CN116170209A - Communication system, method, device, apparatus and storage medium - Google Patents

Communication system, method, device, apparatus and storage medium Download PDF

Info

Publication number
CN116170209A
CN116170209A CN202310145637.9A CN202310145637A CN116170209A CN 116170209 A CN116170209 A CN 116170209A CN 202310145637 A CN202310145637 A CN 202310145637A CN 116170209 A CN116170209 A CN 116170209A
Authority
CN
China
Prior art keywords
terminal
channel
target
key
public key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202310145637.9A
Other languages
Chinese (zh)
Inventor
张立坡
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Baidu Netcom Science and Technology Co Ltd
Original Assignee
Beijing Baidu Netcom Science and Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Baidu Netcom Science and Technology Co Ltd filed Critical Beijing Baidu Netcom Science and Technology Co Ltd
Priority to CN202310145637.9A priority Critical patent/CN116170209A/en
Publication of CN116170209A publication Critical patent/CN116170209A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/061Network architectures or network communication protocols for network security for supporting key management in a packet data network for key exchange, e.g. in peer-to-peer networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0478Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload applying multiple layers of encryption, e.g. nested tunnels or encrypting the content with a first key and then with at least a second key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/14Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The disclosure provides a communication system, a method and a device, relates to the technical field of computers and communication, and particularly relates to the technical field of information security and network communication. The specific implementation scheme is as follows: the third terminal is used for responding to a secret communication request instruction received from the first terminal, and sending a first public key to the first terminal through a first channel and a second channel in sequence, wherein the first public key is used for encrypting first transmission data to generate a first transmission ciphertext, and the first transmission data is sent from the first terminal to the third terminal; the first channel is used for secret communication between the third terminal and the second terminal based on the first key pair, and the second channel is used for secret communication between the first terminal and the second terminal based on the second key pair; the third terminal is configured to perform secure communication to the first terminal based on a third key pair including a first public key and a first private key, the first private key being configured to decrypt the first transmission ciphertext, via a third channel between the first terminal and the third terminal.

Description

Communication system, method, device, apparatus and storage medium
Technical Field
The present disclosure relates to the field of computer and communication technologies, and in particular, to the field of information security and network communication technologies, and in particular, to a communication system, a method, an apparatus, a device, a storage medium, and a program product.
Background
Along with the development of computer technology and communication technology, how to ensure information security in the communication process is a technical problem that needs to be solved.
There is one of the following: communication between the client and the target server may pass through the intermediate server, which may cause information leakage by intercepting transmission data between the client and the target server by the intermediate server.
Disclosure of Invention
The present disclosure provides a communication system, method, apparatus, device, storage medium, and program product.
According to an aspect of the present disclosure, there is provided a communication system including a first terminal, a second terminal, and a third terminal; the third terminal is used for responding to a secret communication request instruction received from the first terminal, and sending a first public key to the first terminal through a first channel and a second channel in sequence, wherein the first public key is used for encrypting first transmission data to generate a first transmission ciphertext, and the first transmission data is sent from the first terminal to the third terminal; the first channel is used for secret communication between the third terminal and the second terminal based on the first key pair, and the second channel is used for secret communication between the first terminal and the second terminal based on the second key pair; and a third terminal for secure communication to the first terminal based on a third key, via a third channel between the first terminal and the third terminal, wherein the third key pair comprises a first public key and a first private key, the first private key being used to decrypt the first transmission ciphertext.
According to another aspect of the present disclosure, there is provided a communication method including: in response to receiving a secure communication request instruction from a first terminal, transmitting a first public key to the first terminal via a first channel and a second channel in sequence, wherein the first public key is used for encrypting first transmission data to generate a first transmission ciphertext, and the first transmission data is transmitted from the first terminal to a third terminal; the first channel is used for secret communication between the third terminal and the second terminal based on the first key pair, and the second channel is used for secret communication between the first terminal and the second terminal based on the second key pair; and performing secure communication between the first terminal and the third terminal based on a third key pair via a third channel between the first terminal and the third terminal, wherein the third key pair includes a first public key and a first private key, the first private key being used to decrypt the first transmission ciphertext.
According to another aspect of the present disclosure, there is provided a communication method including: sending a secret communication request instruction to a third terminal through a second terminal; receiving a first public key from a third terminal via a first channel and a second channel, wherein the first public key is used for encrypting first transmission data to generate a first transmission ciphertext, and the first transmission data is sent from the first terminal to the third terminal; the first channel is used for secret communication between the third terminal and the second terminal based on the first key pair, and the second channel is used for secret communication between the first terminal and the second terminal based on the second key pair; and performing secure communication between the first terminal and the third terminal based on a third key pair via a third channel between the first terminal and the third terminal, wherein the third key pair includes a first public key and a first private key, the first private key being used to decrypt the first transmission ciphertext.
According to another aspect of the present disclosure, there is provided a communication apparatus including: the first sending module is used for responding to a secret communication request instruction received from the first terminal and sending a first public key to the first terminal through a first channel and a second channel in sequence, wherein the first public key is used for encrypting first transmission data to generate a first transmission ciphertext, and the first transmission data is sent from the first terminal to a third terminal; the first channel is used for secret communication between the third terminal and the second terminal based on the first key pair, and the second channel is used for secret communication between the first terminal and the second terminal based on the second key pair; and the first communication module is used for carrying out secret communication between the first terminal and the third terminal based on a third key pair through a third channel between the first terminal and the third terminal, wherein the third key pair comprises a first public key and a first private key, and the first private key is used for decrypting the first transmission ciphertext.
According to another aspect of the present disclosure, there is provided a communication apparatus including: the second sending module is used for sending a secret communication request instruction to the third terminal through the second terminal; the second receiving module is used for receiving a first public key from the third terminal through a first channel and a second channel, wherein the first public key is used for encrypting first transmission data to generate a first transmission ciphertext, and the first transmission data is sent from the first terminal to the third terminal; the first channel is used for secret communication between the third terminal and the second terminal based on the first key pair, and the second channel is used for secret communication between the first terminal and the second terminal based on the second key pair; and the second communication module is used for carrying out secret communication between the first terminal and the third terminal based on a third key pair through a third channel between the first terminal and the third terminal, wherein the third key pair comprises a first public key and a first private key, and the first private key is used for decrypting the first transmission ciphertext.
According to another aspect of the present disclosure, there is provided an electronic device including: at least one processor and a memory communicatively coupled to the at least one processor. Wherein the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the methods of the embodiments of the present disclosure.
According to another aspect of the present disclosure, there is provided a non-transitory computer-readable storage medium storing computer instructions for causing a computer to perform the method of the embodiments of the present disclosure.
According to another aspect of the present disclosure, there is provided a computer program product comprising a computer program stored on at least one of a readable storage medium and an electronic device, the computer program when executed by a processor implementing a method of an embodiment of the present disclosure.
It should be understood that the description in this section is not intended to identify key or critical features of the embodiments of the disclosure, nor is it intended to be used to limit the scope of the disclosure. Other features of the present disclosure will become apparent from the following specification.
Drawings
The drawings are for a better understanding of the present solution and are not to be construed as limiting the present disclosure. Wherein:
FIG. 1 schematically illustrates a system architecture diagram of a communication system, communication method and apparatus according to an embodiment of the present disclosure;
fig. 2 schematically illustrates a schematic diagram of a communication system according to an embodiment of the present disclosure;
fig. 3A schematically illustrates a schematic diagram of a first channel, a second channel, and a third channel of a communication system according to another embodiment of the present disclosure;
fig. 3B schematically illustrates a schematic diagram of creating a third channel according to an embodiment of the present disclosure;
fig. 3C schematically illustrates a schematic diagram of creating a third channel according to another embodiment of the present disclosure;
fig. 3D schematically illustrates a schematic diagram of an interaction between a first terminal and a third terminal through a third channel;
fig. 4 schematically illustrates a flowchart of a communication method performed by a third terminal according to an embodiment of the present disclosure;
fig. 5 schematically illustrates a flowchart of a communication method performed by a first terminal according to yet another embodiment of the present disclosure;
fig. 6 schematically illustrates a block diagram of a communication device according to another embodiment of the present disclosure, which may be provided at a third terminal;
Fig. 7 schematically illustrates a block diagram of a communication device that may be provided at a first terminal in accordance with yet another embodiment of the present disclosure; and
fig. 8 schematically illustrates a block diagram of an electronic device in which the communication method of embodiments of the present disclosure may be implemented.
Detailed Description
Exemplary embodiments of the present disclosure are described below in conjunction with the accompanying drawings, which include various details of the embodiments of the present disclosure to facilitate understanding, and should be considered as merely exemplary. Accordingly, one of ordinary skill in the art will recognize that various changes and modifications of the embodiments described herein can be made without departing from the scope and spirit of the present disclosure. Also, descriptions of well-known functions and constructions are omitted in the following description for clarity and conciseness.
The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the disclosure. The terms "comprises," "comprising," and/or the like, as used herein, specify the presence of stated features, steps, operations, and/or components, but do not preclude the presence or addition of one or more other features, steps, operations, or components.
All terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art unless otherwise defined. It should be noted that the terms used herein should be construed to have meanings consistent with the context of the present specification and should not be construed in an idealized or overly formal manner.
Where expressions like at least one of "A, B and C, etc. are used, the expressions should generally be interpreted in accordance with the meaning as commonly understood by those skilled in the art (e.g.," a system having at least one of A, B and C "shall include, but not be limited to, a system having a alone, B alone, C alone, a and B together, a and C together, B and C together, and/or A, B, C together, etc.).
Along with the development of computer technology and communication technology, how to ensure information security in the communication process is a technical problem that needs to be solved.
There is one of the following: communication between the client and the target server may pass through the intermediate server, so that transmission data between the client and the target server may be intercepted by the intermediate server through the intermediate server, resulting in information leakage.
For example, the client issues a task execution instruction for the target server, the task execution instruction is transmitted to the target server via the intermediate server, and the intermediate server may provide services other than executing tasks for services such as the management client. The target server responds to the task execution instruction, the task is executed at the target server side, the communication mode of the transmission paths from the client side to the intermediate server and from the intermediate server to the target server is higher in efficiency when the task is executed, but operation execution data related to the task is still transmitted between the client side and the target server through the intermediate server, the operation execution data may be intercepted by the intermediate server, and the safety is lower.
Fig. 1 schematically illustrates a system architecture of a communication system, a communication method and an apparatus according to an embodiment of the present disclosure. It should be noted that fig. 1 is only an example of a system architecture to which embodiments of the present disclosure may be applied to assist those skilled in the art in understanding the technical content of the present disclosure, but does not mean that embodiments of the present disclosure may not be used in other devices, systems, environments, or scenarios.
As shown in fig. 1, a system architecture 100 according to this embodiment may include a first terminal 101, a second terminal 102, a third terminal 103, and a network 104. The network 104 is the medium used to provide communication links between the clients 101, 102, 103 and the server 105. The network 104 may include various connection types, such as wired, wireless communication links, or fiber optic cables, among others.
The first terminal 101 may include a client, for example, may be various electronic devices having a display screen and supporting web browsing, including but not limited to smartphones, tablets, laptop and desktop computers, and the like.
The second terminal 102 and the third terminal 103 may be servers providing various services, for example. The server may also be a cloud server, i.e. the server has cloud computing functionality.
It should be understood that the number of first, second, third terminals and networks in fig. 1 is merely illustrative. There may be any number of first terminals, second terminals, third terminals, and networks, as desired for implementation.
It should be noted that, in the technical solution of the present disclosure, the processes of collecting, storing, using, processing, transmitting, providing, disclosing, etc. related personal information of the user all conform to the rules of the related laws and regulations, and do not violate the public welfare.
In the technical scheme of the disclosure, the authorization or consent of the user is obtained before the personal information of the user is obtained or acquired.
Fig. 2 schematically illustrates a schematic diagram of a communication system according to an embodiment of the present disclosure. A communication system according to an embodiment of the present disclosure may include, for example, a first terminal 201, a second terminal 202, and a third terminal 203.
The third terminal is configured to send the first public key to the first terminal via the first channel and the second channel in order in response to receiving a secret communication request instruction from the first terminal.
The first public key is used for encrypting first transmission data to generate a first transmission ciphertext, and the first transmission data is sent from the first terminal to the third terminal; the first channel is used for secret communication between the third terminal and the second terminal based on the first key pair, and the second channel is used for secret communication between the first terminal and the second terminal based on the second key pair.
As shown in fig. 2, for example, a secret communication request instruction for the third terminal 203 may be transmitted by the first terminal 201 to the third terminal 203 sequentially along a path a and a path b.
As shown in fig. 2, the third terminal 203 may, for example, sequentially transmit the first public key to the first terminal 201 along the path c and the path d in response to receiving a secret communication request instruction from the first terminal 201.
A channel is understood to mean a data signal transmission path with a radio signal as transmission carrier, which is the transmission medium between a transmitting signal end and a receiving signal end. The channels of the disclosed embodiments include a first channel, a second channel, and a third channel.
Taking the example that the first terminal sends the data signal to the third terminal via the second terminal, the first terminal may for example comprise a client, the second terminal may for example comprise an intermediate server, and the third terminal may for example comprise a target server.
The third terminal is operable to perform secure communication to the first terminal based on the third key via a third channel between the first terminal and the third terminal.
The third key pair includes a first public key and a first private key, the first private key being used to decrypt the first transmission ciphertext.
As shown in fig. 2, for example, the secret communication may be performed between the first terminal 201 and the third terminal 203 based on the third key pair via the third channel between the first terminal 201 and the third terminal 203, and related data of the secret communication may be transmitted along the path e and the path f, for example.
By way of example, paths a, d shown in fig. 2 may correspond to a second channel, paths b, c may correspond to a first channel, and paths e, f may correspond to a third channel, for example.
It should be noted that, according to the communication method of the embodiment of the present disclosure, for example, the unsecured communication data between any two terminals may be transmitted via the network 104 between the corresponding terminals in fig. 1.
The first terminal may also, for example, send a secure communication request instruction to the third terminal via the network 104.
The first public key and the first private key may for example be generated at a third terminal, which may for example reserve the first private key and send the first public key to the first terminal via the first channel and the second channel in sequence.
The first public key and the first private key are asymmetric keys of the third channel, so that after the first public key encrypts the first transmission data sent from the first terminal to the third terminal, the third terminal can decrypt the first transmission data by using the first private key, the first transmission data sent from the first terminal to the third terminal cannot pass through the second terminal, the second terminal cannot acquire the first transmission data, only the first private key of the first transmission data encrypted by the first public key can decrypt the first transmission data, and only the third terminal has the first private key, and therefore communication security of the first transmission data from the first terminal to the third terminal can be guaranteed.
According to the communication system of the embodiment of the disclosure, aiming at the problem that the transmission data between the first terminal and the third terminal are intercepted and the communication safety is threatened by the second terminal when the transmission data is communicated through the second terminal. The third terminal is used for responding to a secret communication request instruction received from the first terminal, the first public key is sequentially sent to the first terminal through the first channel and the second channel, the first channel is used for secret communication based on the first key pair between the third terminal and the second terminal, the second channel is used for secret communication based on the second key pair between the first terminal and the second terminal, the first public key is used for encrypting first transmission data to generate first transmission ciphertext, the first public key can be safely transmitted to the first terminal through the first channel and the second channel, the first terminal can encrypt the first transmission data sent to the third terminal according to the received first public key to obtain the first transmission ciphertext, and the third terminal can decrypt the first transmission ciphertext by using the first private key to obtain the first transmission plaintext. Thereby, secure communication of the first terminal and the third terminal can be achieved using the third channel.
In addition, the communication system of the embodiment of the present disclosure including the first terminal 201, the second terminal 202, and the third terminal 203 may implement secure communication between any two terminals of the first terminal, the second terminal, and the third terminal in the system through the first channel, the second channel, and the third channel, that is, the other end of the first terminal, the second terminal, and the third terminal except for the two ends of the communication interaction may not obtain the data of the communication interaction. And related data such as a first public key and the like transmitted through the first channel, the second channel and the third channel cannot be acquired by terminals outside the system, so that the communication safety is further ensured.
The third key pair may further comprise a second public key for encrypting the second transmission data to generate a second transmission ciphertext, the second transmission data being sent from the third terminal to the first terminal, and a second private key for decrypting the second transmission ciphertext.
The second public key and the second private key may for example be generated at the first terminal, which for example may retain the second private key and send the second public key to the third terminal via the third channel.
According to the embodiment of the disclosure, the second public key can be safely transmitted to the third terminal through the third channel, the third terminal can encrypt second transmission data sent to the first terminal according to the received second public key to obtain second transmission ciphertext, and the first terminal can decrypt the second transmission ciphertext by using the second private key to obtain second transmission plaintext. Thereby, secure communication between the third terminal and the first terminal can be achieved using the third channel.
According to another embodiment of the present disclosure, the first terminal is configured to send a target task execution instruction for the third terminal to the third terminal. The third terminal is used for responding to the target task execution instruction received from the first terminal and associating the first private key to the target task. The third terminal is also used for executing the target task.
The operation data of the target task is communicated securely between the third terminal and the first terminal based on the third key pair via the third channel.
The target task may be, for example, a task that requires confidentiality of the relevant operation data.
The first terminal may be used, for example, to send the target task execution instruction for the third terminal to the third terminal via the network 104 shown in fig. 1, may be further sequentially sent to the third terminal via the second channel and the first channel, and may be further sent to the third terminal via the third channel.
In some cases, the second terminal may serve as an intermediate proxy, and may provide services such as access of a plurality of first terminals, where the target task execution instruction of the first terminal is actually directed to the third terminal, for example, the execution of the target task is completed in the third terminal. For example, in a distributed, cloud computing, etc., each first terminal may perform a target task using a third terminal, and the second terminal may provide a service of managing the first terminals, etc., thereby efficiently performing the target task, management of a plurality of first terminals, etc.
According to the communication system of the embodiment of the disclosure, the first terminal is used for sending the target task execution instruction for the third terminal to the third terminal, and the third terminal is used for responding to the target task execution instruction received from the first terminal, and the first private key is related to the target task, so that the target task is executed on the premise of the first private key. Because only the third terminal has the first private key, the execution of the target task is limited to the third terminal, and the execution safety of the target task is ensured.
For example, in the case that the third terminal is used to associate the first private key with the target task, the third terminal may be further used to start a second terminal answering service, and the first terminal may be used to receive, with the second terminal, access data for the third terminal from the first terminal, for example, in the case that the target task execution instruction for the third terminal is sequentially transmitted to the third terminal via the second channel and the first channel.
Illustratively, the target tasks include creating an isolated environment task in accordance with a communication system of a further embodiment of the present disclosure. The third terminal is used for taking the first private key as a starting parameter for creating the isolated environment task, so that the third terminal associates the first private key with the target task.
The create isolation environment task is used to create a target isolation environment.
An isolated environment may be understood as a stand-alone operating environment. In some cases, a server in a production environment needs to deploy a plurality of different running environments, and by using isolated environments that are "isolated" from each other, for example, the problem of incompatibility of the different running environments can be solved.
According to the communication system of the embodiment of the disclosure, for a specific target task of creating an isolation environment task, the third terminal is used for taking the first private key as a starting parameter of the creating the isolation environment task, so that the third terminal associates the first private key with the target task, and when the creating the isolation environment task is executed, the first private key is required to be taken as a premise of starting and executing the creating the isolation environment task.
Illustratively, in accordance with a communication system of yet another embodiment of the present disclosure, the first terminal is further configured to create the second channel in accordance with a secure communication request instruction for the second terminal. The second terminal is further configured to create the first channel according to a secure communication request instruction for the third terminal. The first terminal is further configured to create a third channel according to the secure communication request instruction for the third terminal.
According to the communication method disclosed by the embodiment of the disclosure, under the condition that any one terminal sends a secret communication request instruction for the terminal interacted with the terminal, a corresponding channel can be created, so that the two interacted terminals can carry out secret communication through the corresponding channel, and the communication safety is improved.
FIG. 3A schematically shows a first Channel-1, a second Channel-2, and a third Channel-3.
For example, the second channel, the first channel, and the third channel may be created sequentially, for example.
Fig. 3B schematically illustrates a schematic diagram of creating a third channel according to an embodiment of the present disclosure. Fig. 3C schematically illustrates a schematic diagram of creating a third channel according to another embodiment of the present disclosure.
As shown in fig. 3A and 3B, a specific example of creating the third channel may be implemented, for example, using the following embodiments.
The third terminal may, for example, pre-generate the first public key pubkey-1 and the first private key prikey-1. The first terminal may, for example, pre-generate the second public key pubkey-2 and the second private key prikey-2.
As shown in fig. 3A, the third terminal 303 may, for example, transmit the first public key pubkey-1 to the first terminal 301 in sequence via the first channel-1 and the second channel-2 in advance, so that the first terminal 301 acquires in advance the first public key generated by the third terminal 303 for secret communication between the first terminal 301 and the third terminal 303. The first terminal 301 may, for example, transmit the second public key pubkey-2 to the third terminal 303 in advance. At this time, the first terminal has a first public key pubkey-1, a second private key prikey-2, and the third terminal has a first private key prikey-1 and a second public key pubkey-2.
As shown in fig. 3B, in operation S341, the authentication data d1 and the second public key pubkey-2 are encrypted with the first public key pubkey-1 at the first terminal 301 to obtain an authentication ciphertext ci-1.
Illustratively, operation S341 may further encrypt, at the first terminal 301, the verification data d1, the second public key pub key-2, and the signature sig-1 with the first public key pub key-1, to obtain the verification ciphertext ci-1, for example. The signature sig-1 may for example be obtained by encrypting a digest by the first public key pubkey-1, the digest may for example be obtained from the verification data d1 and the second public key pubkey-2. The digest may comprise, for example, verification data d1 and a second public key pubkey-2.
The authentication ciphertext ci-1 may be transmitted to the third terminal 303.
In operation S342, the third terminal 303 decrypts the authentication ciphertext ci-1 using the first private key prikey-1 to obtain the authentication ciphertext pla-1. The authentication plain text pla-1 includes a second public key pubkey-2.
In operation S343, the third terminal 303 performs security verification on the verification text pla-1 using the first public key pubkey-1 to obtain a security verification result sr-1.
In operation S344, in case that the security verification result sr-1 characterizes the verification text pla-1 as being secure, the first terminal 301 determines a third Channel-3 based on the first private key prikey-1 and the first public key pubkey-1.
The transmission of the authentication data d1 to the third terminal 303 can be encrypted in synchronization with the encrypted authentication data d1 by the above-described operation. The third terminal 303 can determine whether the authentication data d1 is tampered with (whether it is tampered with, characterized by the security authentication result sr-1) in the process of being transmitted from the first terminal 301 to the third terminal 303 by decrypting and security authenticating the authentication ciphertext ci-1 to determine a secure third channel.
Fig. 3C schematically shows a schematic diagram of creating a third channel according to another embodiment. The embodiment of creating the third channel shown in fig. 3C also includes the above-described operation S341-operation S343, and the embodiment of fig. 3B decrypts and securely verifies the verification ciphertext ci-1 transmitted from the first terminal through the third terminal to determine the third channel. Unlike the embodiment of creating the third channel shown in fig. 3B, the embodiment of creating the third channel shown in fig. 3C further includes the first terminal decrypting and securely verifying the verification ciphertext ci-2 transmitted from the third terminal to determine the third channel.
As shown in fig. 3C, creating a third channel according to another embodiment of the present disclosure may further include, for example, the following operations.
In operation S345, in case the security verification result sr-1 characterizes the verification plaintext pla-1 as being secure, the third terminal 303 saves the second public key pub key-2 from the first terminal 301. The second public key pubkey-2 is derived from the authentication plaintext pla-1.
In operation S346, the authentication data d2 is encrypted with the second public key pubkey-2 at the third terminal 303 to obtain the authentication ciphertext ci-2.
Illustratively, operation S345 may further encrypt the verification data d2 and the signature sig-2 with the second public key pub key-2 at the third terminal 303, resulting in a verification ciphertext ci-2, for example. The signature sig-2 may for example be obtained by encrypting a digest, which may for example be obtained from the verification data d2, by the second public key pubkey-1. The digest may comprise, for example, verification data d2.
The authentication ciphertext ci-2 may be transmitted to the first terminal 301.
In operation S347, the first terminal 301 decrypts the authentication ciphertext ci-2 using the second private key private-2 to obtain the authentication ciphertext pla-2.
In operation S348, the first terminal 301 performs security verification on the verification text pla-2 by using the second public key pubkey-2, to obtain a security verification result sr-2.
In operation S349, in case the security verification result sr-2 characterizes the verification text pla-2 as being secure, the first terminal 301 determines a third Channel-3 based on the second private key prikey-2 and the second public key pubkey-2.
As shown in fig. 3D, the determined third channel may be used to: message data mes1 sent by the first terminal is encrypted by the first public key at the first terminal, the obtained message Wen Miwen mci-1 can be sent to the third terminal, the message Wen Miwen mci-1 is decrypted by the first private key at the third terminal, and the clear message map-1 is obtained, so that secret communication of sending data from the first terminal to the third terminal based on the third channel can be realized. The message Wen Miwen mci-1 may also be encrypted with the first public key to message data mes1 and a signature sig-3, which signature sig-3 may for example comprise the first public key. At this time, the third terminal uses the first public key to perform security verification on the plaintext message mpla-1.
As shown in fig. 3D, the third channel may also be used to: the message data meg2 sent by the third terminal is encrypted by the second public key at the third terminal, the obtained message Wen Miwen mci-2 can be sent to the third terminal, the message Wen Miwen mci-2 is decrypted by the second private key at the third terminal, and the message map-2 is obtained, so that secret communication of sending data from the third terminal to the first terminal based on the third channel can be realized. The message Wen Miwen mci-2 may also be encrypted with the second public key to message data mes2 and a signature sig-4, which signature sig-4 may for example comprise the second public key. At this time, the first terminal uses the second public key to perform security verification on the plaintext message mpla-2.
Similar to creating the third channel, the second channel, the first channel, may be created in the same manner as the third channel is created as shown in fig. 3B. In case of creating the second channel, the second terminal may generate the third public key and the third private key in advance. The first terminal may generate the fourth public key and the fourth private key in advance. In case of creating the first channel, the third terminal may generate a fifth public key and a fifth private key in advance, and the second terminal may generate a sixth public key and a sixth private key in advance.
As shown in fig. 3A, the second terminal 302 may, for example, transmit the third public key pubkey-3 to the first terminal 301 in advance, so that the first terminal 301 acquires in advance the third public key generated by the second terminal 302 for secret communication between the first terminal 301 and the second terminal 302. The first terminal 301 may, for example, transmit the fourth public key pubkey-4 to the second terminal 302 in advance. At this time, the first terminal has a third public key pub key-3 and a fourth private key prikey-4, and the second terminal has a third private key prikey-3 and a fourth public key pub key-4.
As shown in fig. 3A, the second key pair may include a third public key, a third private key, a fourth public key, and a fourth private key. The first key pair may include a fifth public key, a fifth private key, a sixth public key, a sixth private key.
For example, the second channel and the first channel may be created in the same manner as the third channel is created with reference to the embodiment of creating the third channel, and the operations of creating the first channel and the second channel are not described herein.
The communication method according to an embodiment of the present disclosure may be performed by the third terminal 103 shown in fig. 1, for example.
Fig. 4 schematically illustrates a flow chart of a communication method according to an embodiment of the disclosure.
As shown in fig. 4, the communication method 400 of the embodiment of the disclosure may include, for example, operations S410 to S420.
In response to receiving the secret communication request instruction from the first terminal, the first public key is transmitted to the first terminal sequentially via the first channel and the second channel in operation S410.
The first public key is used to encrypt first transmission data to generate a first transmission ciphertext, the first transmission data being sent from the first terminal to the third terminal. The first channel is used for secret communication between the third terminal and the second terminal based on the first key pair, and the second channel is used for secret communication between the first terminal and the second terminal based on the second key pair.
In operation S420, secure communication is performed between the first terminal and the third terminal based on the third key pair via a third channel between the first terminal and the third terminal.
The third key pair includes a first public key and a first private key, the first private key being used to decrypt the first transmission ciphertext.
Illustratively, the third key pair further comprises a second public key and a second private key.
The second public key is used for encrypting second transmission data to generate second transmission ciphertext, the second transmission data is sent from the third terminal to the first terminal, and the second private key is used for decrypting the second transmission ciphertext.
It should be noted that, in the foregoing embodiments of the communication system including the first terminal, the second terminal, and the third terminal, the operations performed by the third terminal have been described in detail, and the related technical principles and technical effects are not repeated herein with reference to the foregoing embodiments.
Illustratively, a communication method according to another embodiment of the present disclosure further includes: and in response to receiving a target task execution instruction from the first terminal, associating the first private key to the target task. And executing the target task.
The operation data of the target task is communicated securely between the third terminal and the first terminal based on the third key pair via the third channel.
Illustratively, in accordance with a communication method of yet another embodiment of the present disclosure, the target task includes creating an isolated environment task; specific examples of associating the first private key to the target task may be implemented, for example, using the following embodiments: the first private key is used as a starting parameter for creating the isolated environment task.
The create isolation environment task is used to create a target isolation environment.
The communication method according to an embodiment of the present disclosure may be performed by the first terminal 101 shown in fig. 1, for example.
Fig. 5 schematically illustrates a flow chart of a communication method according to an embodiment of the disclosure.
As shown in fig. 5, the communication method 500 according to the embodiment of the disclosure may include, for example, operations S510 to S530.
In operation S510, a secret communication request instruction is transmitted to the third terminal via the second terminal.
The first public key from the third terminal is received via the first channel, the second channel, in operation S520.
The first public key is used for encrypting first transmission data to generate a first transmission ciphertext, and the first transmission data is sent from the first terminal to the third terminal; the first channel is used for secret communication between the third terminal and the second terminal based on the first key pair, and the second channel is used for secret communication between the first terminal and the second terminal based on the second key pair.
In operation S530, secure communication is performed between the first terminal and the third terminal based on the third key pair via a third channel between the first terminal and the third terminal.
The third key pair includes a first public key and a first private key, the first private key being used to decrypt the first transmission ciphertext.
It should be noted that, in the embodiments described above in which the communication method according to the embodiments of the present disclosure is performed by the first terminal and is performed by the communication system including the first terminal, the second terminal, and the third terminal, the operations performed by the first terminal have been described in detail, and the related technical principles and technical effects are not repeated herein with reference to the above embodiments.
Illustratively, a communication method according to another embodiment of the present disclosure may further include: in response to receiving a secure communication request instruction from the target terminal, a target channel is created.
The target channel includes at least one of a second channel and a third channel. The target key pair includes at least one of a second key pair corresponding to the second channel and a third key pair corresponding to the third channel. And performing bidirectional secret communication between a third terminal associated with the target channel and the target terminal based on the target key pair, wherein the target terminal comprises a second terminal corresponding to the second channel and a third terminal corresponding to the third channel.
It should be noted that creating the target channel includes creating at least one of the third channel and the second channel. The specific operation of creating the third channel is described in detail in the above embodiments, and will not be described in detail here. The specific operation of creating the second channel may for example also refer to the embodiment of creating the third channel.
According to a communication method of a further embodiment of the present disclosure, for example, a specific example of creating a target channel may be implemented using the following embodiments: and encrypting the interaction public key and the first verification data by using the target public key from the target terminal to obtain a first verification ciphertext. And determining a target channel based on the target public key and the target private key under the condition that the first security verification result represents that the first verification plaintext is secure.
The target key pair comprises a target public key and a target private key, wherein the target private key is used for decrypting and safely verifying the received first verification ciphertext by the target terminal to obtain a first verification plaintext.
In the case where the first verification data further includes a signature determined by the target public key, the target public key may further perform security verification (signature verification) on the first verification plaintext to obtain a first security verification result.
In the case where the target channel comprises a second channel, the second key pair comprises an interaction public key and an interaction private key. In the case where the target channel comprises a third channel, the third key pair comprises an interaction public key and an interaction private key.
It should be noted that, when the target channel includes the third channel, the target public key is the first public key, the target private key is the first private key, the interaction public key is the second public key, and the interaction private key is the second private key. In the case that the target channel includes the second channel, the target public key is the third public key, the target private key is the third public key, the interactive public key is the fourth public key, and the interactive private key is the fourth private key.
Illustratively, according to a communication method of a further embodiment of the present disclosure, creating the target channel may further include: and in response to receiving the second verification ciphertext from the target terminal, decrypting the second verification ciphertext by using the interaction private key to obtain a second verification plaintext. And determining a target channel based on the interaction public key and the interaction private key in response to the second security verification result of the target terminal for the second verification plaintext being secure.
The second authentication ciphertext is generated by the target terminal encrypting the second authentication data with the interactive public key,
the second security verification result is obtained by the target terminal verifying the second verification plaintext by using the interactive public key.
The second security verification result may be, for example, obtained by security verification (signature verification) of the second verification plaintext by the interactive public key in the case where the second verification data further includes a signature determined by the interactive public key.
Fig. 6 schematically illustrates a block diagram of a communication device according to an embodiment of the disclosure. The communication device may be disposed at the third terminal.
As shown in fig. 6, a communication device 600 of an embodiment of the disclosure includes, for example, a first transmitting module 610 and a first communication module 620.
The first transmitting module 610 is configured to transmit the first public key to the first terminal sequentially via the first channel and the second channel in response to receiving a secret communication request instruction from the first terminal. The first public key is used for encrypting first transmission data to generate a first transmission ciphertext, and the first transmission data is sent from the first terminal to the third terminal; the first channel is used for secret communication between the third terminal and the second terminal based on the first key pair, and the second channel is used for secret communication between the first terminal and the second terminal based on the second key pair.
The first communication module 620 is configured to perform secure communication between the first terminal and the third terminal based on the third key pair via a third channel between the first terminal and the third terminal. The third key pair includes a first public key and a first private key, the first private key being used to decrypt the first transmission ciphertext.
Illustratively, the communication device further comprises: the first private key association module is used for associating the first private key to the target task in response to receiving a target task execution instruction from the first terminal; and the target task execution module is used for executing the target task, wherein the operation data of the target task is communicated with the first terminal in a secret mode through a third channel based on a third key pair.
Illustratively, the target task includes creating an isolation environment task; the first private key association module includes: and the first private key association sub-module is used for taking the first private key as a starting parameter of a task for creating the isolation environment, wherein the task for creating the isolation environment is used for creating the target isolation environment.
The third key pair further comprises a second public key for encrypting second transmission data to generate a second transmission ciphertext, the second transmission data being sent from the third terminal to the first terminal, and a second private key for decrypting the second transmission ciphertext.
Fig. 7 schematically illustrates a block diagram of a communication device according to an embodiment of the disclosure. The communication device may be disposed at the first terminal.
As shown in fig. 7, the communication device 700 of the embodiment of the disclosure includes, for example, a second transmitting module 710, a second receiving module 720, and a second communication module 730.
And a second transmitting module 710, configured to transmit a secure communication request instruction to the third terminal via the second terminal.
The second receiving module 720 is configured to receive the first public key from the third terminal via the first channel and the second channel. The first public key is used for encrypting first transmission data to generate a first transmission ciphertext, and the first transmission data is sent from the first terminal to the third terminal; the first channel is used for secret communication between the third terminal and the second terminal based on the first key pair, and the second channel is used for secret communication between the first terminal and the second terminal based on the second key pair.
The second communication module 730 is configured to perform secure communication between the first terminal and the third terminal based on the third key pair via a third channel between the first terminal and the third terminal. The third key pair includes a first public key and a first private key, the first private key being used to decrypt the first transmission ciphertext.
Illustratively, the communication device further comprises: a target channel creation module for creating a target channel in response to receiving a secret communication request instruction from a target terminal, wherein the target channel includes at least one of a second channel and a third channel; the target key pair comprises at least one of a second key pair corresponding to a second channel and a third key pair corresponding to a third channel; and performing bidirectional secret communication between a third terminal associated with the target channel and the target terminal based on the target key pair, wherein the target terminal comprises a second terminal corresponding to the second channel and a third terminal corresponding to the third channel.
Illustratively, the target channel creation module includes: the first verification ciphertext determination sub-module and the target channel first determination sub-module.
The first verification ciphertext determining sub-module is used for encrypting the interaction public key and the first verification data by utilizing a target public key from the target terminal to obtain a first verification ciphertext, wherein the target public key pair comprises a target public key and a target private key, the target private key is used for decrypting the received first verification ciphertext by the target terminal to obtain a first verification plaintext, the target public key is used for carrying out safety verification on the first verification plaintext by the target terminal to obtain a first safety verification result, and the second key pair comprises the interaction public key and the interaction private key under the condition that the target channel comprises a second channel; in the case where the target channel comprises a third channel, the third key pair comprises an interaction public key and an interaction private key.
And the target channel first determining submodule is used for determining a target channel based on the target public key and the target private key under the condition that the first security verification result represents that the first verification plaintext is secure.
Illustratively, the target channel creation module further comprises: the second verification plaintext determination submodule and the target channel second determination submodule.
And the second verification plaintext determination submodule is used for decrypting the second verification ciphertext by utilizing the interaction private key in response to receiving the second verification ciphertext from the target terminal to obtain a second verification plaintext, wherein the second verification ciphertext is obtained by encrypting the second verification data by utilizing the interaction public key by the target terminal.
And the target channel second determining submodule is used for determining a target channel based on the interactive public key and the interactive private key in response to the second security verification result of the target terminal aiming at the second verification plaintext as security, wherein the second security verification result is obtained by the target terminal verifying the second verification plaintext by using the interactive public key.
It should be understood that the embodiments of the apparatus portion of the present disclosure correspond to the same or similar embodiments of the method portion of the present disclosure, and the technical problems to be solved and the technical effects to be achieved also correspond to the same or similar embodiments, which are not described herein in detail.
According to embodiments of the present disclosure, the present disclosure also provides an electronic device, a readable storage medium and a computer program product.
Fig. 8 illustrates a schematic block diagram of an example electronic device 800 that may be used to implement embodiments of the present disclosure. Electronic devices are intended to represent various forms of digital computers, such as laptops, desktops, workstations, personal digital assistants, servers, blade servers, mainframes, and other appropriate computers. The electronic device may also represent various forms of mobile devices, such as personal digital processing, cellular telephones, smartphones, wearable devices, and other similar computing devices. The components shown herein, their connections and relationships, and their functions, are meant to be exemplary only, and are not meant to limit implementations of the disclosure described and/or claimed herein.
As shown in fig. 8, the apparatus 800 includes a computing unit 801 that can perform various appropriate actions and processes according to a computer program stored in a Read Only Memory (ROM) 802 or a computer program loaded from a storage unit 808 into a Random Access Memory (RAM) 803. In the RAM 803, various programs and data required for the operation of the device 800 can also be stored. The computing unit 801, the ROM 802, and the RAM 803 are connected to each other by a bus 804. An input/output (I/O) interface 805 is also connected to the bus 804.
Various components in device 800 are connected to I/O interface 805, including: an input unit 806 such as a keyboard, mouse, etc.; an output unit 807 such as various types of displays, speakers, and the like; a storage unit 808, such as a magnetic disk, optical disk, etc.; and a communication unit 809, such as a network card, modem, wireless communication transceiver, or the like. The communication unit 809 allows the device 800 to exchange information/data with other devices via a computer network such as the internet and/or various telecommunication networks.
The computing unit 801 may be a variety of general and/or special purpose processing components having processing and computing capabilities. Some examples of computing unit 801 include, but are not limited to, a Central Processing Unit (CPU), a Graphics Processing Unit (GPU), various specialized Artificial Intelligence (AI) computing chips, various computing units running machine learning model algorithms, a Digital Signal Processor (DSP), and any suitable processor, controller, microcontroller, etc. The computing unit 801 performs the various methods and processes described above, such as communication methods. For example, in some embodiments, the communication method may be implemented as a computer software program tangibly embodied on a machine-readable medium, such as the storage unit 808. In some embodiments, part or all of the computer program may be loaded and/or installed onto device 800 via ROM 802 and/or communication unit 809. When a computer program is loaded into RAM 803 and executed by computing unit 801, one or more steps of the communication method described above may be performed. Alternatively, in other embodiments, the computing unit 801 may be configured to perform the communication method by any other suitable means (e.g., by means of firmware).
Various implementations of the systems and techniques described here above may be implemented in digital electronic circuitry, integrated circuit systems, field Programmable Gate Arrays (FPGAs), application Specific Integrated Circuits (ASICs), application Specific Standard Products (ASSPs), systems On Chip (SOCs), complex Programmable Logic Devices (CPLDs), computer hardware, firmware, software, and/or combinations thereof. These various embodiments may include: implemented in one or more computer programs, the one or more computer programs may be executed and/or interpreted on a programmable system including at least one programmable processor, which may be a special purpose or general-purpose programmable processor, that may receive data and instructions from, and transmit data and instructions to, a storage system, at least one input device, and at least one output device.
Program code for carrying out methods of the present disclosure may be written in any combination of one or more programming languages. These program code may be provided to a processor or controller of a general purpose computer, special purpose computer, or other programmable data processing apparatus such that the program code, when executed by the processor or controller, causes the functions/operations specified in the flowchart and/or block diagram to be implemented. The program code may execute entirely on the machine, partly on the machine, as a stand-alone software package, partly on the machine and partly on a remote machine or entirely on the remote machine or server.
In the context of this disclosure, a machine-readable medium may be a tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. The machine-readable medium may be a machine-readable signal medium or a machine-readable storage medium. The machine-readable medium may include, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any suitable combination of the foregoing. More specific examples of a machine-readable storage medium would include an electrical connection based on one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
To provide for interaction with a user, the systems and techniques described here can be implemented on a computer having: a display device (e.g., a CRT (cathode ray tube) or LCD (liquid crystal display) monitor) for displaying information to a user; and a keyboard and pointing device (e.g., a mouse or trackball) by which a user can provide input to the computer. Other kinds of devices may also be used to provide for interaction with a user; for example, feedback provided to the user may be any form of sensory feedback (e.g., visual feedback, auditory feedback, or tactile feedback); and input from the user may be received in any form, including acoustic input, speech input, or tactile input.
The systems and techniques described here can be implemented in a computing system that includes a background component (e.g., as a data server), or that includes a middleware component (e.g., an application server), or that includes a front-end component (e.g., a user computer having a graphical user interface or a web browser through which a user can interact with an implementation of the systems and techniques described here), or any combination of such background, middleware, or front-end components. The components of the system can be interconnected by any form or medium of digital data communication (e.g., a communication network). Examples of communication networks include: local Area Networks (LANs), wide Area Networks (WANs), and the internet.
The computer system may include a client and a server. The client and server are typically remote from each other and typically interact through a communication network. The relationship of client and server arises by virtue of computer programs running on the respective computers and having a client-server relationship to each other.
It should be appreciated that various forms of the flows shown above may be used to reorder, add, or delete steps. For example, the steps recited in the present disclosure may be performed in parallel or sequentially or in a different order, provided that the desired results of the technical solutions of the present disclosure are achieved, and are not limited herein.
The above detailed description should not be taken as limiting the scope of the present disclosure. It will be apparent to those skilled in the art that various modifications, combinations, sub-combinations and alternatives are possible, depending on design requirements and other factors. Any modifications, equivalent substitutions and improvements made within the spirit and principles of the present disclosure are intended to be included within the scope of the present disclosure.

Claims (24)

1. A communication system, comprising: the first terminal, the second terminal and the third terminal;
the third terminal is used for responding to a secret communication request instruction received from the first terminal and sending a first public key to the first terminal through a first channel and a second channel in sequence, wherein the first public key is used for encrypting first transmission data to generate a first transmission ciphertext, and the first transmission data is sent from the first terminal to the third terminal; the first channel is used for secret communication between the third terminal and the second terminal based on a first key pair, and the second channel is used for secret communication between the first terminal and the second terminal based on a second key pair; and
the third terminal is configured to perform secure communication with the first terminal based on a third key pair via a third channel between the first terminal and the third terminal, wherein the third key pair includes the first public key and a first private key, and the first private key is configured to decrypt the first transmission ciphertext.
2. The system of claim 1, wherein,
the first terminal is used for sending a target task execution instruction aiming at a third terminal to the third terminal;
the third terminal is used for responding to the target task execution instruction received from the first terminal and relating the first private key to the target task; and
the third terminal is further configured to perform the target task, where operation data of the target task is securely communicated between the third terminal and the first terminal through the third channel based on the third key pair.
3. The system of claim 2, wherein the target task comprises creating an isolated environment task; the third terminal is used for taking the first private key as a starting parameter of the task for creating the isolation environment, so that the third terminal associates the first private key with the target task, wherein the task for creating the isolation environment is used for creating the target isolation environment.
4. A system according to any of claims 1-3, wherein the third key pair further comprises a second public key and a second private key, wherein the second public key is used to encrypt second transmission data to generate a second transmission ciphertext, the second transmission data being sent from the third terminal to the first terminal, the second private key being used to decrypt the second transmission ciphertext.
5. The system according to any one of claim 1 to 3, wherein,
the first terminal is further configured to create the second channel according to a secret communication request instruction for the second terminal;
the second terminal is further configured to create the first channel according to a secret communication request instruction for the third terminal;
the first terminal is further configured to create the third channel according to a secret communication request instruction for the third terminal.
6. A method of communication, comprising:
in response to receiving a secure communication request instruction from a first terminal, transmitting a first public key to the first terminal via a first channel and a second channel in sequence, wherein the first public key is used for encrypting first transmission data to generate a first transmission ciphertext, and the first transmission data is transmitted from the first terminal to a third terminal; the first channel is used for secret communication based on a first key pair between the third terminal and a second terminal, and the second channel is used for secret communication based on a second key pair between the first terminal and the second terminal; and
and performing secure communication between the first terminal and the third terminal based on a third key pair via a third channel between the first terminal and the third terminal, wherein the third key pair comprises the first public key and a first private key, and the first private key is used for decrypting the first transmission ciphertext.
7. The method of claim 6, further comprising:
in response to receiving a target task execution instruction from the first terminal, associating the first private key to a target task; and
and executing the target task, wherein operation data of the target task are communicated with the first terminal in a secret mode through the third channel based on the third key pair.
8. The method of claim 7, wherein the target task comprises creating an isolated environment task; the associating the first private key to the target task includes:
and taking the first private key as a starting parameter of the task for creating the isolation environment, wherein the task for creating the isolation environment is used for creating a target isolation environment.
9. The method of any of claims 6-8, wherein the third key pair further comprises a second public key and a second private key, wherein the second public key is used to encrypt second transmission data to generate a second transmission ciphertext, the second transmission data sent from the third terminal to the first terminal, the second private key is used to decrypt the second transmission ciphertext.
10. A method of communication, comprising:
sending a secret communication request instruction to a third terminal through a second terminal;
receiving a first public key from the third terminal via a first channel and a second channel, wherein the first public key is used for encrypting first transmission data to generate a first transmission ciphertext, and the first transmission data is sent from a first terminal to the third terminal; the first channel is used for secret communication based on a first key pair between the third terminal and a second terminal, and the second channel is used for secret communication based on a second key pair between the first terminal and the second terminal; and
and performing secure communication between the first terminal and the third terminal based on a third key pair via a third channel between the first terminal and the third terminal, wherein the third key pair comprises the first public key and a first private key, and the first private key is used for decrypting the first transmission ciphertext.
11. The method of claim 10, further comprising:
creating a target channel in response to receiving a secure communication request instruction from a target terminal, wherein the target channel comprises at least one of the second channel and the third channel; the target key pair comprises at least one of the second key pair corresponding to the second channel and the third key pair corresponding to the third channel; and performing bidirectional secret communication between the third terminal associated with the target channel and the target terminal based on the target key pair, wherein the target terminal comprises the second terminal corresponding to the second channel and the third terminal corresponding to the third channel.
12. The method of claim 11, wherein the creating a target channel comprises:
encrypting an interaction public key and first verification data by using a target public key from a target terminal to obtain a first verification ciphertext, wherein the target key pair comprises the target public key and a target private key, the target private key is used for decrypting the received first verification ciphertext by the target terminal to obtain a first verification plaintext, the target public key is used for carrying out security verification on the first verification plaintext by the target terminal to obtain a first security verification result, and the second key pair comprises the interaction public key and the interaction private key under the condition that the target channel comprises the second channel; in the case that the target channel includes the third channel, the third key pair includes the interaction public key and the interaction private key; and
the target channel based on the target public key and the target private key is determined if the first security verification result characterizes the first verification plaintext as secure.
13. The method of claim 12, wherein the creating a target channel further comprises:
In response to receiving a second verification ciphertext from the target terminal, decrypting the second verification ciphertext by using the interaction private key to obtain a second verification plaintext, wherein the second verification ciphertext is obtained by encrypting second verification data by the target terminal by using the interaction public key; and
and determining the target channel based on the interaction public key and the interaction private key in response to the second security verification result of the target terminal for the second verification plaintext being secure, wherein the second security verification result is obtained by the target terminal verifying the second verification plaintext by using the interaction public key.
14. A communication device, comprising:
a first sending module, configured to send a first public key to a first terminal via a first channel and a second channel in sequence in response to receiving a secret communication request instruction from the first terminal, where the first public key is used to encrypt first transmission data to generate a first transmission ciphertext, and the first transmission data is sent from the first terminal to a third terminal; the first channel is used for secret communication based on a first key pair between the third terminal and a second terminal, and the second channel is used for secret communication based on a second key pair between the first terminal and the second terminal; and
And the first communication module is used for conducting secret communication between the first terminal and the third terminal based on a third key pair through a third channel between the first terminal and the third terminal, wherein the third key pair comprises the first public key and a first private key, and the first private key is used for decrypting the first transmission ciphertext.
15. The apparatus of claim 14, further comprising:
the first private key association module is used for associating the first private key to a target task in response to receiving a target task execution instruction from the first terminal; and
and the target task execution module is used for executing the target task, wherein the operation data of the target task is communicated with the first terminal in a secret mode through the third channel based on the third key pair.
16. The apparatus of claim 15, wherein the target task comprises creating an isolated environment task; the first private key association module includes:
and the first private key association sub-module is used for taking the first private key as a starting parameter of the task for creating the isolation environment, wherein the task for creating the isolation environment is used for creating the target isolation environment.
17. The apparatus of any of claims 14-16, wherein the third key pair further comprises a second public key and a second private key, wherein the second public key is used to encrypt second transmission data to generate a second transmission ciphertext, the second transmission data sent from the third terminal to the first terminal, the second private key is used to decrypt the second transmission ciphertext.
18. A communication device, comprising:
the second sending module is used for sending a secret communication request instruction to the third terminal through the second terminal;
a second receiving module, configured to receive a first public key from the third terminal via a first channel and a second channel, where the first public key is used to encrypt first transmission data to generate a first transmission ciphertext, and the first transmission data is sent from the first terminal to the third terminal; the first channel is used for secret communication based on a first key pair between the third terminal and a second terminal, and the second channel is used for secret communication based on a second key pair between the first terminal and the second terminal; and
and the second communication module is used for conducting secret communication between the first terminal and the third terminal based on a third key pair through a third channel between the first terminal and the third terminal, wherein the third key pair comprises the first public key and a first private key, and the first private key is used for decrypting the first transmission ciphertext.
19. The apparatus of claim 18, further comprising:
a target channel creation module, configured to create a target channel in response to receiving a secret communication request instruction from a target terminal, where the target channel includes at least one of the second channel and the third channel; the target key pair comprises at least one of the second key pair corresponding to the second channel and the third key pair corresponding to the third channel; and performing bidirectional secret communication between the third terminal associated with the target channel and the target terminal based on the target key pair, wherein the target terminal comprises the second terminal corresponding to the second channel and the third terminal corresponding to the third channel.
20. The apparatus of claim 19, wherein the target channel creation module comprises:
the first verification ciphertext determining sub-module is used for encrypting the interaction public key and the first verification data by utilizing a target public key from a target terminal to obtain a first verification ciphertext, wherein the target key pair comprises the target public key and a target private key, the target private key is used for decrypting the received first verification ciphertext by the target terminal to obtain a first verification plaintext, the target public key is used for carrying out security verification on the first verification plaintext by the target terminal to obtain a first security verification result, and the second key pair comprises the interaction public key and the interaction private key under the condition that the target channel comprises the second channel; in the case that the target channel includes the third channel, the third key pair includes the interaction public key and the interaction private key; and
A target channel first determination submodule, configured to, if the first security verification result characterizes that the first verification plaintext is secure, base on the target channel of the target public key and the target private key.
21. The apparatus of claim 20, wherein the target channel creation module further comprises:
the second verification plaintext determination submodule is used for decrypting the second verification ciphertext by utilizing the interaction private key in response to receiving the second verification ciphertext from the target terminal to obtain a second verification plaintext, wherein the second verification ciphertext is obtained by encrypting second verification data by utilizing the interaction public key by the target terminal; and
and a second target channel determining sub-module, configured to determine, in response to a second security verification result of the target terminal for the second verification plaintext being secure, the target channel based on the interaction public key and the interaction private key, where the second security verification result is obtained by the target terminal verifying the second verification plaintext using the interaction public key.
22. An electronic device, comprising:
at least one processor; and
A memory communicatively coupled to the at least one processor; wherein, the liquid crystal display device comprises a liquid crystal display device,
the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the method of any one of claims 6-9 or claims 10-13.
23. A non-transitory computer readable storage medium storing computer instructions for causing the computer to perform the method of any one of claims 6-9 or claims 10-13.
24. A computer program product comprising a computer program stored on at least one of a readable storage medium and an electronic device, which, when executed by a processor, implements the method according to any one of claims 6-9 or claims 10-13.
CN202310145637.9A 2023-02-21 2023-02-21 Communication system, method, device, apparatus and storage medium Pending CN116170209A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310145637.9A CN116170209A (en) 2023-02-21 2023-02-21 Communication system, method, device, apparatus and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310145637.9A CN116170209A (en) 2023-02-21 2023-02-21 Communication system, method, device, apparatus and storage medium

Publications (1)

Publication Number Publication Date
CN116170209A true CN116170209A (en) 2023-05-26

Family

ID=86419713

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310145637.9A Pending CN116170209A (en) 2023-02-21 2023-02-21 Communication system, method, device, apparatus and storage medium

Country Status (1)

Country Link
CN (1) CN116170209A (en)

Similar Documents

Publication Publication Date Title
EP3916604B1 (en) Method and apparatus for processing privacy data of block chain, device, storage medium and computer program product
CN113364760A (en) Data encryption processing method and device, computer equipment and storage medium
CN111327605B (en) Method, terminal, server and system for transmitting private information
CN113849835B (en) Key processing method, device, equipment and storage medium
US20230379167A1 (en) Systems and methods for out-of-band authenticity verification of mobile applications
CN113923655B (en) Data decryption receiving method and device based on adjacent nodes
CN112822177A (en) Data transmission method, device, equipment and storage medium
CN115208697A (en) Adaptive data encryption method and device based on attack behavior
CN113794706B (en) Data processing method and device, electronic equipment and readable storage medium
CN113992427B (en) Data encryption sending method and device based on adjacent nodes
CN113630412B (en) Resource downloading method, resource downloading device, electronic equipment and storage medium
CN114139176A (en) Industrial internet core data protection method and system based on state secret
CN112261015B (en) Information sharing method, platform, system and electronic equipment based on block chain
CN111400743B (en) Transaction processing method, device, electronic equipment and medium based on blockchain network
CN111064577A (en) Security authentication method and device and electronic equipment
CN116170180A (en) Encryption method, encryption device, storage medium and electronic equipment
CN115883199A (en) File transmission method and device, electronic equipment and storage medium
CN116170209A (en) Communication system, method, device, apparatus and storage medium
CN112700014B (en) Method, device, system and electronic equipment for deploying federal learning application
CN114793178A (en) Network distribution method and device
CN113961931A (en) Adb tool using method and device and electronic equipment
CN110166226B (en) Method and device for generating secret key
CN114338629A (en) Data processing method, device, equipment and medium
CN112565156A (en) Information registration method, device and system
CN116961906B (en) Network communication method, device, equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination