CN116232572A

CN116232572A - Key application method and device, electronic equipment and storage medium

Info

Publication number: CN116232572A
Application number: CN202211718635.6A
Authority: CN
Inventors: 秦立永; 孙风荣; 潘廷勇; 王艳辉
Original assignee: Visionvera Information Technology Co Ltd
Current assignee: Visionvera Information Technology Co Ltd
Priority date: 2022-12-29
Filing date: 2022-12-29
Publication date: 2023-06-06

Abstract

The embodiment of the invention provides a key application method and device. The method comprises the following steps: receiving multicast data; the multicast data carries a multicast address, the multicast address is searched in the history application data under the condition that the encryption key corresponding to the multicast address is not searched, the encryption key corresponding to the multicast address is applied to the key management system under the condition that the multicast address does not exist in the history application data, and the multicast address is added into the history application data, so that after the encryption key is applied to the same multicast address, the encryption key is not repeatedly applied to the same multicast address, the problem of repeated application caused by the multicast data of the same multicast address in a short time is avoided, the influence on the operation of an encryption module and the key management system is reduced, and the encryption processing and key application efficiency is improved.

Description

Key application method and device, electronic equipment and storage medium

Technical Field

The present invention relates to the field of data processing technologies, and in particular, to a key application method, a key application apparatus, an electronic device, and a computer readable storage medium.

Background

When the encryption module receives the multicast data to be encrypted, an encryption key corresponding to the multicast address of the multicast data is required to be obtained through table lookup. When the corresponding encryption key cannot be found through the table lookup, the encryption module is required to apply the encryption key corresponding to the multicast address to the key management system.

In some scenarios, for example, audio and video data, multicast data of the same multicast address may come together, and if a corresponding encryption key cannot be found by looking up a table each time, a key application action is initiated, so that a great number of repeated applications are caused, the operation of the encryption module and the key management system is seriously affected, and the encryption processing and the key application efficiency are affected.

Disclosure of Invention

In view of the above, embodiments of the present invention have been made to provide a key application method, a corresponding key application device, an electronic apparatus, and a computer-readable storage medium that overcome or at least partially solve the above-described problems.

In order to solve the above problems, an embodiment of the present invention discloses a key application method, which includes:

receiving multicast data; wherein, the multicast data carries a multicast address;

searching the multicast address in the history application data under the condition that the encryption key corresponding to the multicast address is not searched;

and under the condition that the multicast address does not exist in the historical application data, applying an encryption key corresponding to the multicast address to a key management system, and adding the multicast address into the historical application data.

Optionally, the searching the multicast address in the historical application data without searching the encryption key corresponding to the multicast address includes:

searching a corresponding encryption key stored in the encryption chip according to the multicast address;

and searching the multicast address in the historical application data stored in the target block memory of the encryption chip under the condition that the encryption key corresponding to the multicast address is not searched.

Optionally, the adding the multicast address to the historical application data includes:

setting the current write address as a starting write address in the target block memory under the condition that the current write address corresponding to the multicast address exceeds a preset address;

and writing the multicast address into the target block memory according to the set current write address.

Optionally, the method further comprises:

suspending encryption processing of the multicast data under the condition that the multicast address exists in the history application data;

searching a corresponding encryption key according to the multicast address every preset time length;

and under the condition that the encryption key corresponding to the multicast address is searched, adopting the encryption key to encrypt the multicast data.

The embodiment of the invention also discloses a key application device, which comprises:

the data receiving module is used for receiving multicast data; wherein, the multicast data carries a multicast address;

the address searching module is used for searching the multicast address in the historical application data under the condition that the encryption key corresponding to the multicast address is not searched;

and the key application module is used for applying an encryption key corresponding to the multicast address to a key management system under the condition that the multicast address does not exist in the historical application data, and adding the multicast address into the historical application data.

Optionally, the address lookup module includes:

the key searching sub-module is used for searching a corresponding encryption key stored in the encryption chip according to the multicast address;

and the address searching sub-module is used for searching the multicast address in the historical application data stored in the target block memory of the encryption chip under the condition that the encryption key corresponding to the multicast address is not searched.

Optionally, the key application module includes:

an address setting sub-module, configured to set, when a current write address corresponding to the multicast address exceeds a preset address, the current write address as a start write address in the target block memory;

and the address writing sub-module is used for writing the multicast address into the target block memory according to the set current writing address.

Optionally, the apparatus further comprises:

a processing suspending module, configured to suspend encryption processing of the multicast data when the multicast address exists in the history application data;

the key searching module is used for searching a corresponding encryption key according to the multicast address every preset time length;

and the encryption processing module is used for carrying out encryption processing on the multicast data by adopting the encryption key under the condition of searching the encryption key corresponding to the multicast address.

The embodiment of the invention also discloses an electronic device, which comprises:

one or more processors; and

one or more machine readable media having instructions stored thereon, which when executed by the one or more processors, cause the apparatus to perform the key application method of any of the above.

The embodiment of the invention also discloses a computer readable storage medium, which stores a computer program for causing a processor to execute the key application method according to any one of the above.

According to the embodiment of the invention, multicast data is received; the multicast data carries a multicast address, the multicast address is searched in the history application data under the condition that the encryption key corresponding to the multicast address is not searched, the encryption key corresponding to the multicast address is applied to the key management system under the condition that the multicast address does not exist in the history application data, and the multicast address is added into the history application data, so that after the encryption key is applied to the same multicast address, the encryption key is not repeatedly applied to the same multicast address, the problem of repeated application caused by the multicast data of the same multicast address in a short time is avoided, the influence on the operation of an encryption module and the key management system is reduced, and the encryption processing and key application efficiency is improved.

Drawings

FIG. 1 is a flow chart of steps of an embodiment of a key application method of the present invention;

FIG. 2 is a schematic diagram of a key application flow;

FIG. 3 is a flow chart of steps of yet another key application method embodiment of the present invention;

FIG. 4 is a block diagram of the structure of an FPGA-based encryption chip;

FIG. 5 is a schematic diagram of a multicast address write process;

FIG. 6 is a block diagram of an embodiment of a key application device of the present invention;

fig. 7 is a block diagram illustrating a structure of an electronic device for key application according to an exemplary embodiment.

Detailed Description

In order that the above-recited objects, features and advantages of the present invention will become more readily apparent, a more particular description of the invention will be rendered by reference to the appended drawings and appended detailed description.

Referring to fig. 1, a flowchart illustrating steps of an embodiment of a key application method of the present invention is shown, and the method may specifically include the steps of:

step 101, receiving multicast data; wherein the multicast data carries a multicast address.

In the embodiment of the invention, the multicast data refers to the data sent by a certain target group, and the target group is called a multicast group, so that when an active host sends information demands to a multipoint target host, the source host only sends one data, and the destination address of the data is a multicast address, so that all the members belonging to the group can receive a copy of the data sent by the source host, and in the multicast mode, only the really needed members can receive the information, and other hosts cannot receive the information. Multicast data will carry a multicast address. For example, the encryption module receives multicast data that needs to be encrypted.

Step 102, searching the multicast address in the history application data under the condition that the encryption key corresponding to the multicast address is not searched.

In the embodiment of the present invention, the historical application data refers to data recorded by an application when applying for an encryption key corresponding to a multicast address, for example, storing the multicast address corresponding to the application as the historical application data.

In the embodiment of the invention, the multicast address is resolved from the multicast data. And searching a corresponding encryption key according to the multicast address, if the encryption key corresponding to the multicast address is stored before, acquiring the corresponding encryption key, and then encrypting the multicast data by using the encryption key. If the encryption key corresponding to the multicast address is not found, the multicast address is found in the historical application data.

And step 103, applying an encryption key corresponding to the multicast address to a key management system and adding the multicast address to the historical application data under the condition that the multicast address does not exist in the historical application data.

In the embodiment of the invention, the key management system is a software system for providing key management service, and can provide management service for operations such as generation, storage, update, inquiry, revocation, archiving, backup, recovery and the like of an encryption key for a user. The key management system can be deployed on a remote server or on a local host.

In the embodiment of the invention, if the multicast address does not exist in the historical application data, the application is not sent for the multicast address. Therefore, an application is sent to the key management system to apply for the encryption key corresponding to the multicast address. The key management system generates an encryption key according to the multicast address, and then returns the encryption key for searching the encryption key according to the multicast address of the multicast data, and encrypts the multicast data by using the encryption key.

In the embodiment of the invention, the multicast address is added to the historical application data while the encryption key is applied to the key management system, so that the same multicast address carried by the subsequent multicast data can be found in the historical application data.

In an optional embodiment of the present invention, if the multicast address exists in the history application data, the multicast data may be discarded without applying an encryption key corresponding to the multicast address to the key management system, that is, without encrypting the multicast data, and the processing ends and waits for the next multicast data. Especially for audio and video data, the real-time requirement on multicast data processing is high, so that the multicast data is not required to be encrypted and is directly discarded.

For example, a schematic diagram of a key application flow as shown in fig. 2. And receiving the multicast data to be encrypted, searching an encryption key corresponding to the multicast address of the multicast data, and if the encryption key is found, processing the multicast data. If the encryption key is not found, the RAM (Random Access Memory ) is searched for the multicast address. If the multicast address is not found, the processing is finished and the next multicast data is waited. If the multicast address is found, the key application is submitted.

In an alternative embodiment of the present invention, it may further include: and under the condition that the multicast address exists in the historical application data, pausing the encryption processing of the multicast data, searching a corresponding encryption key according to the multicast address every preset time length, and adopting the encryption key to encrypt the multicast data under the condition that the encryption key corresponding to the multicast address is searched.

If the multicast address exists in the historical application data, the encryption processing of the multicast data is suspended. And then searching the corresponding encryption key again according to the multicast address every preset time length. And if the encryption key corresponding to the multicast address is found, adopting the encryption key to encrypt the multicast data. The preset duration can be set according to actual conditions, and the embodiment of the invention is not limited to the setting.

Referring to fig. 3, a flowchart illustrating steps of yet another embodiment of a key application method of the present invention is shown, the method may specifically include the steps of:

step 201, receiving multicast data; wherein the multicast data carries a multicast address.

In the embodiments of the present invention, the specific implementation manner of this step may be referred to the description in the foregoing embodiments, which is not repeated herein.

Step 202, searching the corresponding encryption key stored in the encryption chip according to the multicast address.

In the embodiment of the invention, the encryption chip is a chip capable of encrypting data, for example, an encryption chip based on an FPGA (Field-Programmable Gate Array, field programmable gate array), wherein the FPGA is a high-performance and low-power-consumption programmable logic device, can directly generate a circuit to calculate an algorithm, can be purposefully designed according to the algorithm and an algorithm index, has very high execution and calculation efficiency, and is suitable for an online identification system focusing on the execution efficiency. The encryption chip includes a memory area that can be used to store the multicast address and the corresponding encryption key.

In the embodiment of the invention, after receiving the multicast data, the encryption chip analyzes the multicast address, and then searches the stored corresponding encryption key according to the multicast address. For example, the encryption chip stores an address key table, and the address key table searches for a corresponding encryption key according to the multicast address.

Step 203, searching the multicast address in the history application data stored in the target block memory of the encryption chip under the condition that the encryption key corresponding to the multicast address is not found.

In the embodiment of the invention, the encryption chip is integrated with the block memory, and the block memory, namely the target block memory, is arranged in the encryption chip and used for recording historical application data, so that the filtering of repeated application of the secret key is realized. For example, a specific random access memory resource BRAM (Block RAM) in the FPGA is set as a target Block memory.

In the embodiment of the invention, the multicast address is searched in the historical application data stored in the target block memory. If the multicast address is found, the application is sent to the key management system, and if the multicast address is not found, the application is sent to the key management system, wherein the application is indicated to the multicast address.

Step 204, applying for an encryption key corresponding to the multicast address to a key management system and adding the multicast address to the historical application data when the multicast address does not exist in the historical application data.

For example, a Soft Core processor (Soft IP Core) is used in the FPGA, and an application request of an encryption key corresponding to the multicast address is sent to the key management system by the Soft Core processor. As shown in the structural block diagram of the FPGA-based encryption chip shown in fig. 4, the key search unit in the encryption chip is configured to search the stored corresponding encryption key according to the multicast address, if the encryption key is not found, search the multicast address in the target block memory (RAM), and if the multicast address is not found, submit the key application through the soft core processor.

In an optional embodiment of the present invention, adding the multicast address to a specific implementation of the historical application data may include: and setting the current write address as a starting write address in the target block memory under the condition that the current write address corresponding to the multicast address exceeds a preset address. And writing the multicast address into the target block memory according to the set current write address.

The history application data is stored in the target block memory. When the target block memory is used, setting the termination address of the memory space of the target block memory as a preset address. In the process of writing the multicast address into the target block memory, when the current write address exceeds a preset address, setting the current write address as a starting write address in the target block memory, and then writing the multicast address into the target block memory according to the set current write address to cover the previous content. And when the current write address does not exceed the preset address, writing the multicast address into the target block memory directly according to the current write address.

For example, as shown in the schematic diagram of the multicast address writing process shown in fig. 5, the RAM memory depth is set to N, if the write address > N, the write address is return to 0, and if the write address < N, the write address is +1.

According to the embodiment of the invention, multicast data is received; the multicast data carries a multicast address, the corresponding encryption key stored in the encryption chip is searched according to the multicast address, the multicast address is searched in the history application data stored on the target block memory of the encryption chip under the condition that the encryption key corresponding to the multicast address is not searched, the encryption key corresponding to the multicast address is applied to the key management system under the condition that the multicast address does not exist in the history application data, and the multicast address is added to the history application data, so that the encryption key is repeatedly applied to the same multicast address after the encryption key is applied to the same multicast address, the problem that a large number of repeated applications are caused by the multicast data of the same multicast address in a short time is avoided, the influence on the operation of an encryption module and the key management system is reduced, and the efficiency of encryption processing and key application is improved.

It should be noted that, for simplicity of description, the method embodiments are shown as a series of acts, but it should be understood by those skilled in the art that the embodiments are not limited by the order of acts, as some steps may occur in other orders or concurrently in accordance with the embodiments. Further, those skilled in the art will appreciate that the embodiments described in the specification are presently preferred embodiments, and that the acts are not necessarily required by the embodiments of the invention.

Referring to fig. 6, a block diagram of an embodiment of a key application device of the present invention is shown, which may specifically include the following modules:

a data receiving module 301, configured to receive multicast data; wherein, the multicast data carries a multicast address;

an address searching module 302, configured to search the multicast address in the historical application data if the encryption key corresponding to the multicast address is not found;

and the key application module 303 is configured to apply, to a key management system, an encryption key corresponding to the multicast address when the multicast address does not exist in the historical application data, and add the multicast address to the historical application data.

Optionally, the address lookup module includes:

Optionally, the key application module includes:

Optionally, the apparatus further comprises:

For the device embodiments, since they are substantially similar to the method embodiments, the description is relatively simple, and reference is made to the description of the method embodiments for relevant points.

Fig. 7 is a block diagram illustrating a configuration of an electronic device 700 for key application, according to an example embodiment. For example, the electronic device 700 may be a mobile phone, computer, digital broadcast terminal, messaging device, game console, tablet device, medical device, exercise device, personal digital assistant, or the like.

Referring to fig. 7, an electronic device 700 may include one or more of the following components: a processing component 702, a memory 704, a power component 706, a multimedia component 708, an audio component 710, an input/output (I/O) interface 712, a sensor component 714, and a communication component 716.

The processing component 702 generally controls overall operation of the electronic device 700, such as operations associated with display, telephone calls, data communications, camera operations, and recording operations. The processing assembly 702 may include one or more processors 720 to execute instructions to perform all or part of the steps of the furnace shutdown control method described above. Further, the processing component 702 can include one or more modules that facilitate interaction between the processing component 702 and other components. For example, the processing component 702 may include a multimedia module to facilitate interaction between the multimedia component 708 and the processing component 702.

Memory 704 is configured to store various types of data to support operations at device 700. Examples of such data include instructions for any application or method operating on the electronic device 700, contact data, phonebook data, messages, pictures, videos, and so forth. The memory 704 may be implemented by any type or combination of volatile or nonvolatile memory devices such as Static Random Access Memory (SRAM), electrically erasable programmable read-only memory (EEPROM), erasable programmable read-only memory (EPROM), programmable read-only memory (PROM), read-only memory (ROM), magnetic memory, flash memory, magnetic or optical disk.

The power component 704 provides power to the various components of the electronic device 700. Power component 704 can include a power management system, one or more power sources, and other components associated with generating, managing, and distributing power for electronic device 700.

The multimedia component 708 includes a screen between the electronic device 700 and the user that provides an output interface. In some embodiments, the screen may include a Liquid Crystal Display (LCD) and a Touch Panel (TP). If the screen includes a touch panel, the screen may be implemented as a touch screen to receive input signals from a user. The touch panel includes one or more touch sensors to sense touches, swipes, and gestures on the touch panel. The touch sensor may sense not only the boundary of a touch or slide action, but also the duration and pressure associated with the touch or slide operation. In some embodiments, the multimedia component 708 includes a front-facing camera and/or a rear-facing camera. When the electronic device 700 is in an operational mode, such as a shooting mode or a video mode, the front camera and/or the rear camera may receive external multimedia data. Each front camera and rear camera may be a fixed optical lens system or have focal length and optical zoom capabilities.

The audio component 710 is configured to output and/or input audio signals. For example, the audio component 710 includes a Microphone (MIC) configured to receive external audio signals when the electronic device 700 is in an operational mode, such as a call mode, a recording mode, and a voice recognition mode. The received audio signals may be further stored in the memory 704 or transmitted via the communication component 716. In some embodiments, the audio component 710 further includes a speaker for outputting audio signals.

The I/O interface 712 provides an interface between the processing component 702 and peripheral interface modules, which may be a keyboard, click wheel, buttons, etc. These buttons may include, but are not limited to: homepage button, volume button, start button, and lock button.

The sensor assembly 714 includes one or more sensors for providing status assessment of various aspects of the electronic device 700. For example, the sensor assembly 714 may detect an on/off state of the device 700, a relative positioning of the components, such as a display and keypad of the electronic device 700, a change in position of the electronic device 700 or a component of the electronic device 700, the presence or absence of a user's contact with the electronic device 700, an orientation or acceleration/deceleration of the electronic device 700, and a change in temperature of the electronic device 700. The sensor assembly 714 may include a proximity sensor configured to detect the presence of nearby objects without any physical contact. The sensor assembly 714 may also include a light sensor, such as a CMOS or CCD image sensor, for use in imaging applications. In some embodiments, the sensor assembly 714 may also include an acceleration sensor, a gyroscopic sensor, a magnetic sensor, a pressure sensor, or a temperature sensor.

The communication component 716 is configured to facilitate communication between the electronic device 700 and other devices, either wired or wireless. The electronic device 700 may access a wireless network based on a communication standard, such as WiFi,2G, or 3G, or a combination thereof. In one exemplary embodiment, the communication part 714 receives a broadcast signal or broadcast-related information from an external broadcast management system via a broadcast channel. In one exemplary embodiment, the communication component 714 further includes a Near Field Communication (NFC) module to facilitate short range communications. For example, the NFC module may be implemented based on Radio Frequency Identification (RFID) technology, infrared data association (IrDA) technology, ultra Wideband (UWB) technology, bluetooth (BT) technology, and other technologies.

In an exemplary embodiment, the electronic device 700 may be implemented by one or more Application Specific Integrated Circuits (ASICs), digital Signal Processors (DSPs), digital Signal Processing Devices (DSPDs), programmable Logic Devices (PLDs), field Programmable Gate Arrays (FPGAs), controllers, microcontrollers, microprocessors, or other electronic elements for performing the above-described furnace shutdown control method.

In an exemplary embodiment, a non-transitory computer readable storage medium is also provided, such as a memory 704 including instructions executable by the processor 720 of the electronic device 700 to perform the above-described furnace shutdown control method. For example, the non-transitory computer readable storage medium may be ROM, random Access Memory (RAM), CD-ROM, magnetic tape, floppy disk, optical data storage device, etc.

A non-transitory computer readable storage medium, which when executed by a processor of a terminal, causes the terminal to perform a key application method, the method comprising:

Optionally, the method further comprises:

In this specification, each embodiment is described in a progressive manner, and each embodiment is mainly described by differences from other embodiments, and identical and similar parts between the embodiments are all enough to be referred to each other.

It will be apparent to those skilled in the art that embodiments of the present invention may be provided as a method, apparatus, or computer program product. Accordingly, embodiments of the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, embodiments of the invention may take the form of a computer program product on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, etc.) having computer-usable program code embodied therein.

Embodiments of the present invention are described with reference to flowchart illustrations and/or block diagrams of methods, terminal devices (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing terminal device to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing terminal device, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.

These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

While preferred embodiments of the present invention have been described, additional variations and modifications in those embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. It is therefore intended that the following claims be interpreted as including the preferred embodiment and all such alterations and modifications as fall within the scope of the embodiments of the invention.

Finally, it is further noted that relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Moreover, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or terminal that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or terminal. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article or terminal device comprising the element.

The above description of a key application method and a key application device provided by the present invention applies specific examples to illustrate the principles and embodiments of the present invention, and the above examples are only used to help understand the method and core ideas of the present invention; meanwhile, as those skilled in the art will have variations in the specific embodiments and application scope in accordance with the ideas of the present invention, the present description should not be construed as limiting the present invention in view of the above.

Claims

1. A key application method, the method comprising:

2. The method of claim 1, wherein searching the historical application data for the multicast address without searching for an encryption key corresponding to the multicast address comprises:

3. The method of claim 2, wherein the adding the multicast address to the historical application data comprises:

4. The method according to claim 1, wherein the method further comprises:

5. A key application device, the device comprising:

6. The apparatus of claim 5, wherein the address lookup module comprises:

7. The apparatus of claim 6, wherein the key application module comprises:

8. The apparatus of claim 5, wherein the apparatus further comprises:

9. An electronic device, comprising:

one or more processors; and

one or more machine readable media having instructions stored thereon, which when executed by the one or more processors, cause the apparatus to perform the key application method of any of claims 1 to 4.

10. A computer-readable storage medium, characterized in that it stores a computer program causing a processor to execute the key application method according to any one of claims 1 to 4.