WO2018054144A1 - Procédé, appareil, dispositif, et système de génération dynamique de clé symétrique - Google Patents

Procédé, appareil, dispositif, et système de génération dynamique de clé symétrique Download PDF

Info

Publication number
WO2018054144A1
WO2018054144A1 PCT/CN2017/092995 CN2017092995W WO2018054144A1 WO 2018054144 A1 WO2018054144 A1 WO 2018054144A1 CN 2017092995 W CN2017092995 W CN 2017092995W WO 2018054144 A1 WO2018054144 A1 WO 2018054144A1
Authority
WO
WIPO (PCT)
Prior art keywords
key
unique identifier
client
globally unique
symmetric key
Prior art date
Application number
PCT/CN2017/092995
Other languages
English (en)
Chinese (zh)
Inventor
孙敏刚
白青松
Original Assignee
北京京东尚科信息技术有限公司
北京京东世纪贸易有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 北京京东尚科信息技术有限公司, 北京京东世纪贸易有限公司 filed Critical 北京京东尚科信息技术有限公司
Publication of WO2018054144A1 publication Critical patent/WO2018054144A1/fr

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0891Revocation or update of secret information, e.g. encryption key update or rekeying
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use

Definitions

  • the present invention relates to the field of computer network application technologies, and in particular, to a symmetric key dynamic generation method, device, device and system.
  • encryption hides plaintext information so that it is unreadable in the absence of special information.
  • the special information here refers to the key used for encryption.
  • the same symmetric key is used for both cryptographic and decryption operations. Its biggest advantage is that the encryption and decryption speed is fast, suitable for encrypting large amounts of data.
  • the commonly used symmetric encryption algorithm is simple and efficient, the symmetric key used is short and the decoding is difficult, so symmetric encryption is widely used in the system.
  • the security and reliability of the key generation and management process directly determine the security and reliability of the entire system.
  • the symmetric key is generated and does not change during the entire system life cycle. If it is captured by a third party, the entire encryption system has no security at all.
  • the present invention provides a method, a device, a device and a system for dynamically generating a symmetric key, which can dynamically generate a symmetric key used in a life cycle of the system, thereby improving system security and reliability.
  • a method for dynamically generating a symmetric key includes: receiving an initial global unique identifier generated when an interconnect device starts; recording an initial global unique identifier as a key global unique identifier; And performing the authorization, sending a first authorization indication message to the interconnection device, where the first authorization indication message includes: a first global unique identifier and a first key parameter newly generated for the connected device; and receiving a first authorization response message sent by the interconnection device; Determining a symmetric key based on the key global unique identifier and the first key parameter; updating the key global unique identifier as the first global unique identifier; and using the symmetric key pair communication data in subsequent communication with the interconnected device Perform encryption and decryption.
  • the method further includes: authorizing the interconnection device again, and sending a second authorization indication message to the interconnection device, where the second authorization indication message includes: a second global unique identifier newly generated for the connected device And a second key parameter; receiving a second authorization response message sent by the interconnection device; determining a new symmetric key according to the key global unique identifier and the second key parameter; updating the globally unique identifier of the key to the second global A unique identifier; and the communication data is encrypted and decrypted using a new symmetric key in subsequent communications with the interconnected device.
  • determining the symmetric key according to the key global unique identifier and the first key parameter comprises: performing an exclusive OR operation on the key global unique identifier and the first key parameter, and performing an exclusive OR operation The result is a symmetric key; and/or, according to the key global unique identifier and the second key parameter, determining the new symmetric key comprises: performing an exclusive OR operation on the key global unique identifier and the second key parameter The result of the exclusive OR operation is taken as the new symmetric key.
  • a method for dynamically generating a symmetric key comprising: generating an initial global unique identifier at startup; broadcasting an initial global unique identifier to a client; and recording the initial global unique identifier as a key Globally unique identifier; receiving client And sending, by the first authorization indication message, the first authorization indication message includes: a newly generated first global unique identifier and a first key parameter; sending a first authorization response message to the client; A key parameter determines a symmetric key; the update key globally unique identifier is a first globally unique identifier; and the communication data is encrypted and decrypted using a symmetric key in subsequent communication with the client.
  • the method further includes: receiving a second authorization indication message sent by the client, where the second authorization indication message includes: a newly generated second global unique identifier and a second key parameter; Transmitting a second authorization response message; determining a new symmetric key according to the key global unique identifier and the second key parameter; updating the key global unique identifier to the second global unique identifier; and subsequently communicating with the client
  • the communication data is encrypted and decrypted using a new symmetric key.
  • determining the symmetric key according to the key global unique identifier and the first key parameter comprises: performing an exclusive OR operation on the key global unique identifier and the first key parameter, and performing an exclusive OR operation The result is a symmetric key; and/or, according to the key global unique identifier and the second key parameter, determining the new symmetric key comprises: performing an exclusive OR operation on the key global unique identifier and the second key parameter The result of the exclusive OR operation is taken as the new symmetric key.
  • a client device for dynamic generation of symmetric keys comprising: a processor; and a memory for storing executable instructions of the processor; wherein the processor is configured to execute via execution
  • the instructions are configured to: receive an initial globally unique identifier generated when the interconnect device starts; record the initial globally unique identifier as a key globally unique identifier; authorize the interconnected device, and send a first authorization indication message to the interconnected device,
  • the first authorization indication message includes: a first global unique identifier and a first key parameter newly generated for the connected device; receiving a first authorization response message sent by the interconnection device; and a globally unique identifier and a first key parameter according to the key Determining a symmetric key; updating the key globally unique identifier to be the first globally unique identifier; and encrypting the communication data using a symmetric key in subsequent communication with the interconnected device.
  • the operation further includes: re-authorizing the interconnection device, and sending a second authorization indication message to the interconnection device, where the second authorization indication message includes: a second global unique identifier newly generated for the connected device and a second key parameter; receiving a second authorization response message sent by the interconnection device; according to the key global unique identifier and the second key parameter, A new symmetric key; the update key globally unique identifier is a second globally unique identifier; and the communication data is encrypted and decrypted using a new symmetric key in subsequent communication with the interconnected device.
  • an interconnect device for dynamic generation of a symmetric key, comprising: a processor; and a memory for storing executable instructions of the processor; wherein the processor is configured to execute the executable instruction The following operations are performed: generating an initial global unique identifier at startup; broadcasting an initial global unique identifier to the client; recording the initial global unique identifier as a key global unique identifier; receiving the first authorization indication message sent by the client The first authorization indication message includes: a first global unique identifier and a first key parameter newly generated for the connected device; and sending a first authorization response message to the client; and the global unique identifier and the first key parameter according to the key Determining a symmetric key; updating the key globally unique identifier to be the first globally unique identifier; and encrypting the communication data using a symmetric key in subsequent communication with the client.
  • the operation further includes: receiving a second authorization indication message sent by the client, where the second authorization indication message includes: a second global unique identifier and a second key parameter newly generated for the connected device;
  • the client sends a second authorization response message; determining a new symmetric key according to the key global unique identifier and the second key parameter; updating the key global unique identifier to the second global unique identifier; and subsequently following the client
  • the communication data is encrypted and decrypted using a new symmetric key.
  • a symmetric key dynamic generation system comprising: any one of the foregoing client devices and any one of the foregoing interconnection devices.
  • a symmetric key dynamic generation apparatus includes: a sending module, an identifier recording module, a receiving module, and a key determining module; wherein the receiving module receives an initial global unique generated when the interconnecting device starts An identifier; the identifier recording module records the initial global unique identifier as a key global unique identifier; the sending module authorizes the interconnected device, and sends a first authorization indication message to the interconnected device, where the first authorization indication message includes: a newly generated first global unique identifier and a first key parameter; the receiving module receives a first authorization response message sent by the interconnection device; and the key determining module determines the symmetric key according to the key global unique identifier and the first key parameter Key; identifier record module update key global unique identifier is the first global unique identifier; and the sending module and the receiving module are The communication data is encrypted and decrypted using a symmetric key in subsequent communication with the interconnected device.
  • the sending module further authorizes the interconnected device, and sends a second authorization indication message to the interconnecting device, where the second authorization indication message includes: a second global unique identifier newly generated for the connected device, and a second a key parameter; the receiving module receives a second authorization response message sent by the interconnection device; the key determination module determines a new symmetric key according to the key global unique identifier and the second key parameter; and the identifier recording module updates the key globally
  • the unique identifier is a second globally unique identifier; and the transmitting module and the receiving module encrypt and decrypt the communication data using a new symmetric key in subsequent communication with the interconnected device.
  • a symmetric key dynamic generating apparatus includes: an identifier generating module, a sending module, a receiving module, an identifier recording module, and a key determining module; wherein the identifier generating module is started Generating an initial globally unique identifier; the sending module broadcasts an initial globally unique identifier to the client; the identifier recording module records the initial globally unique identifier as a key globally unique identifier; and the receiving module receives the first authorization indication sent by the client a message, the first authorization indication message includes: a newly generated first global unique identifier and a first key parameter; the sending module sends a first authorization response message to the client; the key determining module is configured according to the key global unique identifier a key parameter determining a symmetric key; the identifier record module updating the key global unique identifier as the first global unique identifier; and the transmitting module and the receiving module performing the communication data using the symmetric key in subsequent communication with the client Add and decrypt.
  • the receiving module receives a second authorization indication message sent by the client, where the second authorization indication message includes: a newly generated second global unique identifier and a second key parameter; the sending module sends the message to the client a second authorization response message; the key determining module determines a new symmetric key according to the key global unique identifier and the second key parameter; and the identifier recording module updates the key global unique identifier to a second global unique identifier; And the sending module and the receiving module encrypt and decrypt the communication data by using a new symmetric key in subsequent communication with the client.
  • the used local symmetric password can be dynamically updated each time the client device authorizes the connected device. Therefore, it is possible to dynamically update the symmetric key used in the life cycle of the system, thereby greatly improving the security and reliability of the system.
  • replace each time you generate a local symmetric password The key GUID for generating the local symmetric key, and the replaced key GUID is theoretically irreversibly generated, thus further improving the security of the symmetric key.
  • FIG. 1 is a schematic structural diagram of a symmetric key dynamic generation system according to an exemplary embodiment.
  • FIG. 2 is a flowchart of a method for dynamically generating a symmetric key according to an exemplary embodiment.
  • FIG. 3 is a flowchart of another symmetric key dynamic generation method according to an exemplary embodiment.
  • FIG. 4 is a flowchart of still another method for dynamically generating a symmetric key according to an exemplary embodiment.
  • FIG. 5 is a flowchart of still another method for dynamically generating a symmetric key according to an exemplary embodiment.
  • FIG. 6 is a block diagram of a symmetric key dynamic generation apparatus, according to an exemplary embodiment.
  • FIG. 7 is a block diagram of another symmetric key dynamic generation apparatus, according to an exemplary embodiment.
  • FIG. 1 is a schematic structural diagram of a symmetric key dynamic generation system according to an exemplary embodiment.
  • the system 1 includes a client 11 and an interconnect device 12.
  • the client 11 can be, for example, a terminal device loaded with client software, such as a smartphone, a PAD, or the like.
  • the interconnection device 12 can be, for example, a device that is connected to the client 11 and that is controlled by the client 11, such as a smart TV in a smart home, a smart refrigerator, a smart air conditioner, etc., but the invention is not limited thereto.
  • the data is encrypted and transmitted by the client 11 and the connected device 12 during communication.
  • the system 1 may further include: a cloud server 13 communicatively coupled to the client 11.
  • FIG. 2 is a flowchart of a method for dynamically generating a symmetric key according to an exemplary embodiment. The method can be applied to the client 11 shown in FIG. 1. As shown in FIG. 2, the method 10 includes:
  • step S102 an initial global unique identifier (GUID, Globally Unique Identifier) generated when the interconnect device is started is received.
  • GUID Globally Unique Identifier
  • the interconnect device 12 shown in FIG. 1 will generate an initial GUID (for example, can be recorded as GUID_I) for itself when it is first started, and the initial GUID is generated by the interconnect device 12 itself, with uniqueness and randomness.
  • an initial GUID for example, can be recorded as GUID_I
  • a GUID is a binary-length 128-bit numeric identifier generated by an algorithm that is primarily used in networks or systems that have multiple nodes, multiple computers. Ideally, no computer or computer cluster will generate two identical GUIDs. The total number of GUIDs can reach 2 ⁇ 128, and since non-random parameters (such as time) are usually added to the algorithm for generating GUIDs, the possibility of randomly generating two identical GUIDs is very small.
  • the initial GUID will be broadcasted through the network announcement message.
  • the network announcement message can be in addition to the initial GUID. Includes related interface information, etc.
  • step S104 the initial GUID is recorded as a key GUID.
  • the client 11 can locally set a key GUID and, after receiving the initial GUID broadcast by the interconnect device 12, record the value of the initial GUID in the key GUID.
  • step S106 the interconnection device is authorized to send a first authorization indication message to the interconnection device.
  • the client 11 will first authorize the service provided by the connected device 12 before using it.
  • the authorization operation is usually an activity initiated by the user, and the client 11 can perform multiple authorization operations on the connected device 12.
  • the client 11 sends a first authorization indication message to the interconnection device, where the message includes a first GUID and a first key parameter (acKey_1) newly generated by the client 11 for the interconnection device 12.
  • the first key parameter is used to generate a symmetric key.
  • the first GUID and the first key parameter newly generated for the connected device 12 are the newly generated first GUID applied by the client 11 to the cloud server 13 for the connected device 12.
  • the interconnection device 12 writes the new first GUID into its device.
  • step S108 the first authorization response message sent by the interconnection device is received.
  • the interconnection device 12 will correspondingly return an authorization response message to the client 11 to respond to the authorization operation initiated by the authorization client 11.
  • step S110 a local symmetric key is determined based on the recorded key GUID and the first key parameter.
  • the client 11 determines a local symmetric key (localKey) used in subsequent communication according to the currently recorded key GUID and the first key parameter.
  • localKey a local symmetric key
  • step S112 the update key GUID is the first GUID.
  • the initial GUID is overwritten with the first GUID
  • the key GUID is updated to the first GUID. Since the key GUID for generating the local symmetric key is replaced immediately after the local symmetric key is generated, the replaced key GUID is theoretically irreversibly generated, so the generated local symmetric key is safe. , thus improving the security of the system.
  • step S114 the communication data is encrypted and decrypted using the local symmetric key in subsequent communication with the interconnected device.
  • the client 11 After the local symmetric key is generated, the client 11 encrypts the transmitted data using the local symmetric password during subsequent communication with the interconnect device 12, and decrypts the received data using the local symmetric password.
  • FIG. 3 is a flowchart of another symmetric key dynamic generation method according to an exemplary embodiment. The method can be applied to the interconnection device 12 shown in FIG. 1. As shown in FIG. 3, the method 20 includes:
  • step S202 an initial GUID is generated upon startup.
  • the interconnect device 12 shown in FIG. 1 generates an initial GUID (which can be recorded as GUID_I) by itself when it is first started.
  • GUID_I an initial GUID
  • step S204 the initial GUID is broadcast to the client.
  • the interconnection device 12 broadcasts its initial GUID, for example, through a network announcement message, and the network announcement message may also include related interface information and the like.
  • step S206 the initial GUID is recorded as a key GUID.
  • the interconnect device 12 can locally set a key GUID for computing a local symmetric key. First, the interconnect device 12 records the value of the initial GUID as the key GUID.
  • step S208 the first authorization indication message sent by the client is received.
  • the client 11 When the client 11 authorizes the connected device 12, an authorization indication message is sent to the connected device 12.
  • the first authorization indication message includes a first GUID and a first key parameter (acKey_1) newly generated for the interconnection device 12.
  • the first GUID and the first key parameter newly generated for the connected device 12 are the newly generated first GUID applied by the client 11 to the cloud server 13 for the connected device 12.
  • the interconnection device 12 writes the new first GUID into its device.
  • step S210 a first authorization response message is sent to the client.
  • the interconnection device 12 transmits a first authorization response message to the client 11.
  • step S212 a local symmetric key is determined according to the key GUID and the first key parameter.
  • the interconnect device 12 calculates a local symmetric key based on the currently recorded key GUID and the first key parameter.
  • step S214 the update key GUID is the first GUID.
  • the initial GUID is overwritten with the first GUID, ie the key GUID is updated to the first GUID. Since the key GUID for generating the local symmetric key is replaced immediately after the local symmetric key is generated, the replaced key GUID is theoretically irreversibly generated, so the generated local symmetric key is safe. , thus improving the security of the system.
  • step S216 the communication data is encrypted and decrypted using the local symmetric key in subsequent communication with the client.
  • the interconnect device 12 After the local symmetric key is generated, the interconnect device 12 encrypts the transmitted data using the local symmetric password during subsequent communication with the client 11, and decrypts the received data using the local symmetric password.
  • the symmetric key dynamic generation method provided by the embodiment of the present invention can dynamically update the used local symmetric password each time the client device authorizes the connected device. Therefore, it is possible to dynamically update the symmetric key used in the life cycle of the system, thereby greatly improving the security and reliability of the system.
  • the key GUID for generating the local symmetric key is replaced immediately after each generation of the local symmetric password, and the replaced key GUID is theoretically irreversibly generated, thereby further improving the security of the symmetric key. Sex.
  • FIG. 4 is a flowchart of still another method for dynamically generating a symmetric key according to an exemplary embodiment. This method can be applied to the client 11 shown in FIG. This method is used to generate a new local key during the next authorization process. As shown in FIG. 4, the method 30 includes:
  • step S302 the interconnection device is authorized again, and the second authorization indication message is sent to the interconnection device.
  • the second authorization indication message includes a second GUID (which can be recorded as GUID_2) and a second key parameter (which can be recorded as acKey_2) newly generated for the connected device 12.
  • the second GUID and the second key parameter newly generated for the interconnection device 12 are newly generated second GUIDs requested by the client 11 to the cloud server 13 for the interconnection device 12.
  • the interconnection device 12 writes the new second GUID into its device.
  • step S304 a second authorization response message sent by the interconnection device is received.
  • the client 11 receives the second authorization response message sent by the interconnect device 12 in response to the current authorization operation.
  • step S306 a new local symmetric key is determined according to the key GUID and the second key parameter.
  • the client 11 determines a new local symmetric key based on the currently recorded key GUID and the second key parameter.
  • the client 11 may XOR the second key parameter using the currently recorded key GUID and use the result of the exclusive OR operation as a local symmetric key.
  • GUID the first GUID
  • localKey GUIID_1 ⁇ acKey_2.
  • step S308 the update key GUID is the second GUID.
  • the first GUID is overwritten with the second GUID, ie the key GUID is updated to the second GUID. Since the key GUID for generating the local symmetric key is replaced immediately after the local symmetric key is generated, the replaced key GUID is theoretically irreversibly generated, so the generated local symmetric key is safe. , thus improving the security of the system.
  • step S310 the communication data is encrypted and decrypted using the local symmetric key in subsequent communication with the interconnected device.
  • the client 11 After the local symmetric key is generated, the client 11 encrypts the transmitted data using the local symmetric password during subsequent communication with the interconnect device 12, and decrypts the received data using the local symmetric password.
  • FIG. 5 is a flowchart of still another method for dynamically generating a symmetric key according to an exemplary embodiment.
  • the method can be applied to the interconnection device 12 shown in FIG. This method is used to generate a new local key during the next authorization process.
  • the method 40 includes:
  • step S402 a second authorization indication message sent by the client is received.
  • the interconnection device 12 receives the second authorization indication message sent by the client 11.
  • the message includes a second GUID (which can be written as GUID_2) and a second key parameter (acKey_2) that are newly generated for the connected device 12.
  • the second GUID and the second key parameter newly generated for the interconnection device 12 are newly generated second GUIDs requested by the client 11 to the cloud server 13 for the interconnection device 12.
  • the interconnection device 12 writes the new second GUID into its device.
  • step S404 a second authorization response message is sent to the client.
  • the interconnection device 12 transmits a second authorization response message to the client 11.
  • step S406 a new local symmetric key is determined according to the key GUID and the second key parameter.
  • the servant device 12 calculates a new local symmetric key based on the currently recorded GUID and the second key parameter.
  • the interconnect device 12 may XOR the second key parameter using the currently recorded key GUID and use the result of the exclusive OR operation as a new local symmetric key.
  • GUID the first GUID
  • localKey GUIID_1 ⁇ acKey_2.
  • step S408 the update key GUID is the second GUID.
  • the first GUID is overwritten with the second GUID, ie the key GUID is updated to the second GUID.
  • the key GUID used to generate the local symmetric key is replaced immediately after the local symmetric key is generated, and the replaced GUID Theoretically, it is irreversible, so the generated local symmetric key is safe, which improves the security of the system.
  • step S410 the communication data is encrypted and decrypted using the local symmetric key in subsequent communication with the client.
  • the interconnect device 12 After the new local symmetric key is generated, the interconnect device 12 encrypts the transmitted data using the new local symmetric password during subsequent communication with the client 11, and uses the new local symmetric password pair to receive the received data. The data is decrypted.
  • FIG. 6 is a block diagram of a symmetric key dynamic generation apparatus, according to an exemplary embodiment.
  • the symmetric key dynamic generation apparatus can be applied to the client 11 shown in FIG. 1.
  • the apparatus 50 includes a receiving module 502, an identifier recording module 504, a transmitting module 506, and a key determining module 508.
  • the receiving module 502 receives an initial global unique identifier generated when the interconnect device starts.
  • the identifier record module 504 records the initial globally unique identifier as a key globally unique identifier.
  • the sending module 506 authorizes the interconnecting device, and sends a first authorization indication message to the interconnecting device, where the first authorization indication message includes: a first global unique identifier and a first key parameter newly generated for the connected device.
  • the first GUID and the first key parameter newly generated for the connected device 12 are the newly generated first GUID applied by the client 11 to the cloud server 13 for the connected device 12.
  • the interconnection device 12 writes the new first GUID into its device.
  • the receiving module 502 receives the first authorization response message sent by the interconnection device.
  • the key determination module 508 determines the symmetric key based on the key global unique identifier and the first key parameter.
  • the identifier record module 504 updates the key globally unique identifier to the first globally unique identifier.
  • the transmitting module 506 and the receiving module 502 encrypt and decrypt the communication data using a symmetric key in subsequent communication with the interconnected device.
  • the sending module 506 authorizes the interconnect device again, and sends a second authorization indication message to the interconnect device, where the second authorization indication message includes: a second global unique identifier and a second secret newly generated for the connected device. Key parameter.
  • the receiving module 502 receives the second authorization response message sent by the interconnection device.
  • the key determination module 508 determines a new symmetric key based on the key global unique identifier and the second key parameter.
  • the identifier record module 504 updates the key globally unique identifier to a second globally unique identifier.
  • the transmitting module 506 and the receiving module 502 encrypt and decrypt the communication data using a new symmetric key in subsequent communication with the interconnected device.
  • FIG. 7 is a block diagram of another symmetric key dynamic generation apparatus, according to an exemplary embodiment.
  • the symmetric key dynamic generation apparatus can be applied to the interconnection device 12 shown in FIG.
  • the apparatus 60 includes an identifier generating module 602, a transmitting module 604, a receiving module 606, an identifier recording module 608, and a key determining module 610.
  • the identifier generation module 602 generates an initial global unique identifier upon startup.
  • the sending module 604 broadcasts an initial globally unique identifier to the client.
  • the identifier record module 608 records the initial globally unique identifier as a key globally unique identifier.
  • the receiving module 606 receives the first authorization indication message sent by the client, where the first authorization indication message includes: a first global unique identifier and a first key parameter newly generated for the connected device.
  • the first GUID and the first key parameter newly generated for the connected device 12 are the newly generated first GUID applied by the client 11 to the cloud server 13 for the connected device 12.
  • the interconnection device 12 When guest When the client 11 transmits the newly applied first GUID to the interconnection device 12 in the authorization indication message, the interconnection device 12 writes the new first GUID into its device.
  • the sending module 604 sends a first authorization response message to the client.
  • the key determination module 610 determines the symmetric key based on the key global unique identifier and the first key parameter.
  • the identifier record module 608 updates the key globally unique identifier to a first globally unique identifier.
  • the sending module 604 and the receiving module 606 encrypt and decrypt the communication data using a symmetric key in subsequent communication with the client.
  • the receiving module 606 receives the second authorization indication message sent by the client, where the second authorization indication message includes: a second global unique identifier and a second key parameter newly generated for the connected device.
  • the sending module 604 sends a second authorization response message to the client.
  • the key determination module determines a new symmetric key based on the key global unique identifier and the second key parameter.
  • the identifier record module 608 updates the key globally unique identifier to a second globally unique identifier.
  • the sending module 604 and the receiving module 606 encrypt and decrypt the communication data using a new symmetric key in subsequent communication with the client.
  • the technical solution according to the embodiment of the present invention may be embodied in the form of a software product, which may be stored in a non-volatile storage medium (which may be a CD-ROM, a USB flash drive, a mobile hard disk, etc.) or on a network.
  • a non-volatile storage medium which may be a CD-ROM, a USB flash drive, a mobile hard disk, etc.
  • a number of instructions are included to cause a computing device (which may be a personal computer, server, mobile terminal, or network device, etc.) to perform a method in accordance with an embodiment of the present invention.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Two-Way Televisions, Distribution Of Moving Picture Or The Like (AREA)
  • Storage Device Security (AREA)

Abstract

L'invention concerne un procédé, un appareil, un dispositif, et un système de génération dynamique d'une clé symétrique. Le procédé consiste à : recevoir un identificateur global unique initial généré lorsqu'un dispositif d'interconnexion est démarré ; enregistrer l'identificateur global unique initial sous la forme d'un identificateur global unique de clé ; autoriser le dispositif d'interconnexion et envoyer un premier message d'indication d'autorisation au dispositif d'interconnexion, le premier message d'indication d'autorisation contenant : un premier identificateur global unique et un premier paramètre de clé nouvellement générés pour le dispositif d'interconnexion ; recevoir un premier message de réponse d'autorisation envoyé par le dispositif d'interconnexion ; déterminer une clé symétrique d'après l'identificateur global unique de clé et le premier paramètre de clé ; mettre à jour l'identificateur global unique de clé avec le premier identificateur global unique ; et chiffrer/déchiffrer des données de communication à l'aide de la clé symétrique dans une communication consécutive avec le dispositif d'interconnexion. Selon le procédé, comme la clé symétrique utilisée peut être générée à plusieurs reprises de manière dynamique durant le cycle de vie du système, la sécurité et la fiabilité du système sont renforcées.
PCT/CN2017/092995 2016-09-26 2017-07-14 Procédé, appareil, dispositif, et système de génération dynamique de clé symétrique WO2018054144A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201610849888.5A CN107872312B (zh) 2016-09-26 2016-09-26 对称密钥动态生成方法、装置、设备及系统
CN201610849888.5 2016-09-26

Publications (1)

Publication Number Publication Date
WO2018054144A1 true WO2018054144A1 (fr) 2018-03-29

Family

ID=61690111

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2017/092995 WO2018054144A1 (fr) 2016-09-26 2017-07-14 Procédé, appareil, dispositif, et système de génération dynamique de clé symétrique

Country Status (2)

Country Link
CN (1) CN107872312B (fr)
WO (1) WO2018054144A1 (fr)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114024724B (zh) * 2021-10-25 2023-06-13 四川启睿克科技有限公司 一种基于物联网的对称密钥动态生成方法
CN117597891A (zh) * 2022-06-17 2024-02-23 北京小米移动软件有限公司 数据通信方法及装置

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20110258437A1 (en) * 2010-04-16 2011-10-20 Microsoft Corporation Secure local update of content management software
CN103268456A (zh) * 2013-05-31 2013-08-28 杭州华三通信技术有限公司 一种文件安全控制方法及装置
CN104065652A (zh) * 2014-06-09 2014-09-24 韩晟 一种身份验证方法、装置、系统及相关设备
CN105100052A (zh) * 2015-05-29 2015-11-25 北京奇虎科技有限公司 服务器、手机终端及其帐号与设备绑定执行、控制方法

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20110258437A1 (en) * 2010-04-16 2011-10-20 Microsoft Corporation Secure local update of content management software
CN103268456A (zh) * 2013-05-31 2013-08-28 杭州华三通信技术有限公司 一种文件安全控制方法及装置
CN104065652A (zh) * 2014-06-09 2014-09-24 韩晟 一种身份验证方法、装置、系统及相关设备
CN105100052A (zh) * 2015-05-29 2015-11-25 北京奇虎科技有限公司 服务器、手机终端及其帐号与设备绑定执行、控制方法

Also Published As

Publication number Publication date
CN107872312B (zh) 2020-02-07
CN107872312A (zh) 2018-04-03

Similar Documents

Publication Publication Date Title
TWI641258B (zh) Data transmission method, device and system
CN109347835B (zh) 信息传输方法、客户端、服务器以及计算机可读存储介质
CN104094267B (zh) 安全共享来自源装置的媒体内容的方法、装置和系统
TW201814496A (zh) 資料儲存方法、資料獲取方法、裝置及系統
TW201417546A (zh) 即時通信方法和系統
JP2019514314A (ja) 暗号化メッセージを送受信するために動的公開鍵インフラストラクチャを用いる方法、システム、及び媒体
WO2020155812A1 (fr) Procédé et dispositif de stockage de données, et appareil
KR20170111022A (ko) 암호화 및 검색 장치 및 그 방법
CN114793184B (zh) 一种基于第三方密钥管理节点的安全芯片通信方法及装置
US8751819B1 (en) Systems and methods for encoding data
TWI827906B (zh) 訊息傳輸系統以及應用其中之使用者裝置與資訊安全硬體模組
WO2018054144A1 (fr) Procédé, appareil, dispositif, et système de génération dynamique de clé symétrique
US11216571B2 (en) Credentialed encryption
US20160148002A1 (en) Key storage apparatus, key storage method and program therefor
US10057054B2 (en) Method and system for remotely keyed encrypting/decrypting data with prior checking a token
CN114553557B (zh) 密钥调用方法、装置、计算机设备和存储介质
KR101812311B1 (ko) 사용자 단말 및 속성 재암호 기반의 사용자 단말 데이터 공유 방법
CN115022057A (zh) 安全认证方法、装置和设备及存储介质
KR102539418B1 (ko) Puf 기반 상호 인증 장치 및 방법
CN111431846B (zh) 数据传输的方法、装置和系统
CN113874857A (zh) 用于最优信息理论安全的加密密钥管理的方法和设备
TWI828558B (zh) 訊息傳輸系統以及應用其中之使用者裝置與資訊安全硬體模組
US11831756B2 (en) Sharing access to data externally
CN116599771B (zh) 数据分级保护传输方法及装置、存储介质和终端
US11652612B2 (en) Sharing access to data

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 17852215

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 27.08.2019) 2ND TIME.

122 Ep: pct application non-entry in european phase

Ref document number: 17852215

Country of ref document: EP

Kind code of ref document: A1