CN116233767A - Cluster intercom communication method, device, equipment and storage medium - Google Patents
Cluster intercom communication method, device, equipment and storage medium Download PDFInfo
- Publication number
- CN116233767A CN116233767A CN202310272600.2A CN202310272600A CN116233767A CN 116233767 A CN116233767 A CN 116233767A CN 202310272600 A CN202310272600 A CN 202310272600A CN 116233767 A CN116233767 A CN 116233767A
- Authority
- CN
- China
- Prior art keywords
- key
- service data
- encrypted
- encryption
- quantum
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 230000006854 communication Effects 0.000 title claims abstract description 120
- 238000004891 communication Methods 0.000 title claims abstract description 118
- 238000000034 method Methods 0.000 title claims abstract description 99
- 238000012545 processing Methods 0.000 claims abstract description 16
- 230000004044 response Effects 0.000 claims description 27
- 230000000694 effects Effects 0.000 claims description 7
- 230000008569 process Effects 0.000 description 15
- 230000005540 biological transmission Effects 0.000 description 12
- 238000010586 diagram Methods 0.000 description 9
- 238000004422 calculation algorithm Methods 0.000 description 8
- 230000006870 function Effects 0.000 description 8
- 238000005336 cracking Methods 0.000 description 6
- 238000004590 computer program Methods 0.000 description 5
- 238000004364 calculation method Methods 0.000 description 3
- 230000008878 coupling Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 101100382067 Saccharomyces cerevisiae (strain ATCC 204508 / S288c) BUD14 gene Proteins 0.000 description 2
- 230000006978 adaptation Effects 0.000 description 2
- 230000008859 change Effects 0.000 description 2
- 238000011161 development Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 238000012546 transfer Methods 0.000 description 2
- 238000013500 data storage Methods 0.000 description 1
- 230000007812 deficiency Effects 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000000926 separation method Methods 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W4/00—Services specially adapted for wireless communication networks; Facilities therefor
- H04W4/06—Selective distribution of broadcast services, e.g. multimedia broadcast multicast service [MBMS]; Services to user groups; One-way selective calling services
- H04W4/10—Push-to-Talk [PTT] or Push-On-Call services
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N7/00—Television systems
- H04N7/14—Systems for two-way working
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/03—Protecting confidentiality, e.g. by encryption
- H04W12/033—Protecting confidentiality, e.g. by encryption of the user plane, e.g. user's traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
- H04W12/041—Key generation or derivation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
- H04W12/043—Key management, e.g. using generic bootstrapping architecture [GBA] using a trusted network node as an anchor
- H04W12/0431—Key distribution or pre-distribution; Key agreement
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/70—Reducing energy consumption in communication networks in wireless communication networks
Landscapes
- Engineering & Computer Science (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- Computer Security & Cryptography (AREA)
- Multimedia (AREA)
- Telephonic Communication Services (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The disclosure provides a trunking intercom communication method, device, equipment and storage medium. The method comprises the following steps: encrypting the service data through a service data key generated in real time to obtain encrypted service data; encrypting the service data key by the encryption key based on the encryption key corresponding to the service data to obtain an encrypted service data key; and sending the encrypted service data key to a key platform for decryption and encryption processing, and sending the encrypted service data to target trunking intercom equipment so that the target trunking intercom equipment decrypts the encrypted service data based on the service data key processed by the key platform to obtain the service data. The method solves the problem of insufficient safety of large-scale audio and video communication in the prior art, ensures the safety of encryption service data keys and the safety of encryption service data to the maximum extent, and further ensures the safety of service data for communication to the maximum extent.
Description
Technical Field
The disclosure relates to the technical field of quantum encryption communication, and in particular relates to a trunking intercom communication method, device and equipment and a storage medium.
Background
Along with the development of communication technology, the traditional intelligent intercom with single-to-single voice transmission has been developed into a trunked intercom system with audio and video digital functions, and has been widely used. Through the public network platform, large-scale audio and video communication in the public network cluster can be supported simultaneously. At this time, stability, reliability and efficiency of the trunked intercom system need to be ensured.
However, under the condition of large-scale audio and video communication, the trunking intercom system still adopts the traditional encryption method to encrypt the transmitted data during communication, so that the security is insufficient, the password is easy to leak or be calculated and cracked, and the user is difficult to perceive and eavesdrop, thereby easily causing serious loss.
Disclosure of Invention
The disclosure provides a trunking intercom communication method, device, equipment and storage medium, so as to solve the problem of insufficient safety of large-scale audio and video communication in the prior art.
In a first aspect, the present disclosure provides a trunking intercom communication method, applied to trunking intercom equipment, the trunking intercom communication method includes:
encrypting the service data based on an encryption key corresponding to the service data to obtain encrypted service data, wherein the encryption key comprises a service data key;
Encrypting the service data key to obtain an encrypted service data key;
and sending the encrypted service data key to a key platform for decryption and encryption processing, and sending the encrypted service data to target trunking intercom equipment so that the target trunking intercom equipment decrypts the encrypted service data based on the service data key processed by the key platform to obtain the service data.
In a second aspect, the present disclosure provides a trunking intercom communication method, applied to a target trunking intercom device, the trunking intercom communication method including:
responding to the received encrypted service data, and acquiring a corresponding encrypted service data key from a key platform;
acquiring a corresponding service data key based on a preset encryption key and an encryption service data key;
and decrypting the encrypted service data based on the service data key to obtain corresponding service data.
In a third aspect, the present disclosure provides a trunking intercom communication method, applied to a key platform, the trunking intercom communication method including:
determining a corresponding service data key in response to the received encrypted service data key;
re-encrypting the service data key in response to the received application of the target cluster intercom equipment;
And sending the re-encrypted service data key to the trunking intercom equipment corresponding to the encrypted service data key.
In a fourth aspect, the present disclosure provides a trunking intercom communication apparatus, applied to trunking intercom equipment, including:
the first encryption module is used for encrypting the service data based on an encryption key corresponding to the service data to obtain encrypted service data, wherein the encryption key comprises a service data key;
the second encryption module is used for encrypting the service data key to obtain an encrypted service data key;
and the sending module is used for sending the encrypted service data key to the key platform for decryption and encryption processing, and sending the encrypted service data to the target trunking intercom equipment so that the target trunking intercom equipment decrypts the encrypted service data based on the service data key processed by the key platform to obtain the service data.
In a fifth aspect, the present disclosure provides a trunking intercom communication apparatus, applied to a target trunking intercom device, including:
the receiving module is used for responding to the received encrypted service data and acquiring a corresponding encrypted service data key from the key platform;
the decryption module is used for obtaining a corresponding service data key based on a preset encryption key and an encryption service data key;
And the determining module is used for decrypting the encrypted service data based on the service data key to obtain the corresponding service data.
In a sixth aspect, the present disclosure provides a trunked intercom communication apparatus, applied to a key platform, including:
the decryption module is used for responding to the received encrypted service data key and determining a corresponding service data key;
the encryption module is used for re-encrypting the service data key in response to the received application of the target trunking intercom equipment;
and the sending module is used for sending the re-encrypted service data key to the trunking intercom equipment corresponding to the encrypted service data key.
In a seventh aspect, the present disclosure also provides a control apparatus including:
at least one processor;
and a memory communicatively coupled to the at least one processor;
the memory stores instructions executable by the at least one processor, the instructions being executable by the at least one processor to cause the control device to perform a trunking intercom communication method according to any embodiment of the first aspect of the present disclosure; and/or, to cause the control device to execute a trunked intercom communication method as corresponding to any one of the embodiments of the second aspect of the present disclosure; and/or to cause the control device to execute a trunked intercom communication method according to any embodiment of the third aspect of the present disclosure.
In a fourth aspect, the present disclosure further provides a computer-readable storage medium, in which computer-executable instructions are stored, which when executed by a processor are configured to implement a trunked intercom communication method according to any one of the first aspects of the present disclosure; and/or computer-executable instructions, when executed by a processor, for implementing a trunked intercom communication method as in any of the second aspects of the present disclosure; and/or computer-executable instructions, when executed by a processor, for implementing a trunked intercom communication method as in any of the third aspects of the present disclosure.
In a fifth aspect, the present disclosure also provides a computer program product comprising computer-executable instructions for implementing a trunked intercom communication method as in any of the first aspects of the present disclosure when executed by a processor; and/or the computer-executable instructions, when executed by the processor, for implementing a trunked intercom communication method as in any of the second aspects of the present disclosure; and/or the computer-executable instructions, when executed by the processor, for implementing a trunked intercom communication method as in any of the third aspects of the present disclosure.
The trunking intercom communication method, device, equipment and storage medium provided by the disclosure encrypt service data by an encryption key corresponding to the service data to obtain encrypted service data, wherein the encryption key comprises a service data key; encrypting the service data key to obtain an encrypted service data key; and then sending the encrypted service data key to a key platform for decryption and encryption processing, and sending the encrypted service data to the target trunking intercom equipment so that the target trunking intercom equipment decrypts the encrypted service data based on the service data key processed by the key platform to obtain the service data. Therefore, the service data such as voice and video short messages and the like to be transmitted are encrypted through quantum encryption, and the secret keys are ensured to be different in each communication; simultaneously, the key of the service data is also encrypted, and the encrypted service data key is also transmitted to the target cluster intercom equipment through the key platform in-process instead of being directly transmitted, so that the protection of the encrypted service data key is realized; meanwhile, the key platform decrypts and re-encrypts the received encrypted service data keys so that the encrypted service data keys in different transmission stages are different from each other, thereby ensuring the safety of the encrypted service data keys and the safety of the encrypted service data to the maximum extent and further ensuring the safety of the service data for communication to the maximum extent.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the disclosure and together with the description, serve to explain the principles of the disclosure.
Fig. 1 is an application scenario diagram of a trunking intercom communication method according to an embodiment of the present disclosure;
fig. 2 is a flowchart of a trunked intercom communication method according to an embodiment of the present disclosure;
fig. 3 is a flowchart of a trunked intercom communication method according to another embodiment of the present disclosure;
fig. 4 is a flowchart of a trunked intercom communication method according to another embodiment of the present disclosure;
fig. 5 is a flowchart of a trunked intercom communication method according to another embodiment of the present disclosure;
fig. 6 is a flowchart of a trunked intercom communication method according to another embodiment of the present disclosure;
fig. 7 is a flowchart of a trunked intercom communication method according to another embodiment of the present disclosure;
fig. 8 is a schematic structural diagram of a trunked intercom communication device according to another embodiment of the present disclosure;
fig. 9 is a schematic structural diagram of a trunked intercom communication device according to another embodiment of the present disclosure;
fig. 10 is a schematic structural diagram of a trunked intercom communication device according to another embodiment of the present disclosure;
Fig. 11 is a schematic structural view of a control apparatus according to still another embodiment of the present disclosure.
Specific embodiments of the present disclosure have been shown by way of the above drawings and will be described in more detail below. These drawings and the written description are not intended to limit the scope of the disclosed concepts in any way, but rather to illustrate the disclosed concepts to those skilled in the art by reference to specific embodiments.
Detailed Description
Reference will now be made in detail to exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, the same numbers in different drawings refer to the same or similar elements, unless otherwise indicated. The implementations described in the following exemplary examples are not representative of all implementations consistent with the present disclosure. Rather, they are merely examples of apparatus and methods consistent with some aspects of the present disclosure as detailed in the accompanying claims.
The following describes the technical solutions of the present disclosure and how the technical solutions of the present disclosure solve the above technical problems in detail with specific embodiments. The following embodiments may be combined with each other, and the same or similar concepts or processes may not be described in detail in some embodiments. Embodiments of the present disclosure will be described below with reference to the accompanying drawings.
Along with the development of communication technology, the traditional intelligent intercom with single-pair and single-voice transmission has been developed into a trunked intercom system (including trunked intercom terminals, intercom platforms and other trunked intercom devices) with an audio/video digitizing function, and has been widely used. Through the public network platform, large-scale audio and video communication in the public network cluster can be supported simultaneously. At this time, stability, reliability and efficiency of the trunked intercom system need to be ensured.
In the conventional trunking intercom system, one trunking intercom device encrypts service data such as audio and video communication data to be transmitted through a preset encryption algorithm, then directly sends the encrypted service data to a target trunking intercom device, and the target trunking intercom device decrypts the encrypted service data based on a preset decryption algorithm to obtain a service data plaintext. However, under the condition of large-scale audio and video communication, the traditional encryption algorithm has serious safety deficiency, and the password is easy to leak or be calculated and cracked; even if the preset encryption algorithm and decryption algorithm are changed, the communication of the trunking intercom system is very easy to crack in a scene with extremely high communication frequency, and a user is difficult to perceive eavesdropping, so that serious loss is easily caused.
In order to solve the above problems, an embodiment of the present disclosure provides a trunking intercom communication method, which encrypts service data by an encryption key and then sends the encrypted service data key to a key platform separately to forward the encrypted service data key. Therefore, encryption of the service data key and separation from the service data sending channel are realized, the cracking difficulty is improved to the maximum extent, and the communication safety is improved.
The application scenario of the embodiments of the present disclosure is explained below:
fig. 1 is an application scenario diagram of a trunking intercom communication method according to an embodiment of the present disclosure. As shown in fig. 1, in the trunking intercom communication flow, after encrypting the service data to be transmitted, the trunking intercom device 100 encrypts the service data key, directly transmits the encrypted service data to the target trunking intercom device 110, transmits the encrypted service data key to the key platform 120, decrypts and re-encrypts the encrypted service data key by the key platform 120, and then transmits the encrypted service data key to the target trunking intercom device, so that the target trunking intercom device completes decryption of the encrypted service data key and the encrypted service data, thereby realizing transmission of the service data.
It should be noted that, in the scenario shown in fig. 1, the trunking talkback device, the target trunking talkback device, and the key platform are only illustrated by taking one example, but the disclosure is not limited thereto, that is, the number of trunking talkback devices, target trunking talkback devices, and key platforms may be arbitrary.
The trunking intercom communication method provided by the present disclosure is described in detail below through specific embodiments. It should be noted that the following embodiments may be combined with each other, and the same or similar concepts or processes may not be described in detail in some embodiments.
Fig. 2 is a flowchart of a trunked intercom communication method according to an embodiment of the present disclosure. The trunking intercom communication method is applied to trunking intercom equipment, as shown in fig. 2, and comprises the following steps:
step S201, encrypting the service data based on the encryption key corresponding to the service data to obtain encrypted service data.
Wherein the encryption key comprises a traffic data key.
Specifically, trunking intercom refers to that a large number of devices are simultaneously accessed into a communication network and mutually communicate through a plurality of different channels, and compared with a conventional intercom system, the data volume and the communication efficiency of communication can be obviously improved. And can support the communication of data such as audio frequency, video frequency, etc. among a plurality of devices, but the non-conventional intercom can only support the single function of voice communication.
The trunking intercom device can be a terminal supporting the trunking intercom function, or a platform supporting the trunking intercom function and capable of receiving and sending the service data in groups.
The service data refers to data including audio, video, program text, etc. that needs to be transmitted by the trunking talkback device, and is not limited to data of a specific service class. Opposite to the service data, the cluster intercom system sends out non-service data such as a key, positioning information and the like.
The cluster intercom equipment is internally provided with a plurality of types of encryption keys or generation modules of the encryption keys, wherein the generation modules of the service data keys are included, and the problems of easiness in cracking and low safety caused by adopting a fixed key are avoided through the service data keys generated in real time.
By encrypting the service data, the confidentiality of the service data is realized, and the leakage of the service data content is avoided.
Step S202, encrypting the service data key to obtain an encrypted service data key.
Specifically, in addition to encrypting the service data, the service data key of the encrypted service data needs to be encrypted, so that when the encrypted service data is transmitted to the target trunking intercom device, the encrypted service data key (i.e. the encrypted service data key) is sent to the target trunking device through the key platform, so that the target trunking device locally decrypts the encrypted service data based on the encrypted service data key received in real time, and decrypts the encrypted service data through the service data key obtained through decryption, therefore, when the target trunking intercom device obtains the service data plaintext, the target trunking intercom device needs to decrypt the encrypted service data key twice (decrypt the encrypted service data key and decrypt the encrypted service data), and compared with the existing trunking intercom communication method, the confidentiality and the security of the service data can be remarkably improved.
And step S203, the encrypted service data key is sent to a key platform for decryption and encryption processing, and the encrypted service data is sent to the target trunking intercom equipment, so that the target trunking intercom equipment decrypts the encrypted service data based on the service data key processed by the key platform, and service data is obtained.
Specifically, the encrypted service data key is not directly sent to the target trunking intercom equipment, but is sent to the key platform for processing and then is forwarded, so that the encrypted service data and the sending channels of the encrypted service data key are mutually separated, and the situation that the encrypted service data and the encrypted service data key are intercepted and cracked simultaneously when sent through the same channel is avoided; the encryption service data key is decrypted and re-encrypted by the key platform, so that the encryption service data key sent from the trunking talkback platform to the key platform and the encryption service data key sent from the key platform to the target trunking talkback device are different, the probability of interception and cracking of the encryption service data key is further reduced, and the security of service data is further improved to a great extent.
According to the trunking intercom communication method provided by the embodiment of the disclosure, the service data is encrypted based on the encryption key corresponding to the service data to obtain encrypted service data, and the encryption key comprises a service data key; encrypting the service data key to obtain an encrypted service data key; and then sending the encrypted service data key to a key platform for decryption and encryption processing, and sending the encrypted service data to the target trunking intercom equipment so that the target trunking intercom equipment decrypts the encrypted service data based on the service data key processed by the key platform to obtain the service data. Therefore, the service data such as voice and video short messages and the like to be transmitted are encrypted through quantum encryption, and the secret keys are ensured to be different in each communication; simultaneously, the key of the service data is also encrypted, and the encrypted service data key is also transmitted to the target cluster intercom equipment through the key platform in-process instead of being directly transmitted, so that the protection of the encrypted service data key is realized; meanwhile, the key platform decrypts and re-encrypts the received encrypted service data keys so that the encrypted service data keys in different transmission stages are different from each other, thereby ensuring the safety of the encrypted service data keys and the safety of the encrypted service data to the maximum extent and further ensuring the safety of the service data for communication to the maximum extent.
Fig. 3 is a flowchart of a trunking intercom communication method provided in the present disclosure. As shown in fig. 3, the trunking intercom communication method provided by the embodiment is applied to trunking intercom equipment, and includes the following steps:
step 301, encrypting the service data based on the encryption key corresponding to the service data to obtain encrypted service data.
Wherein the encryption key comprises a traffic data key.
Specifically, when service data to be transmitted is generated or received in the trunking intercom device, an encryption key used for encrypting the service data, namely, a service data key, is automatically generated.
In some embodiments, the traffic data key may be obtained by:
and using the generated quantum true random number as a service data key through a quantum encryption module.
Specifically, a quantum encryption module is pre-configured in the trunking intercom equipment, and can automatically generate a quantum true random number used as a service data key so as to ensure that the service data keys used in each time of encrypting the service data are different, thereby ensuring the security of the service data.
In practical application, after the quantum true random number is generated by the quantum encryption module, an information security protocol layer message is generated based on the quantum true random number on the basis of the existing trunking intercom service message, so that quantum encryption on service data is realized. The algorithm adopted by quantum encryption may be an SM4 encryption algorithm, and at this time, the message format of the security protocol layer obtained by quantum encryption is shown in the following table 1:
TABLE 1 message format of Security protocol layer obtained by Quantum encryption
Wherein: the initial mark length is generally fixed 4 bytes, and adopts a fixed format EAE0E1EA; the message length is typically 2 bytes and the high order is in front, and the checksum refers to the data (shaded) from the beginning of the message type (including the message type) to before the checksum; the message type is 2 bytes in length and the high order is in front, which is used to define the object for data interaction and define the security measure of the encapsulated data domain; the quantum cryptography encapsulates the data field, i.e., the encrypted ciphertext, which includes a quantum cryptography header (16 bytes long), the quantum cryptography data field, and a 4-byte long cryptographic MAC (collectively Message authentication code, i.e., a message authentication code).
The message type is represented by high-order 1 byte, and the specific type is shown in the following table 2:
TABLE 2 message format of Security protocol layer obtained by Quantum encryption
Thus, different kinds of message types can be represented by the byte.
In some embodiments, the low order 1 byte of the message type may be used to represent the traffic class.
Further, the encryption key further includes: a service quantum key corresponding to the service type, and a device quantum key corresponding to the device; the device quantum key comprises: the device identification key is used for indicating the identity of the trunking intercom device and the key encryption key is used for realizing encryption together with the business quantum key.
Specifically, the encryption key further comprises a service quantum key for encrypting the service data key, a key encryption key and an equipment identity key for indicating the equipment identity. The service data key is encrypted after the service quantum key is combined with the key encryption key, so that the encryption strength and the complexity of encrypting the service data key are effectively improved, the cracking difficulty is improved, and the security of the encrypted service data key, the service data key and the service data is further improved.
The service quantum key and the device quantum key are preconfigured on each group intercom device and the key platform. Besides these encryption keys, each trunking intercom device is generally configured with a device certificate for proving the identity of the device, and when the trunking intercom devices communicate with each other, the two-way identity authentication with the key platform is completed through the respective device identity key and the device certificate, and the quantum key adopts a one-card-one-secret mode (namely, the identity authentication corresponding to each device is unique in the device identity key).
The service quantum key is predetermined according to the service type, and the service quantum keys between the trunking intercom devices and the key platform are mutually universal.
The device quantum key on each cluster intercom device is fixed and unique (the device quantum key can be updated periodically, but the updated device quantum key still corresponds to the cluster intercom device).
The key encryption keys are also predetermined, the key encryption keys on all the devices are different, the service data key is encrypted after the service quantum key and the key encryption key are combined together, the encrypted key corresponding to each device is effectively guaranteed to be unique, and the repeated situation can not occur.
In some embodiments, the device quantum key and the traffic quantum key may be updated online according to policies. The common strategies are to update regularly according to the time period, or trigger online update when the key usage reaches a set threshold; the mode that the trunking intercom equipment is actively updated can also be adopted.
The service quantum key is updated online through key encryption key and service quantum key protection, firstly, the trunking intercom equipment acquires service quantum key updating parameters through the quantum encryption module, sends a message, the message content mainly comprises a quantum encryption module identifier and key request parameters, the message reaches a quantum cryptography service platform side (namely a key platform), the platform analyzes the message and generates a service quantum key to be updated, the service quantum key to be updated is exclusive-or with the service quantum key, the service quantum key to be updated is encrypted by the key encryption key, and then a response message is constructed to return to the trunking intercom equipment, so that the trunking intercom equipment interacts with the quantum encryption module to complete quantum key updating.
The format of the service quantum key update message is shown in the following tables 3 and 4:
table 3 service quantum key update request message format
Table 4 service quantum key update response message format
The identity authentication protocol message sends data messages of three frames according to the message types, and the corresponding values of the message types are 0xE070,0xE071 and 0xE072. The quantum encryption head mainly comprises a KID (i.e. key identification) of an encryption key of an encryption mode and a KID of a service quantum key which is exclusive-or with a service data key.
In addition, the device quantum key is updated online through the encryption protection of the key encryption key. Firstly, the trunking intercom equipment acquires equipment quantum key updating parameters through a quantum encryption module, a message is sent, the message content mainly comprises a quantum encryption module identifier and key request parameters, the message reaches a key platform side, the key platform analyzes the message to generate an equipment quantum key to be updated, the equipment quantum key to be updated is encrypted by the key encryption key, a response message is constructed and returned to the trunking intercom equipment, and the response message is interacted with the quantum encryption module to complete quantum key updating.
The device quantum key update message format is as follows:
Table 5 device quantum key update request message format
Table 6 device quantum key update response message format
The identity authentication protocol message sends data messages of three frames according to the message type, and the corresponding values of the message type are 0xE075, 0xE076 and 0xE077. The quantum encryption head mainly comprises an encryption mode and a KID of a key encryption key.
Step S302, determining the service type correspondence of the service data, and the service quantum key is used for encrypting the service data key.
Specifically, according to different service types of service data (such as audio type data, video data, non-audio-video file data and the like), corresponding selectable service quantum keys in the trunking intercom device are different (at least one service quantum key corresponding to each service type), so that different processing modes are adopted for messages with different properties, and dynamic encryption of the data is realized. In practical application, after determining service data to be transmitted, the trunking intercom device automatically determines the service type of the service data, and further automatically determines a corresponding service quantum key.
Step S303, combining the service data key with the service quantum key.
Specifically, by combining the service data key and the service quantum key, the complexity of the service data key can be improved, the cracking rate can be reduced, and the security of the service data key can be further improved.
In some embodiments, the encryption method for the service data key may use a boolean algorithm, for example, the service data key and the service quantum key are xored, so as to implement a combination of the two.
And step S304, the combination of the service data key and the service quantum key is encrypted by the key encryption key to obtain an encrypted service data key.
Specifically, on the basis of combining the service quantum key with the service data key, the combined result is encrypted by the key encryption key, so that triple encryption (encryption of the service data key, encryption of the combination of the service quantum key and the service data key and encryption of the key encryption key) of the service data is realized, and the security of the service data is furthest protected.
And step S305, the encrypted service data is sent to the target cluster intercom.
Specifically, after once encryption is performed on the service data, the service data can be directly transmitted to the target trunking intercom device (namely the target trunking intercom device), and multiple times of encryption is not needed on the service data.
Because the content length of the service data is usually much longer than that of the service data key, and the time required for decrypting the service data is much longer than that required for decrypting the service data key many times when the service data is encrypted many times, by encrypting the service data once and then encrypting the service data key twice (encryption of the service quantum key and the service data key and encryption of the key encryption key), triple encryption of the service data can be realized, the security of the service data can be ensured, the decryption efficiency can be ensured, and the protection effect on the service data can be furthest improved.
And step S306, sending the encrypted service data key to a key platform, so that the key platform decrypts the encrypted service data key based on the device quantum key and the service quantum key of the trunking talkback device, and encrypts the decrypted encrypted service data key based on the device quantum key and the service quantum key of the target trunking talkback device.
Specifically, the encrypted service data key is not directly sent to the trunking intercom device together with the encrypted service data, so that the encrypted service data and the encrypted service data key are respectively sent through different channels, the target trunking intercom device can acquire the encrypted service data key and the encrypted service data in different modes and transmit the encrypted service data key and the encrypted service data key through different channels, the situation that the encrypted service data and the encrypted service data key are intercepted and cracked at the same time when the encrypted service data and the encrypted service data key are sent through the same channel is avoided, and the security of the service data is further improved.
According to the trunking intercom communication method provided by the embodiment of the disclosure, the service data is encrypted based on the encryption key corresponding to the service data to obtain the encrypted service data, then the service type correspondence of the service data is determined, the service quantum key used for encrypting the service data key is used for carrying out encryption processing on the encryption key after the service data key is combined with the service quantum key, the encrypted service data key is obtained, and finally the encrypted service data is sent to target trunking intercom equipment and the encrypted service data key and the equipment quantum key are sent to a key platform respectively. Therefore, the quantum key is combined with the key of the service type and the device, multiple protection is realized on the service data, and dynamic protection can be realized according to the change of the service data; and the security of the service data is ensured to the greatest extent through the distribution of the encrypted service data and the encrypted service data key sub-channels.
Fig. 4 is a flowchart of a trunked intercom communication method provided in the present disclosure. As shown in fig. 4, the trunking intercom communication method provided in the present embodiment is applied to a target trunking intercom device, and includes the following steps:
step S401, corresponding encryption service data key is obtained from the key platform in response to the received encryption service data.
Specifically, the target trunking talkback device is a receiving target sent by the encrypted service data generated by the trunking talkback device in the embodiment shown in fig. 2 and fig. 3. The configuration in the target trunking talkback equipment is the same as that in the trunking talkback equipment, and the target trunking talkback equipment also has the configuration of a service quantum key, a device quantum key and the like, and can decrypt the encrypted service data according to the configuration.
Meanwhile, when receiving the encrypted service data sent by other trunking talkback devices, the target trunking talkback device can acquire a corresponding encrypted service data key from the key platform according to the ciphertext information.
The ciphertext information may be a part of encrypted service data sent by the trunking intercom device, or may be authentication information (i.e., information such as a device certificate and a device identity key) sent during synchronization.
Step S402, based on a preset encryption key and an encryption service data key, a corresponding service data key is obtained.
Specifically, after receiving the encrypted service data key sent by the key platform, the target trunking intercom device decrypts the encrypted service data key based on the pre-configured service quantum key and the device quantum key (the key encryption key in the device quantum key) to obtain the corresponding service data key.
Step S403, based on the service data key, decrypting the encrypted service data to obtain the corresponding service data.
Specifically, the final service data is obtained by decrypting the service data with the service data key. Therefore, the safety of the service data transmission process can be effectively ensured.
According to the trunking intercom communication method provided by the embodiment of the disclosure, the corresponding encryption service data key is obtained from the key platform in response to the received encryption service data, and then the encryption service data is decrypted based on the preset encryption key and the encryption service data key to obtain the corresponding service data. Therefore, decryption and reception of multiple encrypted service data are realized, the received encrypted service data and the encrypted service data secret key are respectively obtained from different channels, the security of the process of receiving the service data and related information is effectively ensured, and the security of the service data is further ensured.
Fig. 5 is a flowchart of a trunking intercom communication method provided in the present disclosure. As shown in fig. 5, the trunking intercom communication method provided in the present embodiment is applied to a target trunking intercom device, and includes the following steps:
step S501, in response to the received encrypted service data, determining the ciphertext identification corresponding to the encrypted service data.
Wherein the service data key comprises a key identification.
Specifically, the service data key, the encryption key, and the like related in the present embodiment all belong to the quantum key. Each quantum key contains two components, a key identification KID and a key value KV, whereby the quantum key can be represented as k= < KID, KV >. Each group of talkback devices has respective device information (i.e. information such as device certificates).
Thus, a set of quantum keys may be represented as d= {<KID i ,KV i >0.ltoreq.i.ltoreq.table number }, where the table number is used for the number of keys required (since there may be multiple keys required to be used at the same time, there may be multiple ones for the device quantum key, the traffic quantum key, or the traffic quantum key prepared in advance, as required).
After the target trunking talkback device receives the encrypted service data, the encrypted service data contains the corresponding key identifier (namely the quantum encryption head and the encrypted MAC in the table 1), and the encrypted service data key for decrypting the encrypted service data can be obtained from the key platform according to the key identifier, so that the encrypted service data is decrypted by the service data key obtained after the encrypted service data key is decrypted, and a service data plaintext is obtained.
Further, the preset encryption key mentioned in the embodiment shown in fig. 4 includes:
a service quantum key corresponding to the service type and a device quantum key corresponding to the target trunking intercom device; the device quantum key comprises: and the key encryption key is used for realizing encryption together with the service quantum key.
Specifically, the description related to the encryption key refers to the description in step S301 in the embodiment shown in fig. 3, where the target trunked intercom device is the same as the trunked intercom device (but the content of the key corresponding to the device itself, such as the specific device identity key, is different), which will not be described herein.
Step S502, based on the ciphertext identification, an application is sent to a key platform to acquire an encrypted service data key corresponding to the encrypted service data.
Specifically, after an application containing a ciphertext identifier is sent to a key platform, the key platform determines a corresponding encrypted service data key based on the ciphertext identifier, and determines a device quantum key of the target trunking intercom device according to the application, so as to re-encrypt the decrypted encrypted service data key based on the device quantum key, so that the target trunking intercom device can decrypt the encrypted service data key through the device quantum key and the service quantum key thereof, and obtain the service data key itself.
Step S503, determining a service quantum key corresponding to the service type of the encrypted service data key and used for decrypting the encrypted service data key.
Specifically, after receiving the encrypted service data key, the target trunking intercom device determines a service type in the encrypted service data based on information such as a message type, determines a service type corresponding to the encrypted service data key, and determines a service quantum key for alignment decryption based on the service type.
And step S504, after the key encryption key is combined with the service quantum key, decrypting the encrypted service data key to obtain the service data key.
Specifically, after the encrypted service data key is decrypted by the key encryption key, the service quantum key is used for exclusive or, so that the plaintext of the service data key can be obtained. The relative relationship between the keys may refer to the content related to step S303 to step S304 in the embodiment shown in fig. 3, which is not described herein.
Step S505, based on the service data key, decrypting the encrypted service data to obtain the corresponding service data.
Specifically, the encrypted service data can be directly decrypted through the service data key plaintext to obtain the service data plaintext, and the communication process of the service data is completed.
According to the trunking intercom communication method provided by the embodiment of the disclosure, the ciphertext identifier corresponding to the encrypted service data is determined by responding to the received encrypted service data, then the device quantum key is sent to the key platform based on the ciphertext identifier so as to obtain the encrypted service data key corresponding to the encrypted service data, the encrypted service data key is decrypted after the key encryption key is combined with the service quantum key, the service data key is obtained, and finally the encrypted service data is decrypted through the service data key, so that the corresponding service data is obtained. Therefore, the receiving and decrypting of the multiple encrypted service data at one side of the target trunking intercom equipment are realized, and the safety in the service data transmission process is effectively ensured.
Fig. 6 is a flowchart of a trunked intercom communication method provided in the present disclosure. As shown in fig. 6, the trunking intercom communication method provided in the present embodiment is applied to a key platform, and includes the following steps:
step S601, in response to the received encrypted service data key, determining a corresponding service data key.
Specifically, the key platform is a quantum key service platform, and is configured to receive an encrypted service data key sent by the trunking intercom device, perform transfer processing (i.e. decryption and re-encryption processing), and send the encrypted service data key to the corresponding target trunking intercom device.
This process involves a communication and mutual authentication process with the cluster talkback device/target cluster talkback device and a relay process within the key platform.
The authentication process is implemented based on authentication information (i.e., information such as a device certificate and a device identity key) sent by the trunking intercom device.
The trunking talkback devices are respectively recorded as an entity A, and the key platforms are respectively recorded as an entity B. Then TokenBA is authentication information sent from entity B to entity a and tokenbs is authentication information sent from entity a to entity B. At this time, the specific flow is as follows:
step one (not shown), the entity A generates a quantum random number Ra through a local quantum encryption module, and meanwhile, the Text1 is spliced and used as authentication data to be sent to the entity B.
Where text1=ida||ta, IDa is the identity of the quantum cryptography module in entity a, ta is the timestamp information, and||is the or operation symbol in boolean operation.
Step two (not shown), entity B receives authentication data sent by a, the calculation generates TokenBA, tokenBA =rb||text 3||fun1 (Kba, ra Rb Text 2) FUN2 (Sa, ra Rb Text 2).
Wherein text2=ida| IDb Ta Tb, text3=idb||tb. Rb is a quantum random number generated by a quantum encryption module in the entity B, tb is time stamp information of a quantum cryptography service platform, and Sa is a private key corresponding to a device certificate. FUN1 (Kba, X) is a function of an operation of block symmetric key encryption of specified data X using a one-way shared key Kba (hereinafter referred to as one-way key), such as an SM4 cryptographic operation of a GCM block. FUN2 (Sa, X) is a function of performing digest operation and then signature operation on the specified data X using a private key.
Thirdly (not shown), the entity A receives the data TokenBA sent by the entity B, calculates FUN1 (Kab, ra Rb IDa Ta Tb) and verifies whether the calculation result is consistent with the data in the received TokenBA; and verifying whether the certificate of the received entity B is valid or not, acquiring a valid public key if the certificate is valid, and checking the received signature data to ensure that the signed data is true and valid and contains a random number Ra.
When the verification is passed, a TokenAB is calculated and generated and returned to the entity B, wherein tokenab=text 5|fun 1 (Kab, rb|ra|text 4) |fun2 (Sb, ra|rb|text 4).
Wherein text4=idb| IDa Tb Ta. And transmits TokenAB to B. In this example, a preset shared key is used, and the one-way key Kba is identical to the one-way key Kab.
Step four (not shown), after entity B receives TokenAB sent by entity A, FUN1 (K, rb Ra IDb IDa Tb Ta) is calculated, and verifying whether the calculation result is consistent with the received data of the TokenAB, and verifying whether the received certificate of the entity A is valid. And if the signature is valid, acquiring a valid public key, and checking the signature of the received signature data, so that the signature data is real and valid and contains a random number Rb. And if the two-way identity authentication is consistent, the two-way identity authentication is successful.
The protocol layer message format of authentication is shown in table 7:
TABLE 7 identity authentication protocol layer message
The identity authentication protocol message sends three frames of data messages according to the message type, and the corresponding values of the message type are 0xE080, 0xE081 and 0xE082.
Further, the transfer process in the key platform comprises a process of decrypting the encrypted service data key based on the device quantum key and the service quantum key of the built-in trunking intercom device to obtain the service data key. The principle of the process is the same as that of decrypting the received encrypted service data key in the target trunking talkback device, and the description is omitted here.
Step S602, the service data key is re-encrypted in response to the received application of the target cluster intercom.
Specifically, in order to ensure that the target trunking talkback device can locally decrypt the encrypted service data key, the service data key needs to be re-encrypted based on the built-in device quantum key of the target talkback device to obtain a new encrypted service data key. The re-encryption process of the service data key can be referred to the content related to step S303 to step S304 in the embodiment shown in fig. 3, and the principle thereof is the same, so that the description thereof will not be repeated here.
The message format of the encrypted traffic data key is shown in table 8:
table 8 message format for encrypting service data keys
The message of the encrypted service data key sends data messages of three frames according to the message type, and the corresponding values of the message type are 0xE090, 0xE091 and 0xE092. The quantum encryption head mainly comprises an encryption mode, a KID of a key encryption key and a KID of a service quantum key combined with a service data key.
Step S603, the encrypted service data key after re-encryption is sent to the trunking intercom device corresponding to the encrypted service data key.
Specifically, the encrypted service data after re-encryption can be directly sent to the target trunking intercom device (namely, the trunking intercom device corresponding to the encrypted service data key), so that the part of the service data communication process in trunking intercom on the key platform is completed.
According to the trunking intercom communication method provided by the embodiment of the disclosure, the corresponding service data key is determined by responding to the received encrypted service data key, then the service data key is re-encrypted by responding to the received application of the target trunking intercom device, and the re-encrypted service data key is sent to the trunking intercom device corresponding to the encrypted service data key. Therefore, the receiving, transferring and sending of the encryption service data key are completed on one side of the key platform, so that the encryption service data key and the encryption service data are transmitted through different channels, decryption of the encryption service data key and decryption of the encryption service data can be completed locally on the target trunking intercom equipment, and the safety of the service data transmission process is guaranteed to the greatest extent.
Fig. 7 is a flowchart of a trunking intercom communication method provided in the present disclosure. As shown in fig. 7, the trunking intercom communication method provided in the present embodiment is applied to a key platform, and includes the following steps:
step S701, in response to the received encrypted service data key, determines a service quantum key for decrypting the encrypted service data key based on the service type of the encrypted service data key.
Specifically, referring to the structure of the encrypted service data key shown in table 8 and step S301 in the embodiment shown in fig. 3, when the key platform receives the encrypted service data key, it can determine its service type based on its message.
The key platform is internally provided with the same service quantum key as the trunking intercom equipment/the target trunking intercom equipment and the equipment quantum key corresponding to the trunking intercom equipment and the target trunking intercom equipment, and after the service type of the received encrypted service data key is determined, the service quantum key for decryption can be found out from the prefabricated service quantum key and combined with the corresponding equipment quantum key, so that the decryption and re-encryption of the service data key are realized.
And step S702, decrypting the encrypted service data key through the key encryption key and the service quantum key corresponding to the trunking intercom equipment to obtain the service data key.
Specifically, when the encrypted service data key is received, the corresponding trunking intercom equipment can be determined through the message, so that the equipment quantum key corresponding to the built-in trunking intercom equipment can be determined, and at the moment, the decryption of the encrypted service data key can be completed based on the combination of the key encryption key in the equipment quantum key and the service quantum key, and the plaintext of the service data key is obtained.
The specific decryption process may refer to the related description in the embodiment shown in fig. 5, and will not be described herein.
Step S703, determining a service quantum key corresponding to the service type of the service data key and used for encrypting the service data key.
Specifically, after receiving the encrypted service data key sent by the trunking talkback device, the key platform also receives an application for obtaining the encrypted service data key sent by the target trunking talkback device, and at this time, the key platform can re-encrypt the decrypted service data key based on the built-in service quantum key and the device quantum key.
First, there remains a need to determine a traffic quantum key for encrypting a traffic data key.
In some embodiments, the service quantum key in step S701 may be directly selected to re-encrypt the service data key, so that the security of the service data is not affected (because the obtained encrypted service data key may change, that is, the encrypted service data key is different when transmitted between different devices/key platforms, and the cracking difficulty cannot be reduced).
The re-encryption process involved in this step may refer to the description in step S303 in the embodiment shown in fig. 3, and will not be repeated here,
And step S704, combining the service quantum key with the device quantum key corresponding to the target trunking intercom device, and re-encrypting the service data key.
Specifically, the process of re-encrypting the plaintext of the service data key based on the key encryption key in the service quantum key and the device quantum key may refer to the description in step S304 in the embodiment shown in fig. 3, which is not described herein.
Step S705, the encrypted service data key after re-encryption is sent to the trunking intercom device corresponding to the encrypted service data key.
Specifically, the content of this step is the same as that of step S603 in the embodiment shown in fig. 6, and the details are not repeated here.
According to the trunking intercom communication method provided by the embodiment of the disclosure, the service quantum key used for decrypting the encrypted service data key is determined based on the service type of the encrypted service data key by responding to the received encrypted service data key, then the encrypted service data key is decrypted through the key encryption key and the service quantum key to obtain the service data key, the service quantum key which corresponds to the service type of the service data key and is used for encrypting the service data key is determined, the service quantum key is combined with the device quantum key of the target trunking intercom device, the service data key is re-encrypted, and finally the encrypted service data key after re-encryption is sent to the trunking intercom device corresponding to the encrypted service data key. Therefore, the method and the device realize that on one side of a key platform, the encrypted service data key is received and decrypted based on the device quantum key and the encrypted service data key which are sent by the trunking intercom device, and the decrypted service data key is encrypted and sent again based on the target trunking intercom device, so that the encrypted service data key and the encrypted service data are transmitted through different channels, the encrypted service data key in different transmission stages is identical in the Uzu, decryption of the encrypted service data key and decryption of the encrypted service data can be completed locally in the target trunking intercom device, and the safety of a service data transmission process and a decryption process is effectively ensured.
Fig. 8 is a schematic structural diagram of a trunking intercom communication device provided in the present disclosure. As shown in fig. 8, the trunking intercom communication device 800 is applied to trunking intercom equipment, and its implementation principle and technical effects are fully described in the foregoing embodiments, and are not described herein again.
The trunked intercom communication apparatus 800 includes: a first encryption module 810, a second encryption module 820, and a transmission module 830. Wherein:
the first encryption module 810 is configured to encrypt the service data based on an encryption key corresponding to the service data, to obtain encrypted service data, where the encryption key includes a service data key;
a second encryption module 820, configured to encrypt the service data key to obtain an encrypted service data key;
and the sending module 830 is configured to send the encrypted service data key to the key platform for decryption and encryption, and send the encrypted service data to the target trunking intercom device, so that the target trunking intercom device decrypts the encrypted service data based on the service data key processed by the key platform, and obtains service data.
Optionally, the first encryption module 810 is specifically configured to obtain, when the quantum encryption module is disposed in the trunking intercom device, the service data key by: and using the generated quantum true random number as a service data key through a quantum encryption module.
Optionally, the first encryption module 810 specifically includes that the encryption key further includes: a service quantum key corresponding to the service type, and a device quantum key corresponding to the device; the device quantum key comprises: the device identification key is used for indicating the identity of the trunking intercom device and the key encryption key is used for realizing encryption together with the business quantum key.
Optionally, the second encryption module 820 is specifically configured to determine that the service type of the service data corresponds, and is configured to encrypt the service quantum key of the service data key; combining the service data key with the service quantum key; and carrying out encryption processing on the combination of the service data key and the service quantum key through the key encryption key to obtain an encrypted service data key.
Optionally, the sending module 830 is specifically configured to send the encrypted service data key to the key platform when the service quantum key is configured in the key platform, so that the key platform decrypts the encrypted service data key based on the device quantum key and the service quantum key of the trunked talkback device, and encrypts the decrypted encrypted service data key based on the device quantum key and the service quantum key of the target trunked talkback device.
Fig. 9 is a schematic structural diagram of a trunking intercom communication device provided in the present disclosure. As shown in fig. 9, the trunking intercom communication device 900 is applied to the target trunking intercom device, and its implementation principle and technical effects are fully described in the foregoing embodiments, and are not described herein again.
The trunked intercom communication apparatus 900 includes: a receiving module 910, a decrypting module 920 and a determining module 930. Wherein:
a receiving module 910, configured to obtain, in response to the received encrypted service data, a corresponding encrypted service data key from the key platform;
the decryption module 920 is configured to obtain a corresponding service data key based on a preset encryption key and an encrypted service data key;
and the determining module 930 is configured to decrypt the encrypted service data based on the service data key to obtain corresponding service data.
Optionally, the decryption module 920 specifically includes that the preset encryption key includes: a service quantum key corresponding to the service type and a device quantum key corresponding to the target trunking intercom device; the device quantum key comprises: and the key encryption key is used for realizing encryption together with the service quantum key.
Optionally, the receiving module 910 is specifically configured to, when the service data key includes a key identifier, determine, in response to the received encrypted service data, a ciphertext identifier corresponding to the encrypted service data; and sending the device quantum key to a key platform based on the ciphertext identification so as to acquire an encrypted service data key corresponding to the encrypted service data.
Optionally, the decryption module 920 is specifically configured to determine a service quantum key corresponding to a service type of the encrypted service data key and configured to decrypt the encrypted service data key; after the key encryption key is combined with the service quantum key, the encrypted service data key is decrypted to obtain the service data key; and decrypting the encrypted service data through the service data key to obtain the corresponding service data.
Fig. 10 is a schematic structural diagram of a trunking intercom communication device provided in the present disclosure. As shown in fig. 10, the trunked intercom communication device 1000 is applied to the key platform, and its implementation principle and technical effects are fully described in the foregoing embodiments, and are not described herein again.
The trunked intercom communication device 1000 includes: a decryption module 1010, an encryption module 1020, and a transmission module 1030. Wherein:
a decryption module 1010, configured to determine a corresponding service data key in response to the received encrypted service data key;
an encryption module 1020, configured to re-encrypt the service data key in response to the received application of the target trunking intercom device;
and the sending module 1030 is configured to send the encrypted service data key after re-encryption to the trunking intercom device corresponding to the encrypted service data key.
Optionally, the decryption module 1010 specifically includes a service quantum key corresponding to the service type and a device quantum key corresponding to the trunking intercom device and the target trunking intercom device configured in the key platform, where the device quantum key includes a key encryption key for implementing encryption in cooperation with the service quantum key.
Optionally, the decryption module 1010 is specifically configured to, in response to the received encrypted service data key, determine a service quantum key for decrypting the encrypted service data key based on a service type of the encrypted service data key; and decrypting the encrypted service data key through the key encryption key and the service quantum key corresponding to the trunking intercom equipment to obtain the service data key.
Optionally, the encryption module 1020 is specifically configured to determine a service quantum key corresponding to a service type of the service data key and used for encrypting the service data key; and combining the service quantum key with the device quantum key corresponding to the target trunking intercom device, and re-encrypting the service data key.
Fig. 11 is a schematic structural diagram of a control device provided in the present disclosure, and as shown in fig. 11, the control device 1100 includes: a memory 1110 and a processor 1120.
Wherein the memory 1110 stores computer programs executable by the at least one processor 1120. The computer program is executed by the at least one processor 1120 to cause the control apparatus to implement the trunked intercom communication method as provided in any of the embodiments above.
Wherein the memory 1110 and the processor 1120 may be connected via a bus 1130.
The relevant descriptions and effects corresponding to the relevant description and effects corresponding to the method embodiments may be understood, and are not repeated herein.
An embodiment of the present disclosure provides a computer-readable storage medium having stored thereon a computer program that is executed by a processor to implement a trunked intercom communication method of any of the embodiments as corresponds to fig. 2 to 7.
The computer readable storage medium may be, among other things, ROM, random Access Memory (RAM), CD-ROM, magnetic tape, floppy disk, optical data storage device, etc.
An embodiment of the present disclosure provides a computer program product containing computer-executable instructions for implementing a trunked intercom communication method as in any of the embodiments corresponding to fig. 2 to 7 when executed by a processor.
In the several embodiments provided in the present disclosure, it should be understood that the disclosed apparatus and method may be implemented in other manners. For example, the apparatus embodiments described above are merely illustrative, e.g., the division of modules is merely a logical function division, and there may be additional divisions of actual implementation, e.g., multiple modules or components may be combined or integrated into another system, or some features may be omitted, or not performed. Alternatively, the coupling or direct coupling or communication connection shown or discussed with each other may be an indirect coupling or communication connection via some interfaces, devices or modules, which may be in electrical, mechanical, or other forms.
Other embodiments of the disclosure will be apparent to those skilled in the art from consideration of the specification and practice of the disclosure disclosed herein. This disclosure is intended to cover any adaptations, uses, or adaptations of the disclosure following the general principles of the disclosure and including such departures from the present disclosure as come within known or customary practice within the art to which the disclosure pertains. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the disclosure being indicated by the following claims.
It is to be understood that the present disclosure is not limited to the precise arrangements and instrumentalities shown in the drawings, and that various modifications and changes may be effected without departing from the scope thereof. The scope of the present disclosure is limited only by the appended claims.
Claims (18)
1. The trunking intercom communication method is characterized by being applied to trunking intercom equipment, and comprises the following steps:
encrypting the service data based on an encryption key corresponding to the service data to obtain encrypted service data, wherein the encryption key comprises the service data key;
encrypting the service data key to obtain an encrypted service data key;
And sending the encrypted service data key to a key platform for decryption and encryption processing, and sending the encrypted service data to target trunking intercom equipment, so that the target trunking intercom equipment decrypts the encrypted service data based on the service data key processed by the key platform to obtain the service data.
2. The trunking intercom communication method according to claim 1, wherein a quantum encryption module is arranged in the trunking intercom device, and the service data key is obtained by the following method:
and using the generated quantum true random number as the service data key through a quantum encryption module.
3. The trunked intercom communication method according to any of claims 1 or 2, wherein the encryption key further comprises:
a service quantum key corresponding to the service class,
and a device quantum key corresponding to the device;
the device quantum key comprises: and the key encryption key is used for realizing encryption together with the service quantum key.
4. The trunked intercom communication method of claim 3 wherein encrypting the service data key to obtain an encrypted service data key comprises:
Determining a service quantum key corresponding to the service type of the service data and used for encrypting the service data key;
combining the service data key with the service quantum key;
and carrying out encryption processing on the combination of the service data key and the service quantum key through the key encryption key to obtain the encrypted service data key.
5. The trunked intercom communication method of claim 3 wherein the key platform is internally configured with a traffic quantum key,
the step of sending the encrypted service data key to a key platform for decryption and encryption processing comprises the following steps:
and sending the encrypted service data key to a key platform, so that the key platform decrypts the encrypted service data key based on the device quantum key of the trunking intercom device and the service quantum key, and encrypts the decrypted encrypted service data key based on the device quantum key of the target trunking intercom device and the service quantum key.
6. The trunking intercom communication method is characterized by being applied to target trunking intercom equipment, and comprises the following steps:
Responding to the received encrypted service data, and acquiring a corresponding encrypted service data key from a key platform;
acquiring a corresponding service data key based on a preset encryption key and the encryption service data key;
and decrypting the encrypted service data based on the service data key to obtain corresponding service data.
7. The trunked intercom communication method of claim 6 wherein the predetermined encryption key comprises:
a service quantum key corresponding to the service class,
and a device quantum key corresponding to the target cluster intercom device;
the device quantum key comprises:
and the key encryption key is used for realizing encryption together with the service quantum key.
8. The trunked intercom communication method of claim 7 wherein the service data key comprises a key identification,
the obtaining, in response to the received encrypted service data, a corresponding encrypted service data key from a key platform, including:
determining a ciphertext identifier corresponding to the encrypted service data in response to the received encrypted service data;
and applying for the key platform based on the ciphertext identification to acquire an encrypted service data key corresponding to the encrypted service data.
9. The trunked intercom communication method according to claim 8, wherein the obtaining the corresponding service data key based on the preset encryption key and the encrypted service data key includes:
determining a service quantum key corresponding to the service type of the encrypted service data key and used for decrypting the encrypted service data key;
and after the key encryption key is combined with the service quantum key, decrypting the encrypted service data key to obtain the service data key.
10. A trunking intercom communication method, characterized in that it is applied to a key platform, said method comprising:
determining a corresponding service data key in response to the received encrypted service data key;
re-encrypting the service data key in response to the received application of the target cluster intercom device;
and sending the re-encrypted service data key to the trunking intercom equipment corresponding to the encrypted service data key.
11. The trunking intercom communication method of claim 10 wherein the key platform is internally configured with a service quantum key corresponding to a service class and a device quantum key corresponding to trunking intercom device and target trunking intercom device,
The device quantum key includes a key encryption key for co-operating with the traffic quantum key to effect encryption.
12. The trunked intercom communication method of claim 11 wherein the determining the corresponding traffic data key in response to the received encrypted traffic data key comprises:
determining a service quantum key for decrypting the encrypted service data key based on the service type of the encrypted service data key in response to the received encrypted service data key;
and decrypting the encrypted service data key through a key encryption key and a service quantum key corresponding to the trunking talkback equipment to obtain the service data key.
13. The trunked intercom communication method of claim 11 wherein the re-encrypting the traffic data key in response to the received application by the target trunked intercom device comprises:
determining a service quantum key corresponding to the service type of the service data key and used for encrypting the service data key;
and combining the service quantum key with the device quantum key corresponding to the target trunking intercom equipment, and re-encrypting the service data key.
14. The utility model provides a cluster intercom communication device which characterized in that is applied to cluster intercom equipment, includes:
the first encryption module is used for encrypting the service data based on an encryption key corresponding to the service data to obtain encrypted service data, wherein the encryption key comprises the service data key;
the second encryption module is used for encrypting the service data key to obtain an encrypted service data key;
and the sending module is used for sending the encrypted service data key to a key platform for decryption and encryption processing, and sending the encrypted service data to target trunking intercom equipment so that the target trunking intercom equipment decrypts the encrypted service data based on the service data key processed by the key platform to obtain the service data.
15. The cluster intercom communication device is characterized by being applied to target cluster intercom equipment, and comprising:
the receiving module is used for responding to the received encrypted service data and acquiring a corresponding encrypted service data key from the key platform;
the decryption module is used for obtaining a corresponding service data key based on a preset encryption key and the encryption service data key;
And the determining module is used for decrypting the encrypted service data based on the service data key to obtain corresponding service data.
16. A trunked intercom communication device, characterized in that it is applied to a key platform, comprising:
the decryption module is used for responding to the received encrypted service data key and determining a corresponding service data key;
the encryption module is used for re-encrypting the service data key in response to the received application of the target trunking intercom equipment;
and the sending module is used for sending the re-encrypted service data key to the trunking intercom equipment corresponding to the encrypted service data key.
17. A control apparatus, characterized by comprising:
at least one processor;
and a memory communicatively coupled to the at least one processor;
wherein the memory stores instructions executable by the at least one processor to cause the control device to perform the trunked intercom communication method of any of claims 1 to 5; and/or to cause the control device to perform the trunked intercom communication method of any of claims 6 to 9; and/or to cause the control device to perform the trunked intercom communication method of any of claims 10 to 13.
18. A computer readable storage medium, wherein computer executable instructions are stored in the computer readable storage medium, the computer executable instructions when executed by a processor being configured to implement the trunked intercom communication method of any of claims 1 to 5; and/or the computer-executable instructions, when executed by a processor, for implementing a trunked intercom communication method as claimed in any of claims 6 to 9; and/or the computer-executable instructions, when executed by a processor, for implementing a trunked intercom communication method as claimed in any of claims 10 to 13.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202310272600.2A CN116233767B (en) | 2023-03-20 | 2023-03-20 | Cluster intercom communication method, device, equipment and storage medium |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202310272600.2A CN116233767B (en) | 2023-03-20 | 2023-03-20 | Cluster intercom communication method, device, equipment and storage medium |
Publications (2)
Publication Number | Publication Date |
---|---|
CN116233767A true CN116233767A (en) | 2023-06-06 |
CN116233767B CN116233767B (en) | 2024-04-30 |
Family
ID=86575102
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202310272600.2A Active CN116233767B (en) | 2023-03-20 | 2023-03-20 | Cluster intercom communication method, device, equipment and storage medium |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN116233767B (en) |
Citations (19)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20010055395A1 (en) * | 1998-03-02 | 2001-12-27 | Dean H. Vogler | Method for transferring an encryption key |
CN101137123A (en) * | 2007-04-09 | 2008-03-05 | 中兴通讯股份有限公司 | Encrypted group calling, individual calling, and dynamic restructuring call implementing method of cluster system |
WO2012129929A1 (en) * | 2011-03-31 | 2012-10-04 | 中兴通讯股份有限公司 | Method, system and appararus for secure transmission of media message |
CN103986723A (en) * | 2014-05-28 | 2014-08-13 | 大唐移动通信设备有限公司 | Secret communication control and secret communication method and device |
CN104144049A (en) * | 2014-03-11 | 2014-11-12 | 腾讯科技(深圳)有限公司 | Encryption communication method, system and device |
CN106790281A (en) * | 2017-02-23 | 2017-05-31 | 深圳市沃阳精密科技有限公司 | A kind of end-to-end voice encryption device and encryption method towards intercom system |
CN108075890A (en) * | 2016-11-16 | 2018-05-25 | 中兴通讯股份有限公司 | Data sending terminal, data receiver, data transmission method and system |
CN109088810A (en) * | 2017-06-14 | 2018-12-25 | 北京信威通信技术股份有限公司 | Communication means, device, relevant device, system and the storage medium of group message |
CN110620650A (en) * | 2018-06-20 | 2019-12-27 | 中国电信股份有限公司 | Communication method, system, device and computer readable storage medium |
CN110799941A (en) * | 2017-06-30 | 2020-02-14 | 微软技术许可有限责任公司 | Data protection against theft and tampering |
CN111901553A (en) * | 2020-07-16 | 2020-11-06 | 南京百家云科技有限公司 | Data encryption and decryption method, device, equipment, server and storage medium |
CN112260832A (en) * | 2020-12-17 | 2021-01-22 | 南京易科腾信息技术有限公司 | Information encryption, decryption and control method and device and electronic equipment |
CN112600836A (en) * | 2020-12-10 | 2021-04-02 | 北京字节跳动网络技术有限公司 | Form data processing method, equipment and storage medium |
US20210218714A1 (en) * | 2020-01-14 | 2021-07-15 | Cisco Technology, Inc. | Managing Encrypted Server-Name-Indication (ESNI) at Proxy Devices |
CN113612608A (en) * | 2021-08-13 | 2021-11-05 | 中电信量子科技有限公司 | Method and system for realizing cluster encryption of dual-mode interphone based on public network |
CN114598462A (en) * | 2022-02-28 | 2022-06-07 | 西安电子科技大学 | End-to-end key generation method based on dynamic adjustment in quantum metropolitan area network |
CN114765546A (en) * | 2020-12-30 | 2022-07-19 | 海能达通信股份有限公司 | End-to-end hard encryption method, system, encryption equipment and key management server |
CN114980089A (en) * | 2021-02-22 | 2022-08-30 | 华为技术有限公司 | Security protection method and device for multicast or broadcast service data |
CN115529130A (en) * | 2022-11-25 | 2022-12-27 | 无锡沐创集成电路设计有限公司 | Data processing method, terminal, server, system, device, medium and product |
-
2023
- 2023-03-20 CN CN202310272600.2A patent/CN116233767B/en active Active
Patent Citations (19)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20010055395A1 (en) * | 1998-03-02 | 2001-12-27 | Dean H. Vogler | Method for transferring an encryption key |
CN101137123A (en) * | 2007-04-09 | 2008-03-05 | 中兴通讯股份有限公司 | Encrypted group calling, individual calling, and dynamic restructuring call implementing method of cluster system |
WO2012129929A1 (en) * | 2011-03-31 | 2012-10-04 | 中兴通讯股份有限公司 | Method, system and appararus for secure transmission of media message |
CN104144049A (en) * | 2014-03-11 | 2014-11-12 | 腾讯科技(深圳)有限公司 | Encryption communication method, system and device |
CN103986723A (en) * | 2014-05-28 | 2014-08-13 | 大唐移动通信设备有限公司 | Secret communication control and secret communication method and device |
CN108075890A (en) * | 2016-11-16 | 2018-05-25 | 中兴通讯股份有限公司 | Data sending terminal, data receiver, data transmission method and system |
CN106790281A (en) * | 2017-02-23 | 2017-05-31 | 深圳市沃阳精密科技有限公司 | A kind of end-to-end voice encryption device and encryption method towards intercom system |
CN109088810A (en) * | 2017-06-14 | 2018-12-25 | 北京信威通信技术股份有限公司 | Communication means, device, relevant device, system and the storage medium of group message |
CN110799941A (en) * | 2017-06-30 | 2020-02-14 | 微软技术许可有限责任公司 | Data protection against theft and tampering |
CN110620650A (en) * | 2018-06-20 | 2019-12-27 | 中国电信股份有限公司 | Communication method, system, device and computer readable storage medium |
US20210218714A1 (en) * | 2020-01-14 | 2021-07-15 | Cisco Technology, Inc. | Managing Encrypted Server-Name-Indication (ESNI) at Proxy Devices |
CN111901553A (en) * | 2020-07-16 | 2020-11-06 | 南京百家云科技有限公司 | Data encryption and decryption method, device, equipment, server and storage medium |
CN112600836A (en) * | 2020-12-10 | 2021-04-02 | 北京字节跳动网络技术有限公司 | Form data processing method, equipment and storage medium |
CN112260832A (en) * | 2020-12-17 | 2021-01-22 | 南京易科腾信息技术有限公司 | Information encryption, decryption and control method and device and electronic equipment |
CN114765546A (en) * | 2020-12-30 | 2022-07-19 | 海能达通信股份有限公司 | End-to-end hard encryption method, system, encryption equipment and key management server |
CN114980089A (en) * | 2021-02-22 | 2022-08-30 | 华为技术有限公司 | Security protection method and device for multicast or broadcast service data |
CN113612608A (en) * | 2021-08-13 | 2021-11-05 | 中电信量子科技有限公司 | Method and system for realizing cluster encryption of dual-mode interphone based on public network |
CN114598462A (en) * | 2022-02-28 | 2022-06-07 | 西安电子科技大学 | End-to-end key generation method based on dynamic adjustment in quantum metropolitan area network |
CN115529130A (en) * | 2022-11-25 | 2022-12-27 | 无锡沐创集成电路设计有限公司 | Data processing method, terminal, server, system, device, medium and product |
Non-Patent Citations (1)
Title |
---|
刘磊;曲延盛;李明;朱尤祥;王云霄;: "电力量子保密通信研究与应用进展", 山东电力技术, no. 08, 25 August 2018 (2018-08-25) * |
Also Published As
Publication number | Publication date |
---|---|
CN116233767B (en) | 2024-04-30 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2017185999A1 (en) | Method, apparatus and system for encryption key distribution and authentication | |
WO2017185692A1 (en) | Key distribution and authentication method, apparatus and system | |
CN112640510B (en) | Method and apparatus for establishing a wireless secure link while maintaining privacy from tracking | |
CN101867898B (en) | Short message encrypting communication system, method and secret key center | |
CN108347404B (en) | Identity authentication method and device | |
CN101600204B (en) | File transmission method and system | |
CN101340443A (en) | Session key negotiating method, system and server in communication network | |
US20130236019A1 (en) | Intercepting key sessions | |
CN109981584B (en) | Block chain-based distributed social contact method | |
CN112671710B (en) | Security encryption device based on national cryptographic algorithm, bidirectional authentication and encryption method | |
CN110087240B (en) | Wireless network security data transmission method and system based on WPA2-PSK mode | |
CN103338437A (en) | Encryption method and system of mobile instant message | |
CN103118363A (en) | Method, system, terminal device and platform device of secret information transmission | |
US20020199102A1 (en) | Method and apparatus for establishing a shared cryptographic key between energy-limited nodes in a network | |
CN107249002B (en) | Method, system and device for improving safety of intelligent electric energy meter | |
CN109981271A (en) | A kind of network multimedia security protection encryption method | |
CN112291196B (en) | End-to-end encryption method and system suitable for instant messaging | |
CN107623682B (en) | Instruction transmission system based on double channels | |
CN102739660B (en) | Key exchange method for single sign on system | |
CN111371551A (en) | Quantum key synchronous relay device | |
CN106487761B (en) | Message transmission method and network equipment | |
WO2017080142A1 (en) | Key distribution, generation and reception method, and related apparatus | |
CN116233767B (en) | Cluster intercom communication method, device, equipment and storage medium | |
CN112019553B (en) | Data sharing method based on IBE/IBBE | |
WO2008004174A2 (en) | Establishing a secure authenticated channel |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |