pair of public and private keys).
For example, a single-to-single chat may exchange public keys with each other; for group chat, it can be understood that a public and private key pair of a pair of group chat is also provided when creating the group chat, a public key of the group chat corresponds to the public key of the group chat and can be used for group announcement, a private key of the group chat can be used for checking group messages, and a group owner or authorized personnel distributes the group public and private keys to realize end-to-end secure communication of the group messages.
In some embodiments, the client implements end-to-end single chat information encryption. For example, when an account is created by a client a and a client B, a pair of asymmetric encryption keys, denoted as pubikk key _ a and PrivateKey _ a, and pubikk key _ B and PrivateKey _ B, is generated for a and B by the two parties a and B of the session, respectively.
When a user A needs to send a message to a user B, the user A and the user B need to exchange public keys with each other (for example, a friend adding process); then, the client A encrypts the chat information by using the public key PublicKey _ B of the client B and the private key PrivateKey _ A of the user A; then, the ciphertext is sent to a user (a safe transmission layer protocol scheme which can use transmission encryption and does not influence content encryption) B through a communication service provider; after receiving the message, the user B decrypts the message by using the private key PrivateKey _ B of the user B and the public key PublickKey _ A of the user A on the client side of the user B. The key to the overall process is how to protect PrivateKey _ a and PrivateKey _ B.
In some embodiments, the client implements end-to-end group chat information encryption. For example, a group Q is currently created, and two pairs of public and private keys, denoted as public key _ QS and PrivateKey _ QR, and public key _ QR and PrivateKey _ QS, are generated for the group by using an asymmetric encryption algorithm when the group is created.
For example, similar to single chat, when a group Q sends information, it is encrypted with PublicKey _ QS and PrivateKey _ QS; group Q receiving and reading messages are decrypted by using PublickKey _ QR and PrivateKey _ QR; when any member is invited to join the group, the member is given two pairs of 4 keys for use in sending and receiving information.
Therefore, it is essential for the group to protect the two keys publickey _ QR and PrivateKey _ QR associated with the read information, but it is also possible to protect the other two keys for sending information.
In some embodiments, the key is encrypted symmetrically. When a key needing to be protected is generated at a client for the first time, an RBK is generated by using a specified symmetric encryption method through random salt; and symmetrically encrypting the private key of the user by using the RBK, and recording an encryption result as RBK _ Encrypt.
Because of the designated symmetric encryption algorithm, when the algorithm is solved, the protected key can be decrypted if the RBK is owned. Therefore, the RBK can not be obtained and saved from the outside, and the RBK _ Encrypt needs to be uploaded to the server for saving.
In some embodiments, decryption is performed in memory. For example, it is only possible for the original key to appear in memory. For the key and the RBK which need to be protected, the disk is not allowed to be dropped at the client, and the key and the RBK are recovered in the memory through the RBK when the key and the RBK are needed to be used and then destroyed after the key and the RBK are used. For example, a decryption call of symmetric encryption may be written as a function parameter into the call part, so that the memory for storing the key falls in the temporary stack area, thereby increasing the local cracking difficulty.
In some embodiments, the RBK is subject to encryption threshold splitting. For example, the RBK is split by using a threshold splitting algorithm by using a key, and the RBK is split into N parts of fragments; when the RBK needs to be unlocked, the original key can be recovered only by providing P (2 & ltP & gt & ltN) shares of key fragments. For example, P is the key reconstruction threshold. N and P can be set by themselves and P is at least 2.
For example, the total number N of fragments may be set to 3, or may be set to a larger number to support other scenarios such as decryption, multi-server service, etc., supervision scenarios, etc. The threshold P is set to be 2, namely the RBK is divided into 3 parts which are respectively RBK _1, RBK _2 and RBK _3 (can be discarded), when in use, only two fragments are needed to restore the RBK, and then the RBK is restored from RBK _ Encrypt to a secret key for use.
For example, unlike keys and RBKs, RBK _1, RBK _2 are preserved, but require encryption to prevent 2 fragments from being held at the same time causing leakage, especially the communication service provider cannot own 2 original fragments.
In some embodiments, the storage manner of the threshold encrypted slice may include: if any end obtains two fragments, the RBK can be decrypted and restored, so that the RBK _1 fragment needs to be symmetrically encrypted by using the password of the user to obtain RBK _1 \/C, and the condition that the RBK _1 \/C is separated from the client and cannot be restored is ensured; RKB _2 can be encrypted by using a public key of a communication service provider to obtain RBK _2 \S, and the communication service end can restore RKB _2.
For example, RBK _1_C, RBK _2_S, and RBK _ Encrypt may all be hosted by the communication service's server storage and, when desired, may be obtained from the communication service, where the communication service may be unilaterally unable to recover the keys.
For example, after receiving the RBK _2 \s, the communication service provider decrypts the RBK _2 \byusing a private key corresponding to the communication service provider, and restores the RBK _2; RBK _2 is then encrypted to RBK _2_S _Cusing the communication service provider private key. Since the public key of the communication service is public to the client, future clients can decrypt RBK _2_S _Cwith the communication service public key to restore RBK _2.
In the embodiment, the security of the client key is ensured. The client side does not store the key or the RBK, and the key is restored by the memory. Therefore, the client does not have the key leakage problem. Moreover, when reverse engineering is performed at the client, a certain precaution scheme can be provided at the code level. For example, since the client cannot be in unauthorized physical contact under normal conditions, the client cannot log in without a password; moreover, the reverse engineering difficulty is very high. Therefore, the client can use the key safely.
In the above embodiment, multi-terminal messaging and history message viewing are supported. When a user logs in at different clients, the communication server can issue RBK _1 \, RBK _2 \, S \, C to the clients only by knowing the client password; the user can use the own password and the public key of the communication service provider to solve RBK _1 and RBK _2; recovering the RBK through the fragments 1 and 2; and after the private key of the RBK is obtained through decryption, the encrypted communication can be started. For history messages, because the public and private keys of asymmetric encryption are not changed, a user can pull ciphertext data of history chatting from a message service provider and decrypt the history messages locally at a client.
In the above embodiment, the user can modify the password at will. When the user modifies the password, a new RBK is generated at the client side again to generate a new RBK _ Encrypt; after the split is carried out by the threshold algorithm again, the RBK _1 is symmetrically encrypted into RBK _1 \ C by using a newly set password; the new RBK _2 is also encrypted by using the server public key to become RBK _2_S; then, a similar process is adopted to send the two ciphertext key fragments and the RBK _ Encrypt to the server agent.
Since the new two encryption fragments and RBK encryption are updated to the server of the communication service provider and the original key itself is not changed (the changed RBK is), the encrypted information of the service end is still decryptable, which does not affect the receipt of the history message and the real-time message, and the new information needs to be decrypted with a new secret.
In the above embodiment, changing the password can prevent the lost client from continuing to acquire information. Because the client can read the information every time after decrypting the encrypted fragment downloaded by the server, if the password is changed, the lost client can not restore the RBK _1 any more, so that the capability of continuously acquiring real-time and historical information is lost. If the client sets that the client needs to log in and browse, the decrypted information of the local client can not be checked even if the client is lost, and therefore the purpose of information protection is achieved.
In the above embodiment, the key keys to be protected for single chat and group chat are stored in the server by using the above procedure to encrypt the threshold fragment, and thus the end-to-end encrypted communication scheme described in the present invention can be completed. As long as the asymmetric encryption algorithm is not cracked or the client password is not leaked, the communication service provider cannot crack the client information in any way.
Fig. 3 illustrates a flow diagram of further embodiments of a communication processing method of the present disclosure.
As shown in fig. 3, the communication processing method is executed by the communication server.
In step 310, the encrypted message sending private key, the encrypted message reading private key, the multiple message sending encryption fragments, and the multiple message reading encryption fragments from the client are received, and the encrypted message sending private key, the encrypted message reading private key, the multiple message sending encryption fragments, and the multiple message reading encryption fragments are obtained by the communication processing method executed by the client in any of the above embodiments.
In step 320, the encrypted message sending private key, the encrypted message reading private key, the plurality of message sending encryption fragments and the plurality of message reading encryption fragments are stored.
Fig. 4a illustrates a block diagram of some embodiments of a communication processing apparatus of the present disclosure.
As shown in fig. 4a, the communication processing apparatus 4a, provided at the client, includes: a generating unit 41a, configured to generate a message sending private key, a message reading private key, a message sending public key, and a message reading public key of the group chat, where the message sending private key and the message reading private key are not stored in a plaintext manner; an encrypting unit 42a, configured to encrypt the message sending private key by using a message sending protection key to obtain an encrypted message sending private key, encrypt the message reading private key by using a message reading protection key to obtain an encrypted message reading private key, where the message sending protection key and the message reading protection key are non-replayable randomly generated keys generated by the client, encrypt a plurality of message sending key fragments to obtain a plurality of message sending encryption fragments, encrypt the plurality of message reading key fragments to obtain a plurality of message reading encryption fragments, where the plurality of message sending encryption fragments include a first message sending encryption fragment obtained by encrypting with a user-side key that cannot be perceived by the communication service end, and the plurality of message reading encryption fragments include a first message reading encryption fragment obtained by encrypting with a user-side key that cannot be perceived by the communication service end; the fragmentation unit 43a is configured to perform a threshold encryption algorithm on the message sending protection key to obtain a plurality of message sending key fragments, perform a threshold encryption algorithm on the message reading protection key to obtain a plurality of message reading key fragments, where at least a preset number of message sending key fragments are required for restoring the message sending protection key, and at least a preset number of message reading key fragments are required for restoring the message reading protection key; the sending unit 44a is configured to send and store the encrypted message sending private key, the encrypted message reading private key, the multiple message sending encryption fragments and the multiple message reading encryption fragments to the communication service end, where the message sending encryption fragments that are greater than or equal to the preset number and the message reading encryption fragments that cannot be decrypted by the communication service end are larger than or equal to the preset number, the encrypted message sending private key, the encrypted message reading private key and at least the preset number of message sending encryption fragments and the message reading encryption fragments that are used by the users participating in the group chat to restore the message sending private key and the message reading private key in their terminal memories by using the message sending protection key and the message reading protection key restored according to the user-side key, where the message sending private key and the message reading private key are used to encrypt messages sent from the terminal, and the message reading private key and the message sending public key decrypt encrypted messages received by the user terminal and encrypted by using the message sending private key and the message reading public key.
In some embodiments, the plurality of messaging key fragments comprises a first messaging key fragment and a second messaging key fragment, and the plurality of read message key fragments comprises a first read message key fragment and a second read message key fragment. The encrypting unit 42a asymmetrically encrypts the first origination message key fragment and the first read message key fragment by using a public key of a group administrator of the group chat when the group chat is the non-public group chat, to obtain a first origination message encrypted fragment ciphertext and a first read message key fragment ciphertext; and carrying out asymmetric encryption on the second message sending key fragment and the second read message key fragment by using the public key of the communication service terminal to obtain a second message sending encryption fragment ciphertext and a second read message key fragment ciphertext.
In some embodiments, the encryption unit 42a generates a symmetric encryption key using the random seed data according to a random password generation method in case the group chat is the public group chat, the symmetric encryption key being recoverable according to the random seed data; encrypting the first message sending key fragment and the first message reading key fragment by using a symmetric encryption key to obtain a first message sending encryption fragment ciphertext and a first message reading key fragment ciphertext; and the sending unit sends the random seed data to the communication server for storage.
In some embodiments, the communication processing apparatus 4a further includes: a decryption unit 45a, configured to decrypt the first origination message encryption fragment ciphertext and the first message reading key fragment ciphertext by using a private key of a group administrator under a condition that the user is allowed to join the non-public group chat, so as to obtain a first origination message key fragment and a first message reading key fragment; the encrypting unit 42a asymmetrically encrypts the first origination message key fragment and the first read message key fragment by using the public key of the user to obtain an encrypted first origination message key fragment and an encrypted first read message key fragment; the fragmentation unit 43a sends the first sending message key fragment and the encrypted first reading message key fragment to the communication server for storage, so that the communication server sends the first sending message key fragment, the encrypted first reading message key fragment, the second sending message key fragment, the second reading message key fragment, the encrypted sending message private key, the encrypted reading message private key, the sending message public key and the reading message public key to the terminal of the user.
In some embodiments, the message sending private key and the message reading private key are decrypted by: decrypting the first message sending encryption fragment ciphertext and the first message reading key fragment ciphertext by using a private key of a user to obtain a first message sending key fragment and a first message reading key fragment; restoring a message sending protection key by using the first message sending key fragment and the second message sending key fragment, and restoring a message reading protection key by using the first message reading key fragment and the second message reading key fragment; and respectively decrypting the encrypted message sending private key and the encrypted message reading private key by using the message sending protection key and the message reading protection key to obtain the message sending private key and the message reading private key.
In some embodiments, the message sending private key and the message reading private key are decrypted by: generating a symmetric encryption key at a terminal of a user by using random seed data, wherein the random seed data is obtained from a communication service terminal when the user joins in group chat; decrypting the first send message encryption fragment ciphertext and the first read message key fragment ciphertext by using the symmetric encryption key to obtain a first send message key fragment and a first read message key fragment; reducing the message sending protection key by using the first message sending key fragment and the second message sending key fragment, and reducing the message reading protection key by using the first message reading key fragment and the second message reading key fragment; and respectively decrypting the encrypted message sending private key and the encrypted message reading private key by using the message sending protection key and the message reading protection key to obtain the message sending private key and the message reading private key.
In some embodiments, the generating unit 41a restores the symmetric encryption key using the random seed data according to the random password generation method in a case where the group chat is changed from the public group chat to the non-public group chat; the decryption unit 45a decrypts the first origination message encryption fragment ciphertext and the first read message key fragment ciphertext using the symmetric encryption key to obtain the first origination message key fragment and the first read message key fragment; the encrypting unit 42a asymmetrically encrypts the first origination key fragment and the first read message key fragment by using a public key of a group administrator of the group chat to obtain the asymmetrically encrypted first origination key fragment and first read message key fragment; the decryption unit 45a decrypts the asymmetrically encrypted first origination key fragment and the first read message key fragment to obtain the first origination key fragment and the first read message key fragment, when the group administrator agrees to add a new user to the group chat application; the encryption unit 42a asymmetrically encrypts the first send message key fragment and the first read message key fragment using the new user's public key.
In some embodiments, the decryption unit 45a decrypts the first origination message encryption fragment ciphertext and the first read message key fragment ciphertext by using a private key of a group administrator to obtain the first origination message key fragment and the first read message key fragment when the group chat is changed from the non-public group chat to the public group chat; the generating unit 41a generates a symmetric encryption key using random seed data according to a random password generation method; the encryption unit 42a symmetrically encrypts the first message sending key fragment and the first message reading key fragment by using the symmetric encryption key to obtain the symmetrically encrypted first message sending key fragment and first message reading key fragment; the communication processing apparatus 4a further includes: a storage unit 46a, configured to store the first outgoing message key fragment and the first read message key fragment, which are symmetrically encrypted, in group information of the group chat; under the condition that a new user applies for joining the group chat, according to a random password generation method, the generation unit 41a recovers the symmetric encryption key by using random seed data; decrypting the symmetrically encrypted first message sending key fragment and the first message reading key fragment by using the symmetric encryption key; after the encryption unit 42a encrypts the first send message key fragment and the first read message key fragment with the public key of the new user, the storage unit 46a stores them in the group information of the new user.
In some embodiments, the communication processing apparatus 4a further includes: the judging unit 47a is configured to determine whether to allow the user to obtain a private key for sending a message according to whether the user participating in the group chat has the authority to send the message in the group chat.
In some embodiments, the generating unit 41a generates the send message private key, the read message private key, the send message public key, and the read message public key locally to a client of the group administrator in a case where the group administrator of the group chat creates the group chat.
In some embodiments, the user-side key comprises at least one of a personal password, a gesture password, a digital certificate, and a preset picture feature of the user.
In some embodiments, the generating unit 41a generates a new messaging protection key and a new read message protection key when the group administrator performs the entry identity audit again on more than a threshold number of group members, or a plurality of messaging key fragments or a plurality of read message key fragments are leaked; the encryption unit 42a re-encrypts the message private key with the new message protection key and re-encrypts the message read private key with the message read protection key; the fragmentation unit 43a and the encryption unit 42a re-perform the fragmentation processing and the encryption processing on the new transmission message protection key and the new read message protection key.
Fig. 4b illustrates a block diagram of some embodiments of a communication processing apparatus of the present disclosure.
As shown in fig. 4b, the communication processing apparatus 4b is provided at the communication server, and includes: a receiving unit 41b, configured to receive the encrypted message sending private key, the encrypted message reading private key, the multiple message sending encryption fragments, and the multiple message reading encryption fragments from the client, where the encrypted message sending private key, the encrypted message reading private key, the multiple message sending encryption fragments, and the multiple message reading encryption fragments are obtained by a communication processing method executed by the client in any of the above embodiments; and the storage unit 42b is configured to store the encrypted message sending private key, the encrypted message reading private key, the plurality of message sending encryption fragments, and the plurality of message reading encryption fragments.
Fig. 5 illustrates a block diagram of some embodiments of an electronic device of the present disclosure.
As shown in fig. 5, the electronic apparatus 5 of this embodiment includes: a memory 51 and a processor 52 coupled to the memory 51, the processor 52 being configured to execute the communication processing method in any one of the embodiments of the present disclosure based on instructions stored in the memory 51.
The memory 51 may include, for example, a system memory, a fixed nonvolatile storage medium, and the like. The system memory stores, for example, an operating system, an application program, a Boot Loader, a database, and other programs.
Fig. 6 shows a block diagram of further embodiments of the electronic device of the present disclosure.
As shown in fig. 6, the electronic apparatus 6 of this embodiment includes: a memory 610 and a processor 620 coupled to the memory 610, the processor 620 being configured to execute the communication processing method in any of the foregoing embodiments based on instructions stored in the memory 610.
The memory 610 may include, for example, system memory, fixed non-volatile storage media, and the like. The system memory stores, for example, an operating system, an application program, a Boot Loader, and other programs.
The electronic device 6 may also include an input-output interface 630, a network interface 640, a storage interface 650, and the like. These interfaces 630, 640, 650 and the memory 610 and the processor 620 may be connected by a bus 860, for example. The input/output interface 630 provides a connection interface for input/output devices such as a display, a mouse, a keyboard, a touch screen, a microphone, and a sound box. The network interface 640 provides a connection interface for various networking devices. The storage interface 650 provides a connection interface for external storage devices such as an SD card and a usb disk.
Fig. 7 illustrates a block diagram of some embodiments of the communications processing system of the present disclosure.
As shown in fig. 7, the communication processing system 7 includes: a communication processing device 71 of the client for executing the communication processing method of the client in any of the above embodiments; the communication processing device 72 of the communication server is configured to execute the communication processing method of the server in any of the embodiments.
As will be appreciated by one of skill in the art, embodiments of the present disclosure may be provided as a method, system, or computer program product. Accordingly, the present disclosure may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present disclosure may take the form of a computer program product embodied on one or more computer-usable non-transitory storage media including, but not limited to, disk storage, CD-ROM, optical storage, and the like, having computer-usable program code embodied therein.
So far, a communication processing method, a communication processing apparatus, a communication processing system, an electronic device, and a nonvolatile computer-readable storage medium according to the present disclosure have been described in detail. Some details that are well known in the art have not been described in order to avoid obscuring the concepts of the present disclosure. It will be fully apparent to those skilled in the art from the foregoing description how to practice the presently disclosed embodiments.
The method and system of the present disclosure may be implemented in a number of ways. For example, the methods and systems of the present disclosure may be implemented by software, hardware, firmware, or any combination of software, hardware, and firmware. The above-described order for the steps of the method is for illustration only, and the steps of the method of the present disclosure are not limited to the order specifically described above unless specifically stated otherwise. Further, in some embodiments, the present disclosure may also be embodied as programs recorded in a recording medium, the programs including machine-readable instructions for implementing the methods according to the present disclosure. Thus, the present disclosure also covers a recording medium storing a program for executing the method according to the present disclosure.
Although some specific embodiments of the present disclosure have been described in detail by way of example, it should be understood by those skilled in the art that the foregoing examples are for purposes of illustration only and are not intended to limit the scope of the present disclosure. It will be appreciated by those skilled in the art that modifications can be made to the above embodiments without departing from the scope and spirit of the present disclosure. The scope of the present disclosure is defined by the appended claims.

Claims (18)

1. A communication processing method, performed by a client, comprising:
generating a message sending private key, a message reading private key, a message sending public key and a message reading public key of the group chat, wherein the message sending private key and the message reading private key are not stored in a plaintext mode;
encrypting the message sending private key by using a message sending protection key to obtain an encrypted message sending private key, encrypting the message reading private key by using a message reading protection key to obtain an encrypted message reading private key, wherein the message sending protection key and the message reading protection key are non-reproducible randomly generated keys generated by the client;
executing a threshold encryption algorithm on the message sending protection key to obtain a plurality of message sending key fragments, executing the threshold encryption algorithm on the message reading protection key to obtain a plurality of message reading key fragments, reducing the message sending protection key by at least a preset number of message sending key fragments, and reducing the message reading protection key by at least a preset number of message reading key fragments;
encrypting the plurality of message sending key fragments to obtain a plurality of message sending encryption fragments, and encrypting the plurality of message reading key fragments to obtain a plurality of message reading encryption fragments, wherein the plurality of message sending encryption fragments comprise a first message sending encryption fragment obtained by encrypting a user side key which cannot be perceived by a communication service end, and the plurality of message reading encryption fragments comprise a first message reading encryption fragment obtained by encrypting the user side key which cannot be perceived by the communication service end;
sending and storing the encrypted message sending private key, the encrypted message reading private key, the plurality of message sending encrypted fragments and the plurality of message reading encrypted fragments to a communication server,
the message sending encryption fragments and the message reading encryption fragments which are more than or equal to the preset number cannot be decrypted by the communication server,
the encrypted message sending private key, the encrypted message reading private key and at least a preset number of message sending encryption fragments and message reading encryption fragments are used for reducing the message sending private key and the message reading private key in a terminal memory of a user participating in the group chat through the message sending protection key and the message reading protection key which are reduced according to the user side key,
the message sending private key and the message reading public key are used for encrypting messages sent from the terminal, and the message reading private key and the message sending public key are used for decrypting encrypted messages received by the user terminal and obtained by encrypting the message sending private key and the message reading public key.
2. The communication processing method of claim 1, wherein the plurality of messaging key fragments comprises a first messaging key fragment and a second messaging key fragment, the plurality of read message key fragments comprises a first read message key fragment and a second read message key fragment,
the encrypting the multiple message sending key fragments to obtain multiple message sending encryption fragments, and the encrypting the multiple message reading key fragments to obtain multiple message reading encryption fragments includes:
when the group chat is a non-public group chat, the public key of a group administrator of the group chat is utilized to carry out asymmetric encryption on the first sending message key fragment and the first reading message key fragment to obtain a first sending message encryption fragment ciphertext and a first reading message key fragment ciphertext;
and asymmetrically encrypting the second message sending key fragment and the second read message key fragment by using the public key of the communication server to obtain a second message sending encryption fragment ciphertext and a second read message key fragment ciphertext.
3. The communication processing method according to claim 2, wherein the encrypting the plurality of message sending key fragments to obtain a plurality of message sending encryption fragments, and the encrypting the plurality of read message key fragments to obtain a plurality of read message encryption fragments comprises:
under the condition that the group chat is public group chat, generating a symmetric encryption key by using random seed data according to a random password generation method, wherein the symmetric encryption key can be recovered according to the random seed data;
encrypting the first message sending key fragment and the first message reading key fragment by using the symmetric encryption key to obtain a first message sending encryption fragment ciphertext and a first message reading key fragment ciphertext;
further comprising:
and sending the random seed data to the communication server for storage.
4. The communication processing method of claim 2, further comprising:
decrypting the first origination message encryption fragment ciphertext and the first read message key fragment ciphertext with a private key of the group administrator to obtain the first origination message key fragment and the first read message key fragment under the condition that the user is allowed to join the non-public group chat;
performing asymmetric encryption on the first message sending key fragment and the first message reading key fragment by using the public key of the user to obtain an encrypted first message sending key fragment and an encrypted first message reading key fragment;
and sending the first sending message key fragment and the encrypted first reading message key fragment to the communication server for storage, so that the communication server can send the first sending message key fragment, the encrypted first reading message key fragment, the second sending message key fragment, the second reading message key fragment, the encrypted sending message private key, the encrypted reading message private key, the sending message public key and the reading message public key to the terminal of the user.
5. The communication processing method according to claim 2, wherein the message sending private key and the read message private key are decrypted by:
decrypting the first send message encryption fragment ciphertext and the first read message key fragment ciphertext by using the private key of the user to obtain the first send message key fragment and the first read message key fragment;
restoring the message sending protection key by using the first message sending key fragment and the second message sending key fragment, and restoring the message reading protection key by using the first message reading key fragment and the second message reading key fragment;
and respectively decrypting the encrypted message sending private key and the encrypted message reading private key by using the message sending protection key and the message reading protection key to obtain the message sending private key and the message reading private key.
6. The communication processing method according to claim 3, wherein the message sending private key and the read message private key are decrypted by:
generating the symmetric encryption key at the terminal of the user by using the random seed data, wherein the random seed data is obtained from the communication server side when the user joins the group chat;
decrypting the first message-sending encryption fragment ciphertext and the first message-reading key fragment ciphertext by using the symmetric encryption key to obtain the first message-sending key fragment and the first message-reading key fragment;
restoring the message sending protection key by using the first message sending key fragment and the second message sending key fragment, and restoring the message reading protection key by using the first message reading key fragment and the second message reading key fragment;
and respectively decrypting the encrypted message sending private key and the encrypted message reading private key by using the message sending protection key and the message reading protection key to obtain the message sending private key and the message reading private key.
7. The communication processing method of claim 3, further comprising:
when the group chat is changed from public group chat to non-public group chat, recovering the symmetric encryption key by using the random seed data according to the random password generation method;
decrypting the first send message encryption shard ciphertext and the first read message key shard ciphertext by using the symmetric encryption key to obtain the first send message key shard and the first read message key shard;
performing asymmetric encryption on the first message sending key fragment and the first message reading key fragment by using a public key of a group administrator of the group chat to obtain a first message sending key fragment and a first message reading key fragment which are asymmetrically encrypted;
decrypting the asymmetrically encrypted first origination message key fragment and first read message key fragment to obtain the first origination message key fragment and the first read message key fragment when the group administrator agrees to add a new user to the group chat application;
and carrying out asymmetric encryption on the first sending message key fragment and the first reading message key fragment by utilizing the public key of the new user.
8. The communication processing method of claim 2, further comprising:
when the group chat is changed from a non-public group chat to a public group chat, decrypting the first message encryption fragment ciphertext and the first message reading key fragment ciphertext by using a private key of the group administrator to obtain the first message key fragment and the first message reading key fragment;
generating a symmetric encryption key by using random seed data according to a random password generation method;
using the symmetric encryption key to symmetrically encrypt the first message sending key fragment and the first message reading key fragment to obtain a symmetrically encrypted first message sending key fragment and a first message reading key fragment;
storing the symmetrically encrypted first sending message key fragment and first reading message key fragment in the group information of the group chat;
under the condition that a new user applies for joining the group chat, recovering the symmetric encryption key by using the random seed data according to the random password generation method;
decrypting the symmetrically encrypted first message sending key fragment and first message reading key fragment by using the symmetric encryption key;
and encrypting the first sending message key fragment and the first reading message key fragment by using the public key of the new user and then storing the encrypted first sending message key fragment and the encrypted first reading message key fragment in the group information of the new user.
9. The communication processing method according to any one of claims 1 to 8, further comprising:
and determining whether to allow the user to acquire the message sending private key according to whether the user participating in the group chat has the authority of sending the message in the group chat.
10. The communication processing method of any one of claims 1 to 8, wherein the generating a message private key, a message read private key, a message public key, and a message read public key of the group chat comprises:
and under the condition that a group administrator of the group chat creates the group chat, generating the message sending private key, the message reading private key, the message sending public key and the message reading public key locally at a client of the group administrator.
11. The communication processing method according to any one of claims 1 to 8, wherein the user-side key includes at least one of a personal password, a gesture password, a digital certificate, and a preset picture feature of the user.
12. The communication processing method according to any one of claims 1 to 8, further comprising:
generating a new message sending protection key and a new read message protection key under the condition that the group administrator conducts group entry identity verification again on more than a threshold number of group members, or the plurality of message sending key fragments or the plurality of read message key fragments are leaked;
re-encrypting the message sending private key by using the new message sending protection key, and re-encrypting the message reading private key by using the message reading protection key;
and carrying out fragmentation processing and encryption processing on the new message sending protection key and the new read message protection key again.
13. A communication processing method executed by a communication server side comprises the following steps:
receiving and storing an encrypted message sending private key, an encrypted message reading private key, a plurality of message sending encryption fragments and a plurality of message reading encryption fragments from a client, wherein the encrypted message sending private key, the encrypted message reading private key, the plurality of message sending encryption fragments and the plurality of message reading encryption fragments are obtained by the communication processing method of any one of claims 1 to 12.
14. A communication processing device is arranged at a client side and comprises:
the generating unit is used for generating a message sending private key, a message reading private key, a message sending public key and a message reading public key of the group chat, wherein the message sending private key and the message reading private key are not stored in a plaintext mode;
an encryption unit, configured to encrypt the message sending private key by using a message sending protection key to obtain an encrypted message sending private key, encrypt the message reading private key by using a message reading protection key to obtain an encrypted message reading private key, where the message sending protection key and the message reading protection key are non-replayable randomly generated keys generated by the client, encrypt a plurality of message sending key fragments to obtain a plurality of message sending encryption fragments, encrypt the plurality of message reading key fragments to obtain a plurality of message reading encryption fragments, where the plurality of message sending encryption fragments include a first message sending encryption fragment obtained by encrypting a user side key that cannot be perceived by the communication service end, and the plurality of message reading encryption fragments include a first message reading encryption fragment obtained by encrypting the user side key that cannot be perceived by the communication service end;
the fragmentation unit is used for executing a threshold encryption algorithm on the message sending protection key to obtain a plurality of message sending key fragments, executing the threshold encryption algorithm on the message reading protection key to obtain a plurality of message reading key fragments, reducing the message sending protection key by at least a preset number of message sending key fragments, and reducing the message reading protection key by at least a preset number of message reading key fragments;
a sending unit, configured to send and store the encrypted message sending private key, the encrypted message reading private key, the multiple message sending encryption fragments, and the multiple message reading encryption fragments to a communication service end, where a preset number of message sending encryption fragments and a preset number of message reading encryption fragments that are greater than or equal to the preset number cannot be decrypted by the communication service end, where the encrypted message sending private key, the encrypted message reading private key, and at least the preset number of message sending encryption fragments and message reading encryption fragments are used by a user participating in the group chat to restore the message sending private key and the message reading private key in a terminal memory of the user through the message sending protection key and the message reading protection key restored according to the user-side key, where the message sending private key and the message reading public key are used to encrypt a message sent from the terminal, and the message reading private key and the message sending public key decrypt an encrypted message received by the user terminal and encrypted by using the message sending private key and the message reading public key.
15. A communication processing device is arranged at a communication service end and comprises:
a receiving unit, configured to receive an encrypted message sending private key, an encrypted message reading private key, a plurality of message sending encryption fragments, and a plurality of message reading encryption fragments from a client, where the encrypted message sending private key, the encrypted message reading private key, the plurality of message sending encryption fragments, and the plurality of message reading encryption fragments are obtained by the communication processing method according to any one of claims 1 to 12;
and the storage unit is used for storing the encrypted message sending private key, the encrypted message reading private key, the plurality of message sending encryption fragments and the plurality of message reading encryption fragments.
16. A communication processing system, comprising:
a communication processing apparatus of a client for executing the communication processing method of any one of claims 1 to 12;
a communication processing apparatus of a communication server, configured to execute the communication processing method according to claim 13.
17. An electronic device, comprising:
a memory; and
a processor coupled to the memory, the processor configured to perform the communication processing method of any of claims 1-13 based on instructions stored in the memory.
18. A non-transitory computer-readable storage medium on which a computer program is stored, the program implementing the communication processing method of any one of claims 1 to 13 when executed by a processor.
CN202211033279.4A 2022-08-26 2022-08-26 Communication processing method, device and system Active CN115361222B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211033279.4A CN115361222B (en) 2022-08-26 2022-08-26 Communication processing method, device and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211033279.4A CN115361222B (en) 2022-08-26 2022-08-26 Communication processing method, device and system

Publications (2)

Publication Number Publication Date
CN115361222A true CN115361222A (en) 2022-11-18
CN115361222B CN115361222B (en) 2023-08-01

Family

ID=84004383

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211033279.4A Active CN115361222B (en) 2022-08-26 2022-08-26 Communication processing method, device and system

Country Status (1)

Country Link
CN (1) CN115361222B (en)

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8745394B1 (en) * 2013-08-22 2014-06-03 Citibank, N.A. Methods and systems for secure electronic communication
CN104219051A (en) * 2014-08-20 2014-12-17 北京奇艺世纪科技有限公司 In-group message communication method and system
CN106790037A (en) * 2016-12-16 2017-05-31 中国科学院软件研究所 The instant communication method and system of a kind of User space encryption
CN106850195A (en) * 2016-04-18 2017-06-13 中国科学院信息工程研究所 Group key agreement and communication means in a kind of instant messaging
CN109962924A (en) * 2019-04-04 2019-07-02 北京思源互联科技有限公司 Group chat construction method, group message sending method, group message receiving method and system
CN110690967A (en) * 2019-12-11 2020-01-14 杭州字节信息技术有限公司 Instant communication key establishment method independent of server security
CN112804133A (en) * 2020-12-25 2021-05-14 江苏通付盾区块链科技有限公司 Encrypted group chat method and system based on block chain technology

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8745394B1 (en) * 2013-08-22 2014-06-03 Citibank, N.A. Methods and systems for secure electronic communication
CN104219051A (en) * 2014-08-20 2014-12-17 北京奇艺世纪科技有限公司 In-group message communication method and system
CN106850195A (en) * 2016-04-18 2017-06-13 中国科学院信息工程研究所 Group key agreement and communication means in a kind of instant messaging
CN106790037A (en) * 2016-12-16 2017-05-31 中国科学院软件研究所 The instant communication method and system of a kind of User space encryption
CN109962924A (en) * 2019-04-04 2019-07-02 北京思源互联科技有限公司 Group chat construction method, group message sending method, group message receiving method and system
CN110690967A (en) * 2019-12-11 2020-01-14 杭州字节信息技术有限公司 Instant communication key establishment method independent of server security
CN112804133A (en) * 2020-12-25 2021-05-14 江苏通付盾区块链科技有限公司 Encrypted group chat method and system based on block chain technology

Also Published As

Publication number Publication date
CN115361222B (en) 2023-08-01

Similar Documents

Publication Publication Date Title
US10785019B2 (en) Data transmission method and apparatus
CN106104562B (en) System and method for securely storing and recovering confidential data
CN109194465B (en) Method for managing keys, user equipment, management device and storage medium
CN109981255B (en) Method and system for updating key pool
US9130744B1 (en) Sending an encrypted key pair and a secret shared by two devices to a trusted intermediary
CN109543434B (en) Block chain information encryption method, decryption method, storage method and device
CN109951513B (en) Quantum-resistant computing smart home quantum cloud storage method and system based on quantum key card
CN113779619B (en) Ceph distributed object storage system encryption and decryption method based on cryptographic algorithm
CN106941404A (en) Cryptographic key protection method and device
US20210144002A1 (en) Secondary Channel Authentication of Public Keys
US20160021101A1 (en) Method for backing up a user secret and method for recovering a user secret
WO2024021958A1 (en) Communication processing method and system, client, communication server and supervision server
CN113239403A (en) Data sharing method and device
CN111010399A (en) Data transmission method and device, electronic equipment and storage medium
JP2022117456A (en) Message transmission system with hardware security module
CN110519222B (en) External network access identity authentication method and system based on disposable asymmetric key pair and key fob
CN109962924B (en) Group chat construction method, group message sending method, group message receiving method and system
WO2024139347A1 (en) Method, system and apparatus for securely acquiring sensitive information, and electronic device
CN112003690B (en) Password service system, method and device
CN110784318B (en) Group key updating method, device, electronic equipment, storage medium and communication system
KR101760376B1 (en) Terminal and method for providing secure messenger service
AU753951B2 (en) Voice and data encryption method using a cryptographic key split combiner
CN115834038A (en) Encryption method and device based on national commercial cryptographic algorithm
US20230188330A1 (en) System and method for identity-based key agreement for secure communication
Blaze Key escrow from a safe distance: looking back at the clipper chip

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant