CN1604534A - Method for acquiring key by user through service data carried key information - Google Patents
Method for acquiring key by user through service data carried key information Download PDFInfo
- Publication number
- CN1604534A CN1604534A CN 03154459 CN03154459A CN1604534A CN 1604534 A CN1604534 A CN 1604534A CN 03154459 CN03154459 CN 03154459 CN 03154459 A CN03154459 A CN 03154459A CN 1604534 A CN1604534 A CN 1604534A
- Authority
- CN
- China
- Prior art keywords
- multicast
- key
- group
- broadcast business
- sign
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Abstract
This invention discloses a method to get code key for user through operation data portable code key information, which comprises the following: to establish relationship between code key parameters and code key parameters identification for multi-broadcasting or broadcasting user; the users simultaneously send out the encoded multi-broadcasting or broadcasting operation information and code key parameter identification; the users gets the current group of coded key according to the relationship between received code key parameter identification and stored coded key parameters and the code key parameters identification.
Description
Technical field
The present invention relates to data transmission technology, be meant that especially mode that user in a kind of cordless communication network carries key information by business datum obtains the method for encryption key.
Background technology
In cordless communication network, multicast/broadcast business is meant the unidirectional bearer service that a bit arrives multiple spot, and multicast/broadcast business information is sent by a former entity, and a plurality of entities receive, as shown in Figure 1, multicast/broadcast business information by the multicast broadcast transmission to a plurality of terminals.In certain zone, the user who has subscribed to multicast/broadcast business can enjoy the service of multicast/broadcast business.Multicast is meant can provide multicast, have the functional entity that key generates management function concurrently, can be in cordless communication network newly-increased functional entity, also can be the functional entity in the existing wireless communications network or the combination of a plurality of functional entitys.
In multicast/broadcast business, for preventing from not subscribe to the service that multicast/broadcast business or unpaid user enjoy multicast/broadcast business, shared group encryption key need be set in multicast/broadcast business, and multicast/broadcast business user and provide the multicast of multicast/broadcast business to know is provided group encryption key, and does not subscribe to multicast/broadcast business or unpaid user haves no right to know this group encryption key.Multicast uses group encryption key that multicast/broadcast business information is encrypted, and then sends to the multicast/broadcast business user; After the multicast/broadcast business user receives the multicast/broadcast business information of encryption, use group encryption key that multicast/broadcast business information is decrypted, obtain multicast/broadcast business information, finally enjoy the service of multicast/broadcast business.
Need to use a plurality of keys in the multicast/broadcast business, the generation of these keys in multicast/broadcast business is the branch different levels, and as shown in Figure 2, the process that generates various keys in the multicast/broadcast business may further comprise the steps:
Step 201: when the multicast/broadcast business user adds multicast/broadcast business, authenticate between multicast and the multicast/broadcast business user, by authentication and key agreement protocol (AKA), multicast generates identical root key RK simultaneously with the multicast/broadcast business user in verification process.Different multicast/broadcast business users' RK is mutually different.RK can be that the multicast/broadcast business user distributes by operator when signatory multicast/broadcast business, the multicast/broadcast business user adds multicast/broadcast business at every turn and uses this RK; When RK also can be the multicast/broadcast business user and adds multicast/broadcast business at every turn, multicast and multicast/broadcast business user generate simultaneously in verification process, continuously effective before the multicast/broadcast business user withdraws from current multicast/broadcast business, when multicast/broadcast business user next time adds multicast/broadcast business and multicast together generate new RK.
Step 202: after multicast and multicast/broadcast business user generate RK, generate identical being used to jointly and encrypt the TK that key BAK shares in group.The process that generates TK can be: multicast generates the random number that is used to generate TK, then this random number is sent to the multicast/broadcast business user, multicast generates identical TK with the multicast/broadcast business user jointly according to RK and random number.Different multicast/broadcast business users' TK is mutually different.For improving the fail safe of TK, can after encrypting BAK, just TK be upgraded TK, and promptly multicast and multicast/broadcast business user together generate new TK.
Step 203~step 205: multicast generates the shared key BAK of group that is used for encrypting group encryption key, uses TK to encrypt BAK then, and the BAK that encrypts is sent to the multicast/broadcast business user.After the multicast/broadcast business user receives the BAK of encryption, use the TK deciphering BAK that self stores, obtain and store BAK.
Step 206: generation is used to encrypt the group encryption key TEK of multicast/broadcast business information.Generate can be of TEK: multicast generates the random number that is used to generate TEK, then this random number is sent to the multicast/broadcast business user, multicast generates identical TEK with the multicast/broadcast business user jointly according to BAK and random number.The process that generates TEK also can be: multicast generates the random number that is used to generate TEK, behind BAK and random number generation TEK, uses BAK to encrypt TEK, and the TEK that encrypts is sent to the multicast/broadcast business user.After the multicast/broadcast business user receives the TEK of encryption, use the BAK deciphering TEK that self stores, obtain TEK.
For preventing that the user outside the group from enjoying the service of multicast/broadcast business, the TEK that is used to encrypt multicast/broadcast business information is not unalterable, need often to upgrade, in actual applications, can make the TEK of each encryption multicast/broadcast business information all inequality, be that multicast uses different TEK to encrypt at every turn the packet of the multicast/broadcast business information that sends to the multicast/broadcast business user, can increase the fail safe of multicast/broadcast business information so greatly.
For improving the confidentiality of TK, can after encrypting BAK, just TK be upgraded TK the new TK of the i.e. common generation of multicast and multicast/broadcast business user.
Fig. 3 is the acquisition process schematic diagram of prior art one group encryption key, and as shown in Figure 3, the process that the multicast/broadcast business user obtains group encryption key may further comprise the steps:
Step 301~step 303: multicast generates the shared key BAK of group that is used for encrypting group encryption key, uses TK to encrypt BAK then, and the BAK that encrypts is sent to the multicast/broadcast business user.After the multicast/broadcast business user receives the BAK of encryption, use the TK deciphering BAK that self stores, obtain and store BAK.
In addition, multicast can generate a plurality of BAK simultaneously at the multicast/broadcast business information of different range, at this moment, the BAK allocation identification of multicast for generating uses TK to encrypt BAK then, and the BAK and the BAK sign of encrypting sent to the multicast/broadcast business user.Like this, the multicast/broadcast business user storage a series of BAK.
Step 304: multicast generates the random number that is used to generate TEK, generates TEK according to BAK and random number.
Step 305~step 307: multicast uses TEK to encrypt multicast/broadcast business information, and uses BAK to encrypt this TEK, sends the multicast/broadcast business information of encryption and the TEK of encryption to the multicast/broadcast business user then.After the multicast/broadcast business user receives the TEK of the multicast/broadcast business information of encryption and encryption, use the BAK deciphering TEK of self storage, obtain TEK; Use this TEK deciphering multicast/broadcast business information then, obtain multicast/broadcast business information.
If the multicast/broadcast business user storage has a series of BAK, then multicast is when the multicast/broadcast business user sends the TEK of the multicast/broadcast business information of encryption and encryption, also need to send the BAK sign to the multicast/broadcast business user, so that the multicast/broadcast business user according to the BAK of BAK sign and self storage and the corresponding relation of BAK sign, determines the BAK of current encryption TEK.
By to the description of said process as seen: multicast also need send the TEK of encryption when sending the multicast/broadcast business information of encryption to the multicast/broadcast business user.Usually, TEK is at least 128 bytes (bit), TEK and multicast/broadcast business information are together sent, can make TEK take transmission space in the fixed transmission bandwidth too much, the transmission space that can use when having reduced transmission multicast/broadcast business information greatly can't make multicast/broadcast business information use transmission space effectively.In addition, multicast/broadcast business information and TEK together send, and for the fail safe of multicast/broadcast business information has brought hidden danger, greatly reduce the fail safe of multicast/broadcast business information.In addition, all need to use BAK to encrypt TEK when each transmission multicast/broadcast business information, BAK frequent uses also the fail safe as BAK to bring threat.
Fig. 4 is the acquisition process schematic diagram of prior art two group encryption key, and as shown in Figure 4, the process that the multicast/broadcast business user obtains group encryption key may further comprise the steps:
Step 401~step 403 is basic identical with step 301~step 303.
Step 404 is basic identical with step 304.
Step 405~step 407: multicast uses TEK to encrypt multicast/broadcast business information, sends the multicast/broadcast business information of encryption and the random number of generation to the multicast/broadcast business user then.After the multicast/broadcast business user receives the multicast/broadcast business information and random number of encryption, generate TEK according to BAK that self stores and random number; Use the TEK deciphering multicast/broadcast business information that generates then, obtain multicast/broadcast business information.
If the multicast/broadcast business user storage has a series of BAK, then multicast is when the multicast/broadcast business user sends the multicast/broadcast business information of encryption and is used to generate the random number of TEK, also need to send the BAK sign to the multicast/broadcast business user, so that the multicast/broadcast business user according to the BAK of BAK sign and self storage and the corresponding relation of BAK sign, determines the BAK that is used to generate TEK of current use.
By to the description of said process as seen: multicast also need send the random number that is used to generate TEK when sending the multicast/broadcast business information of encryption to the multicast/broadcast business user.Usually, random number is at least 32bits, random number and multicast/broadcast business information are together sent, can make random number take transmission space in the fixed transmission bandwidth, the transmission space that can use when having reduced transmission multicast/broadcast business information can't make multicast/broadcast business information use transmission space effectively.
Summary of the invention
In view of this, the mode that main purpose of the present invention is to provide a kind of user to carry key information by business datum is obtained the method for key, makes multicast/broadcast business information effectively use transmission space.
In order to achieve the above object, the invention provides the method that mode that a kind of user carries key information by business datum is obtained key, the method includes the steps of:
A, multicast and multicast/broadcast business user set up the corresponding relation of key parameter and key parameter sign in advance;
B, multicast send the multicast/broadcast business information and the key parameter sign of encryption simultaneously to the multicast/broadcast business user, the multicast/broadcast business user obtains current group encryption key according to the key parameter of key parameter sign of receiving and storage and the corresponding relation of key parameter sign.
Further comprise before the described steps A:
A0, multicast generate more than one key parameter, and are described key parameter allocation identification, send the corresponding relation of key parameter and key parameter sign then to the multicast/broadcast business user.
Key parameter described in the steps A is the random number that is used for the generated group set of encryption keys, and described key parameter sign is the random number sign,
Described step B further comprises: multicast sends the multicast/broadcast business information and the random number sign of encryption simultaneously to the multicast/broadcast business user, the multicast/broadcast business user is according to the corresponding relation of the random number and the random number sign of random number sign of receiving and storage, find random number, shared key of group and the described random number according to storage generates current group encryption key then.
Further comprise before the described steps A 0: multicast generates more than one group and shares key, and be that the encryption key distribution sign is shared by described group, share the corresponding relation that key identification is shared by key and group to the group that the multicast/broadcast business user sends encryption then, the multicast/broadcast business user group of store decrypted in advance shares the corresponding relation of the shared key identification of key and group;
The user of multicast/broadcast business described in the step B shares key and described random number according to the group of storage and generates before the current group encryption key, further comprise: multicast is carried group and is shared key identification in the multicast/broadcast business information that the multicast/broadcast business user sends, the multicast/broadcast business user shares the shared key of group of key identification and storage and the corresponding relation that key identification is shared by group according to the group of receiving, finds described group to share key.
Further comprise before the described step B: multicast is shared key according to the group of selected random number and storage and is generated current group encryption key, uses described current group encryption key to encrypt multicast/broadcast business information then.
Key parameter described in the steps A is the group encryption key that multicast generates, and described key parameter sign is the group encryption key sign,
Described step B comprises: multicast sends the multicast/broadcast business information and the group encryption key sign of encryption simultaneously to the multicast/broadcast business user, the multicast/broadcast business user finds current group encryption key according to the corresponding relation of the group encryption key and the group encryption key sign of group encryption key sign of receiving and storage.
Further comprise steps A 00 before the described steps A 0: multicast generates group and shares key, key is shared by the described group that sends encryption to the multicast/broadcast business user, and multicast and multicast/broadcast business the user group of store decrypted in advance share key;
Multicast described in the steps A 0 sends before the corresponding relation of group encryption key and group encryption key sign to the multicast/broadcast business user, further comprises steps A 01: multicast uses the group of storage to share the secret key encryption group encryption key;
The corresponding relation of group encryption key that the user of multicast/broadcast business described in the step B identifies and stores according to the group encryption key of receiving and group encryption key sign finds after the current group encryption key, further comprises: the multicast/broadcast business user uses the group of storage to share the described group encryption key of secret key decryption.
Described steps A 00 further comprises: multicast generates more than one group and shares key, and be that the encryption key distribution sign is shared by described group, send the corresponding relation that the shared key identification of key and group is shared by group to the multicast/broadcast business user then, the multicast/broadcast business user stores the corresponding relation that the shared key identification of key and group is shared by group in advance;
Described steps A 01 comprises: multicast uses the different groups of storage to share secret key encryption distinct group set of encryption keys, send the corresponding relation of the group encryption key and the group encryption key sign of encryption then to the multicast/broadcast business user, the corresponding relation of the group encryption key sign of the shared secret key encryption of key identification and described group is shared by multicast storage group;
The corresponding relation of group encryption key that the user of multicast/broadcast business described in the step B identifies and stores according to the group encryption key of receiving and group encryption key sign finds before the current group encryption key, further comprise: multicast is carried group and is shared key identification when the multicast/broadcast business user sends multicast/broadcast business information, the multicast/broadcast business user shares the shared key of group of key identification and storage and the corresponding relation that key identification is shared by group according to the group of receiving, finds described group to share key.
Further comprise before the described step B: multicast uses selected group encryption key to encrypt multicast/broadcast business information.
The key parameter sign that multicast sends the multicast/broadcast business information of encryption and carries simultaneously to the multicast/broadcast business user by broadcast mode.
If described multicast/broadcast business information is divided into an above packet and sends, it is characterized in that each packet carries different key parameter signs.
The present invention proposes: the corresponding relation that storage key parameter and key parameter identify in multicast and multicast/broadcast business user in advance; When multicast sends the multicast/broadcast business information of encryption to the multicast/broadcast business user, together send the key parameter sign; After the multicast/broadcast business user receives the multicast/broadcast business information and key parameter sign of encryption, obtain TEK according to the key parameter of key parameter sign and self storage and the corresponding relation of key parameter sign.Like this, only need to send the key parameter sign, just can make the multicast/broadcast business user obtain TEK, usually, the key parameter sign only need take several bit of transmission bandwidth, it is many that the 128bit of relative key or the 32bit of random number will lack, thereby make multicast/broadcast business information can effectively use transmission space.In addition, among the present invention, only obtain in the process of TEK and can use BAK, when each transmission multicast/broadcast business information, do not re-use BAK, therefore significantly improved the fail safe of BAK the multicast/broadcast business user.In addition, can pass through continuous alternate key parameter identification among the present invention, make the multicast/broadcast business user obtain different TEK, realize renewal TEK.
Description of drawings
Fig. 1 is the multicast/broadcast business schematic diagram;
Fig. 2 is a multicast/broadcast business key hierarchy schematic diagram;
Fig. 3 is the acquisition process schematic diagram of prior art one group encryption key;
Fig. 4 is the acquisition process schematic diagram of prior art two group encryption key;
Fig. 5 is the acquisition process schematic diagram of group encryption key among the present invention;
Fig. 6 is an embodiment schematic diagram among the present invention;
Fig. 7 is another embodiment schematic diagram among the present invention.
Embodiment
For making the purpose, technical solutions and advantages of the present invention clearer, the present invention is described in further detail below in conjunction with accompanying drawing.
Among the present invention, in advance in multicast and multicast/broadcast business user storage key parameter and key parameter the sign corresponding relation; When multicast sends the multicast/broadcast business information of encryption to the multicast/broadcast business user, together send the key parameter sign; After the multicast/broadcast business user receives the multicast/broadcast business information and key parameter sign of encryption, obtain TEK according to the key parameter of key parameter sign and self storage and the corresponding relation of key parameter sign, use TEK deciphering multicast/broadcast business information then, obtain multicast/broadcast business information.Usually, the key parameter sign only need take several bit of transmission bandwidth, and it is many that the 128bit of relative key or the 32bit of random number will lack, thereby make multicast/broadcast business information can effectively use transmission space.
Fig. 5 is the acquisition process schematic diagram of group encryption key among the present invention, and as shown in Figure 5, the process that the multicast/broadcast business user obtains group encryption key may further comprise the steps:
Step 501~step 502: multicast sends the corresponding relation of key parameter and key parameter sign to the multicast/broadcast business user.The multicast/broadcast business user stores the corresponding relation of the key parameter received and key parameter sign.
Step 503~step 505: multicast uses TEK to encrypt multicast/broadcast business information, sends the multicast/broadcast business information of encryption and corresponding to the key parameter sign of this TEK to the multicast/broadcast business user then.After the multicast/broadcast business user receives multicast/broadcast business information and key parameter sign,, obtain the TEK that encrypts multicast/broadcast business information according to the key parameter of key parameter sign and self storage and the corresponding relation of key parameter sign; Use this TEK deciphering multicast/broadcast business information then, obtain multicast/broadcast business information.
Because application target or the difference of service time, for example each BAK is at the multicast/broadcast business information of different range, or for guaranteeing that continuous conversion BAK is to increase the fail safe of BAK, multicast can generate a plurality of BAK simultaneously, at this moment, the BAK allocation identification of multicast for generating, use TK to encrypt BAK then, and the BAK and the BAK sign of encrypting sent to the multicast/broadcast business user, therefore, the multicast/broadcast business user storage has a series of BAK, by the BAK sign different B AK is distinguished.
If the multicast/broadcast business user storage has a series of BAK, then multicast is when the multicast/broadcast business user sends the multicast/broadcast business information of encryption and key parameter sign, also need to send the BAK sign to the multicast/broadcast business user, so that the multicast/broadcast business user according to the BAK of BAK sign and self storage and the corresponding relation of BAK sign, determines the BAK of current use.
Fig. 6 is an embodiment schematic diagram among the present invention, and as shown in Figure 6, the process that the multicast/broadcast business user obtains group encryption key in the present embodiment may further comprise the steps:
Step 601~step 605 is basic identical with step 201~step 205.
In the present embodiment, multicast generates a plurality of BAK simultaneously, the BAK allocation identification of multicast for generating, use TK to encrypt BAK then, and the BAK and the BAK sign of encrypting sent to the multicast/broadcast business user, the corresponding relation that multicast/broadcast business user storage BAK and BAK identify.
Step 606~step 608: multicast generates a plurality of random numbers, and random number allocation identification for generating, store the corresponding relation of random number and random number sign, send the corresponding relation of random number and random number sign then to the multicast/broadcast business user.The multicast/broadcast business user stores the corresponding relation of the random number received and random number sign.
Step 609~step 612: multicast need be when the multicast/broadcast business user sends multicast/broadcast business information, be selected BAK of the multicast/broadcast business information of current transmission and random number, generate TEK according to selected BAK and random number then, use TEK to encrypt the current multicast/broadcast business information that needs transmission, send the sign and the BAK sign of the multicast/broadcast business information of encryption, selected random number then to the multicast/broadcast business user.Multicast can send to the multicast/broadcast business user by broadcast mode with the sign and the BAK sign of the multicast/broadcast business information of encrypting, selected random number.After the multicast/broadcast business user receives the sign and BAK sign of the multicast/broadcast business information of encryption, selected random number, find corresponding BAK according to the BAK of BAK sign and self storage and the corresponding relation of BAK sign, find corresponding random number according to the random number of random number sign and self storage and the corresponding relation of random number sign simultaneously, generate TEK according to BAK that finds and random number then, use this TEK to encrypt multicast/broadcast business information, obtain multicast/broadcast business information.
Owing to be subjected to the restriction of transmission bandwidth, the current multicast/broadcast business information that needs to send may need segmentation to send, be that the current multicast/broadcast business informational needs that needs to send is divided into a plurality of packets transmissions, just can make the multicast/broadcast business user obtain complete multicast/broadcast business information, at this moment, multicast can be selected a random number or a plurality of random number to the requirement of fail safe according to the multicast/broadcast business information that current needs send, if the current multicast/broadcast business information that need send is had relatively high expectations to fail safe, then multicast is the selected different random number of each packet that sends; If the current multicast/broadcast business information of transmission that needs is lower to the requirement of fail safe, then multicast is the selected identical random number of each packet that sends, no matter multicast is that current selected random number of multicast/broadcast business information that needs to send still is a plurality of random numbers, each when the multicast/broadcast business user sends encrypted data packet, all need to send the random number sign to the multicast/broadcast business user.
After multicast has all been made the random number of storage to select basically, or multicast is thought when fail safe is not enough, can generate a plurality of new random numbers once more, and be these random number allocation identification, corresponding relation with new random number and random number sign sends to the multicast/broadcast business user then, and the multicast/broadcast business user stores random number of receiving and the corresponding relation that random number identifies.
Fig. 7 is another embodiment schematic diagram among the present invention, and as shown in Figure 7, the process that the multicast/broadcast business user obtains group encryption key in the present embodiment may further comprise the steps:
Step 701~step 705 is basic identical with step 201~step 205.
In the present embodiment, multicast generates a plurality of BAK simultaneously, and BAK allocation identification for generating, use TK to encrypt BAK then, the corresponding relation of storage BAK and BAK sign, and the BAK and the BAK sign of encrypting sent to the multicast/broadcast business user, the corresponding relation that multicast/broadcast business user storage BAK and BAK identify.
Step 706~step 708: multicast generates a plurality of random numbers that are used to generate TEK, generates a plurality of TEK according to BAK and random number, uses BAK to encrypt TEK then, and the TEK allocation identification for encrypting.These TEK can generate according to different BAK, can use different BAK to encrypt, and at this moment, multicast stores the corresponding relation between the BAK of TEK, TEK sign and this TEK of encryption.Use different BAK to encrypt TEK, can strengthen the fail safe of a plurality of TEK, avoid non-multicast/broadcast business user to obtain a plurality of TEK of encryption, use a BAK successfully to decipher after, use this BAK successfully to decipher other TEK.If do not wish the management of TEK too complicatedly, then can use same BAK to encrypt TEK.Multicast sends the corresponding relation of the TEK of encryption and TEK sign to the multicast/broadcast business user, and the multicast/broadcast business user stores with the corresponding relation that TEK identifies the TEK of the encryption of receiving.At this moment, the multicast/broadcast business user can not be decrypted TEK, but directly storage.
Step 709~step 712: multicast need be when the multicast/broadcast business user sends multicast/broadcast business information, be the selected TEK of the multicast/broadcast business information of current transmission, use this TEK to encrypt the current multicast/broadcast business information that needs transmission, according to the corresponding relation between the BAK of TEK, TEK sign of self storing and encryption TEK, find the BAK sign, send sign and the BAK sign of the multicast/broadcast business information of encryption, selected TEK then to the multicast/broadcast business user.Multicast sends to the multicast/broadcast business user with sign and the BAK sign of the multicast/broadcast business information of encrypting, selected TEK by broadcast mode.After the multicast/broadcast business user receives the sign and BAK sign of the multicast/broadcast business information of encryption, selected TEK, find corresponding BAK according to the BAK of BAK sign and self storage and the corresponding relation of BAK sign, find the TEK of corresponding encryption simultaneously according to the corresponding relation of TEK sign and TEK that self stores and TEK sign, use BAK that the TEK that encrypts is decrypted, obtain TEK, use this TEK deciphering multicast/broadcast business information then, obtain multicast/broadcast business information.
Owing to be subjected to the restriction of transmission bandwidth, the current multicast/broadcast business information that needs to send may need segmentation to send, be that the current multicast/broadcast business informational needs that needs to send is divided into a plurality of packets transmissions, just can make the multicast/broadcast business user obtain complete multicast/broadcast business information, at this moment, multicast can be selected a TEK or a plurality of TEK to the requirement of fail safe according to the multicast/broadcast business information that current needs send, if the current multicast/broadcast business information that need send is had relatively high expectations to fail safe, then multicast is the selected different TEK of each packet that sends; If the current multicast/broadcast business information of transmission that needs is lower to the requirement of fail safe, then multicast is the selected identical TEK of each packet that sends, no matter multicast is that the selected TEK of the current multicast/broadcast business information that need send still is a plurality of TEK, each when the multicast/broadcast business user sends encrypted data packet, all need to send the TEK sign to the multicast/broadcast business user.
After multicast has all been made the TEK that stores to select basically, or multicast is thought when fail safe is not enough, can generate a plurality of new TEK once more, and be these TEK allocation identification, use BAK to encrypt new TEK, corresponding relation with the TEK of new encryption and TEK sign sends to the multicast/broadcast business user then, and the multicast/broadcast business user stores TEK that receives and the corresponding relation that TEK identifies.
In a word, the above is preferred embodiment of the present invention only, is not to be used to limit protection scope of the present invention.
Claims (11)
1, a kind of user mode of carrying key information by business datum is obtained the method for key, it is characterized in that the method includes the steps of:
A, multicast and multicast/broadcast business user set up the corresponding relation of key parameter and key parameter sign in advance;
B, multicast send the multicast/broadcast business information and the key parameter sign of encryption simultaneously to the multicast/broadcast business user, the multicast/broadcast business user obtains current group encryption key according to the key parameter of key parameter sign of receiving and storage and the corresponding relation of key parameter sign.
2, method according to claim 1 is characterized in that, further comprises before the described steps A:
A0, multicast generate more than one key parameter, and are described key parameter allocation identification, send the corresponding relation of key parameter and key parameter sign then to the multicast/broadcast business user.
3, method according to claim 2 is characterized in that,
Key parameter described in the steps A is the random number that is used for the generated group set of encryption keys, and described key parameter sign is the random number sign,
Described step B further comprises: multicast sends the multicast/broadcast business information and the random number sign of encryption simultaneously to the multicast/broadcast business user, the multicast/broadcast business user is according to the corresponding relation of the random number and the random number sign of random number sign of receiving and storage, find random number, shared key of group and the described random number according to storage generates current group encryption key then.
4, method according to claim 3 is characterized in that,
Further comprise before the described steps A 0: multicast generates more than one group and shares key, and be that the encryption key distribution sign is shared by described group, share the corresponding relation that key identification is shared by key and group to the group that the multicast/broadcast business user sends encryption then, the multicast/broadcast business user group of store decrypted in advance shares the corresponding relation of the shared key identification of key and group;
The user of multicast/broadcast business described in the step B shares key and described random number according to the group of storage and generates before the current group encryption key, further comprise: multicast is carried group and is shared key identification in the multicast/broadcast business information that the multicast/broadcast business user sends, the multicast/broadcast business user shares the shared key of group of key identification and storage and the corresponding relation that key identification is shared by group according to the group of receiving, finds described group to share key.
5, method according to claim 3 is characterized in that,
Further comprise before the described step B: multicast is shared key according to the group of selected random number and storage and is generated current group encryption key, uses described current group encryption key to encrypt multicast/broadcast then and already is equipped with information.
6, method according to claim 2 is characterized in that,
Key parameter described in the steps A is the group encryption key that multicast generates, and described key parameter sign is the group encryption key sign,
Described step B comprises: multicast sends the multicast/broadcast business information and the group encryption key sign of encryption simultaneously to the multicast/broadcast business user, the multicast/broadcast business user finds current group encryption key according to the corresponding relation of the group encryption key and the group encryption key sign of group encryption key sign of receiving and storage.
7, method according to claim 6 is characterized in that,
Further comprise steps A 00 before the described steps A 0: multicast generates group and shares key, key is shared by the described group that sends encryption to the multicast/broadcast business user, and multicast and multicast/broadcast business the user group of store decrypted in advance share key;
Multicast described in the steps A 0 sends before the corresponding relation of group encryption key and group encryption key sign to the multicast/broadcast business user, further comprises steps A 01: multicast uses the group of storage to share the secret key encryption group encryption key;
The corresponding relation of group encryption key that the user of multicast/broadcast business described in the step B identifies and stores according to the group encryption key of receiving and group encryption key sign finds after the current group encryption key, further comprises: the multicast/broadcast business user uses the group of storage to share the described group encryption key of secret key decryption.
8, method according to claim 7 is characterized in that,
Described steps A 00 further comprises: multicast generates more than one group and shares key, and be that the encryption key distribution sign is shared by described group, send the corresponding relation that the shared key identification of key and group is shared by group to the multicast/broadcast business user then, the multicast/broadcast business user stores the corresponding relation that the shared key identification of key and group is shared by group in advance;
Described steps A 01 comprises: multicast uses the different groups of storage to share secret key encryption distinct group set of encryption keys, send the corresponding relation of the group encryption key and the group encryption key sign of encryption then to the multicast/broadcast business user, the corresponding relation of the group encryption key sign of the shared secret key encryption of key identification and described group is shared by multicast storage group;
The corresponding relation of group encryption key that the user of multicast/broadcast business described in the step B identifies and stores according to the group encryption key of receiving and group encryption key sign finds before the current group encryption key, further comprise: multicast is carried group and is shared key identification when the multicast/broadcast business user sends multicast/broadcast business information, the multicast/broadcast business user shares the shared key of group of key identification and storage and the corresponding relation that key identification is shared by group according to the group of receiving, finds described group to share key.
9, method according to claim 6 is characterized in that,
Further comprise before the described step B: multicast uses selected group encryption key to encrypt multicast/broadcast business information.
10, according to claim 5 or 9 described methods, it is characterized in that the key parameter sign that multicast sends the multicast/broadcast business information of encryption and carries simultaneously to the multicast/broadcast business user by broadcast mode.
11, method according to claim 1 sends if described multicast/broadcast business information is divided into an above packet, it is characterized in that, each packet carries different key parameter signs.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 03154459 CN1604534A (en) | 2003-09-29 | 2003-09-29 | Method for acquiring key by user through service data carried key information |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 03154459 CN1604534A (en) | 2003-09-29 | 2003-09-29 | Method for acquiring key by user through service data carried key information |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN1604534A true CN1604534A (en) | 2005-04-06 |
Family
ID=34659992
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 03154459 Pending CN1604534A (en) | 2003-09-29 | 2003-09-29 | Method for acquiring key by user through service data carried key information |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN1604534A (en) |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2007140677A1 (en) * | 2006-05-30 | 2007-12-13 | Huawei Technologies Co., Ltd. | A method for decryption cipher switching, decryption apparatus and terminal device |
| WO2008131662A1 (en) * | 2007-04-26 | 2008-11-06 | Huawei Technologies Co., Ltd. | An encrypted key updating system, method thereof and a transmitting terminal and a receiving terminal |
| CN101521670B (en) * | 2009-03-30 | 2012-07-04 | 北京握奇数据系统有限公司 | Method and system for acquiring application data |
| WO2015145319A1 (en) * | 2014-03-27 | 2015-10-01 | Chan Kam Fu | Token key infrastructure and method |
| CN105409287A (en) * | 2013-08-06 | 2016-03-16 | 松下电器(美国)知识产权公司 | Wireless communication method for D2D communication and UE |
| CN106131934A (en) * | 2016-08-24 | 2016-11-16 | 桂林信通科技有限公司 | A kind of WLAN is utilized to carry out the system and method that information is mutual |
| CN108306872A (en) * | 2018-01-24 | 2018-07-20 | 腾讯科技(深圳)有限公司 | Network request processing method, device, computer equipment and storage medium |
-
2003
- 2003-09-29 CN CN 03154459 patent/CN1604534A/en active Pending
Cited By (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2007140677A1 (en) * | 2006-05-30 | 2007-12-13 | Huawei Technologies Co., Ltd. | A method for decryption cipher switching, decryption apparatus and terminal device |
| WO2008131662A1 (en) * | 2007-04-26 | 2008-11-06 | Huawei Technologies Co., Ltd. | An encrypted key updating system, method thereof and a transmitting terminal and a receiving terminal |
| CN101296358B (en) * | 2007-04-26 | 2011-06-22 | 华为技术有限公司 | Broadcast enciphering and updating system and method |
| CN101521670B (en) * | 2009-03-30 | 2012-07-04 | 北京握奇数据系统有限公司 | Method and system for acquiring application data |
| CN105409287A (en) * | 2013-08-06 | 2016-03-16 | 松下电器(美国)知识产权公司 | Wireless communication method for D2D communication and UE |
| CN105409287B (en) * | 2013-08-06 | 2019-11-29 | 太阳专利信托公司 | Wireless communication method, user equipment and integrated circuit for device-to-device communication |
| WO2015145319A1 (en) * | 2014-03-27 | 2015-10-01 | Chan Kam Fu | Token key infrastructure and method |
| CN106560006A (en) * | 2014-03-27 | 2017-04-05 | 陈锦夫 | Token key infrastructure and method |
| US10411893B2 (en) | 2014-03-27 | 2019-09-10 | Kam Fu Chan | Token key infrastructure and method |
| CN106131934A (en) * | 2016-08-24 | 2016-11-16 | 桂林信通科技有限公司 | A kind of WLAN is utilized to carry out the system and method that information is mutual |
| CN108306872A (en) * | 2018-01-24 | 2018-07-20 | 腾讯科技(深圳)有限公司 | Network request processing method, device, computer equipment and storage medium |
| CN108306872B (en) * | 2018-01-24 | 2022-03-18 | 腾讯科技(深圳)有限公司 | Network request processing method and device, computer equipment and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10903987B2 (en) | Key configuration method, key management center, and network element | |
| CN1123159C (en) | Method and apparatus for encryption radio traffic in a telecommunications network | |
| CN1465159A (en) | Secure packet-based data broadcasting architecture | |
| CN1574738A (en) | Method of distributing encryption keys in mobile ad hoc network and network device using the same | |
| CN1237843A (en) | System, method, and medium for broadcasting service contents | |
| CN1822545A (en) | Method of controlling communication between a head-end system and a plurality of client systems | |
| CN1929371A (en) | Method for negotiating key share between user and peripheral apparatus | |
| CN101039180A (en) | Method and system for generating and transmitting key | |
| CN1251232A (en) | Method of and apparatus for encrypting signals for transmission | |
| CN1835436A (en) | General power authentication frame and method of realizing power auttientication | |
| CN1918914A (en) | System for selective data transmission | |
| CN101047494A (en) | Method and system of key consultation in PON system | |
| CN1819698A (en) | Method for acquring authentication cryptographic key context from object base station | |
| CN101057446A (en) | Method and apparatus for receiving broadcast content | |
| CN1941695A (en) | Method and system for generating and distributing key during initial access network process | |
| CN1780413A (en) | Packet broadcasting service key controlling method | |
| CN101039181A (en) | Method for preventing service function entity of general authentication framework from attack | |
| CN1758593A (en) | Service key updating method of multimedium playing service | |
| CN1534931A (en) | Method of forming dynamic key in radio local network | |
| CN1864386A (en) | Naming of 802.11 group keys to allow support of multiple broadcast and multicast domains | |
| CN1801705A (en) | Pre-authentication method | |
| CN1604534A (en) | Method for acquiring key by user through service data carried key information | |
| CN1553600A (en) | Method for updating shared key | |
| CN1842064A (en) | Data transmission method and system in instant communication | |
| CN1700639A (en) | Method for leading-in and leading-out WLAN authentication and privacy infrastructure certificate information |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |