CN114553412B - Data transmission method, device, equipment and storage medium - Google Patents
Data transmission method, device, equipment and storage medium Download PDFInfo
- Publication number
- CN114553412B CN114553412B CN202210187062.2A CN202210187062A CN114553412B CN 114553412 B CN114553412 B CN 114553412B CN 202210187062 A CN202210187062 A CN 202210187062A CN 114553412 B CN114553412 B CN 114553412B
- Authority
- CN
- China
- Prior art keywords
- key
- target
- session
- source
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 230000005540 biological transmission Effects 0.000 title claims abstract description 203
- 238000000034 method Methods 0.000 title claims abstract description 59
- 230000006870 function Effects 0.000 claims description 26
- 238000012545 processing Methods 0.000 claims description 12
- 238000012546 transfer Methods 0.000 claims description 9
- 238000004590 computer program Methods 0.000 claims description 8
- 238000004891 communication Methods 0.000 description 10
- 238000004422 calculation algorithm Methods 0.000 description 8
- 238000010586 diagram Methods 0.000 description 8
- 235000014510 cooky Nutrition 0.000 description 4
- 101100217298 Mus musculus Aspm gene Proteins 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 2
- 238000004364 calculation method Methods 0.000 description 2
- 230000011664 signaling Effects 0.000 description 2
- 238000012795 verification Methods 0.000 description 2
- 238000013473 artificial intelligence Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000010801 machine learning Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0838—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0442—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer And Data Communications (AREA)
Abstract
The application discloses a data transmission method, a device, equipment and a storage medium, wherein the method comprises the following steps: when the source equipment establishes a session with the target equipment, receiving source data to be transmitted in the transmission operation; searching a key of the last transmission operation as a source key; generating parameters effective in the transmission operation for the source data; generating a unidirectional key as a target key according to the parameters and the source key; encrypting the source data into target data according to the target key; and executing the transmission operation in the session to transmit the target data to the target equipment. The embodiment accords with perfect forward security, and even if the source equipment and the target equipment are attacked to cause the leakage of a certain secret key, the security of historical data in the session can be ensured.
Description
Technical Field
The present disclosure relates to the field of communications technologies, and in particular, to a data transmission method, apparatus, device, and storage medium.
Background
In order to protect confidentiality and integrity during network transmission, a standard cryptographic algorithm protocol, such as TLS1.2/1.3 protocol or a modified algorithm based on TLS protocol, is often adopted.
These algorithmic protocols negotiate a master key (master key) for each session and encrypt data using the master key.
However, some attacks on the device can cause the memory information of the device to be leaked, and the leaked information may include the master key of the session, so that the historical data and the subsequent data of the session are decrypted and leaked, which has low security.
Disclosure of Invention
The application provides a data transmission method, a device, equipment and a storage medium, which are used for solving the problem of how to improve the security of historical data in a session.
According to an aspect of the present application, there is provided a data transmission method applied to a source device, the method including:
when the source equipment establishes a session with the target equipment, receiving source data to be transmitted in the transmission operation;
searching a key used by the last transmission operation as a source key;
generating parameters for the source data that are valid at the present time for the transfer operation;
generating a unidirectional key as a target key according to the parameter and the source key;
performing an encryption operation to encrypt the source data into target data according to the target key;
and executing the transmission operation in the session to transmit part of the parameters and the target data to the target equipment.
According to another aspect of the present application, there is provided a data transmission method applied to a target device, the method including:
when a source device establishes a session with the target device, a transmission operation is executed, and partial parameters which are sent by the source device and are effective in the transmission operation at the present time are received;
searching a key used by the last transmission operation as a source key;
generating partial parameters for the target data, which are valid in the transmission operation at the present time;
generating a unidirectional key as a target key according to all the parameters and the source key;
and executing decryption operation to decrypt the target data into source data according to the target key.
According to another aspect of the present application, there is provided a data transmission apparatus applied to a source device, the apparatus comprising:
the source data receiving module is used for receiving source data to be transmitted in the transmission operation when the source equipment establishes a session with the target equipment;
the source key searching module is used for searching a key used in the last transmission operation and taking the key as a source key;
a parameter generating module, configured to generate, for the source data, parameters valid in the transmission operation at this time;
The target key generation module is used for generating a unidirectional key as a target key according to the parameters and the source key;
the data encryption module is used for executing encryption operation so as to encrypt the source data into target data according to the target key;
and the session transmission module is used for executing the transmission operation in the session so as to transmit part of the parameters and the target data to the target equipment.
According to another aspect of the present application, there is provided a data transmission apparatus applied to a target device, the apparatus comprising:
the data receiving module is used for executing transmission operation when the source equipment establishes a session with the target equipment, and receiving target data sent by the source equipment and partial parameters valid in the transmission operation at the present time;
the source key searching module is used for searching a key used in the last transmission operation and taking the key as a source key;
a parameter generating module, configured to generate, for the target data, a partial parameter that is valid in the transmission operation at this time;
the target key generation module is used for generating a unidirectional key as a target key according to all the parameters and the source key;
And the data decryption module is used for executing decryption operation so as to decrypt the target data into source data according to the target key.
According to another aspect of the present application, there is provided an electronic device including:
at least one processor; and
a memory communicatively coupled to the at least one processor; wherein,
the memory stores a computer program executable by the at least one processor to enable the at least one processor to perform the data transmission method of any of the embodiments of the present application.
According to another aspect of the present application, there is provided a computer readable storage medium storing computer instructions for causing a processor to execute a data transmission method according to any embodiment of the present application.
In this embodiment, when a session is established between a source device and a target device, source data to be transmitted in the current transmission operation is received; searching a key used in the last transmission operation as a source key; generating parameters effective in the transmission operation for the source data; generating a unidirectional key as a target key according to the parameters and the source key; performing an encryption operation to encrypt the source data into the target data according to the target key; and executing the transmission operation in the session to transmit part of parameters and target data to the target equipment. In this embodiment, a new key is generated unidirectionally in the transmission operation, so that the keys of each communication are different, perfect forward security is met in the session period, even if the source device and the target device are attacked to cause leakage of a certain key, leakage of a key used by historical data in the session is not caused, security of the historical data in the session can be ensured, and replay attack can be prevented. In addition, the embodiment generates a new key unidirectionally based on the key of the last time, so that the operation is simpler than the key exchange, and the time cost can be greatly reduced.
It should be understood that the description of this section is not intended to identify key or critical features of the embodiments of the application or to delineate the scope of the application. Other features of the present application will become apparent from the description that follows.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are needed in the description of the embodiments will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present application, and that other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
Fig. 1 is a flowchart of a data transmission method according to a first embodiment of the present application;
fig. 2 is a signaling diagram providing a data transmission according to an embodiment of the present application;
fig. 3 is a flowchart of a data transmission method according to a second embodiment of the present application;
fig. 4 is a signaling diagram for providing a data transmission according to a second embodiment of the present application;
fig. 5 is a schematic structural diagram of a data transmission device according to a third embodiment of the present application;
fig. 6 is a schematic structural diagram of a data transmission device according to a fourth embodiment of the present application;
Fig. 7 is a schematic structural diagram of an electronic device implementing a data transmission method according to an embodiment of the present application.
Detailed Description
In order to make the present application solution better understood by those skilled in the art, the following description will be made in detail and with reference to the accompanying drawings in the embodiments of the present application, it is apparent that the described embodiments are only some embodiments of the present application, not all embodiments. All other embodiments, which can be made by one of ordinary skill in the art based on the embodiments herein without making any inventive effort, shall fall within the scope of the present application.
It should be noted that the terms "first," "second," and the like in the description and claims of the present application and the above figures are used for distinguishing between similar objects and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used may be interchanged where appropriate such that embodiments of the present application described herein may be implemented in sequences other than those illustrated or otherwise described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
Example 1
Fig. 1 is a flowchart of a data transmission method provided in an embodiment of the present application, where the embodiment may be applicable to a case of generating a one-time encrypted key for data transmission, and the method may be performed by a data transmission device, where the data transmission device may be implemented in hardware and/or software, and the data transmission device may be configured in an electronic device, especially a source device, that is, the embodiment may be applied to the source device. As shown in fig. 1, the method includes:
and step 101, when the source equipment establishes a session with the target equipment, receiving the source data to be transmitted in the transmission operation.
In the present embodiment, a session (session) is established between two electronic devices, in which the two electronic devices communicate with each other, transfer data between each other, and thus, a plurality of transfer operations are performed between each other.
In one transmission operation, two electronic devices are distinguished into a source device and a target device, that is, in one transmission operation, the source device is an electronic device that transmits data, and the target device is an electronic device that receives data.
The source device and the target device are different in different traffic scenarios, which the present embodiment does not limit.
For example, in a system of a C/S (Client/Server) architecture, the Client and the Server may communicate with each other, and then the source device may be an electronic device installed with the Client, and the Server may be an electronic device installed with the Server, or vice versa, and the Server may be an electronic device installed with the Client.
For example, in a system with a C/S architecture, a server is disposed between a plurality of electronic devices, that is, different modules between the servers are installed between different electronic devices, and the different modules may communicate with each other, so the source device may be an electronic device installed with a certain module in the server, where the server is an electronic device installed with a certain module in the server.
Accordingly, in different service scenarios, the applications (client/server) installed by the source device and the target device are different, for example, a browser, an email box, an address book, a shopping application, a short video application, a live broadcast application, and the like, and the data to be transmitted therebetween are different, which is not limited in this embodiment.
For example, for a browser, when a user logs in to a website by using an account number and a password (also called a password), the browser can send the account number and the password to the website for verification, and the website returns a Cookie after the account number and the password are successfully verified, and at this time, the account number, the password and the Cookie can be used as data.
For another example, for an address book, the user records contact information, such as a name, a mobile phone number, an avatar, etc., and the contact information may be uploaded to a cloud backup, or shared to other users through IM (Instant Messaging ), where the contact information may be used as data.
Of course, the source device, the target device, and the source data are merely examples, and other source devices, target devices, and source data may be set according to actual situations when implementing the present embodiment, which is not limited in this embodiment. In addition, other applications and source data to be encrypted thereof can be adopted by those skilled in the art according to actual needs besides the source device, the target device and the source data, which is not limited in this embodiment.
In a plurality of transmission operations between two electronic devices, data generated by a source device and to be transmitted to a target device is received for the current transmission operation and is recorded as source data.
Step 102, searching a key used in the last transmission operation as a source key.
In the process of establishing a session, the source device and the target device can negotiate a key effective in the session through SSL (Secure Sockets Layer, secure socket protocol) and other protocols, the source device writes the key into a buffer memory of the session, and the key belongs to an initial key in the session between the source device and the target device.
In this embodiment, the source device may search, in the buffer of the session, a key used by the last transmission operation when the source device communicates with the target device in the session, and record the key as the source key.
The last transmission operation may be that the source device transmits the data to the target device, or that the electronic device currently serving as the target device transmits the data to the electronic device currently serving as the source device, which is not limited in this embodiment.
When the transmission operation is performed for the first time, the key used in the last transmission may be null, that is, the key negotiated between the source device and the target device is used in the first transmission operation, and the key used in the last transmission may also be the key negotiated between the source device and the target device, which is not limited in this embodiment.
And step 103, generating parameters which are effective in the transmission operation for the source data.
In order to achieve perfect forward security (Perfect Forward Secrecy, PFS) for data historically transferred in a session between a source device and a target device, in this embodiment, for the present transfer operation, parameters valid for the present transfer operation may be generated in the source device for the source data.
By perfect forward security, it is meant, among other things, that data communicated historically in a session between a source device and a target device is protected from future exposure of passwords or keys. If perfect forward security exists, even if the source device and the target device are subject to active attack to leak passwords or keys, the security of historical communication data can be ensured when the current key is leaked.
Further, the parameter effective for the current transmission operation is data indicating that the operation of the current transmission source data is unique, that is, the parameter is disposable data and is not reused.
In one way of generating the parameters, when a session is established between the source device and the target device, an encryption counter and a target counter may be generated in the source device, where the encryption counter is used to count the number of times of performing encryption operations in the session, the target counter is used to count the number of times of expected unidirectional recursive encryption on the initial key, the number of times of the encryption counter and the number of times of the target counter are both zero in the initial process, and subsequently, in order to ensure the unidirectional property of the key, the number of times of the target counter is greater than the number of times of the encryption counter, that is, the number of times of the target counter is any number value greater than the number of times of the encryption counter, for example, the number of times of the target counter is obtained by forward shifting a specified number value on the basis of the number of times of the encryption counter, and so on.
In this manner, the parameters that are valid in the present transmission operation include the encryption number and the recursion number, and specifically, the encryption counter in the session may be searched, and the number of times may be read from the encryption counter as the encryption number of times the present transmission operation performs the encryption operation in the session.
Searching a target counter in the session, and reading the number of times from the target counter as the recursion number of the one-way recursion encryption of the initial key expected by the transmission operation in the session.
Of course, the above-mentioned manner of generating the parameters valid in the current transmission operation is merely an example, and in implementing the present embodiment, other manners of generating the parameters valid in the current transmission operation may be set according to practical situations, for example, one or more values may be randomly generated by means of a rand () function or the like, as the parameters valid in the current transmission operation, the current timestamp may be read from the operating system by means of a function such as a calndar.getinstant (), a new Time (), or the like, as the parameters valid in the current transmission operation, and the present embodiment is not limited thereto. In addition to the above-described method of generating the parameters valid for the present transmission operation, those skilled in the art may adopt other methods of generating the parameters valid for the present transmission operation according to actual needs, and the present embodiment is not limited thereto.
Step 104, generating a unidirectional key as a target key according to the parameters and the source key.
In the present embodiment, the source device is provided with the key generation function FKD for generating a one-way key, that is, one-way key having a unidirectional property from input to output, and the output is also predetermined for a predetermined input, and the input cannot be reversely derived from the output.
For the transmission operation, the parameters and the source key are input into a key generation function FKD, the key generation function FKD is operated, and the key valid in the transmission operation is output and recorded as a target key.
The key valid for the current transmission operation is a key having uniqueness in the operation of the current transmission source data, that is, the key is disposable data and is not reused.
In one embodiment of the present application, step 104 includes the steps of:
step 1041, subtracting the encryption number from the recursion number to obtain a target number.
Step 1042, performing recursive encryption on the source key in one direction until reaching the target times to obtain the target key.
In this embodiment, the parameters valid in the present transmission operation include the number of times the present transmission operation performs encryption operation in the session, and the number of times the present transmission operation expects one-way recursive encryption of the initial key in the session.
As shown in fig. 2, the key generation function FKD may be defined as:
Key=FKD(K n ,n,m)
=FKD(FKD(FKD(K n ,n,n+1),n+1,n+2)…,m-1,m)
key is a target Key, n is encryption times, m is recursion times, and Kn is a source Key.
Because the source key is a key after the initial key one-way recursion encryption times, the source device can subtract the recursion times from the encryption times to obtain the target times, and the target times are used as the times of one-way recursion encryption on the basis of the source key.
Here, recursion refers to a key output from the key generation function FKD at the last time, and is a key of the key generation function FKD at the present time.
In one example, if the target number of times is one, that is, when the number of times of encryption n=i (i is a positive integer), the number of recursions m=i+1, the number of recursions and the source key may be formed into a string, and the string may be input into a one-way Hash function Hash to be processed to output the target key, which may be expressed as:
FKD(K i ,i,i+1)=Hash(concat(K i ,(i+1)))
the one-way Hash function Hash may calculate any length data to generate L-byte fixed length digest information B0B1B2 … BL-2BL-1, e.g., MD5 output 16B digest, SHA1 output 20B digest, SHA256 output 32B digest, SHA512 output 64B digest, etc.
In another example, if the target number of times is one, that is, when the encryption number n=i (i is a positive integer), the recursion number m=i+1, the Hash operation message authentication code function (Hash-based Message Authentication Code, HMAC) in which the recursion number is related to the source key input key may be processed to output the target key, which may be expressed as:
FKD(K i ,i,i+1)=HMAC(K i ,i+1)
wherein the HMAC takes a message M of arbitrary length and a key K as inputs and generates a message digest of fixed length as output.
Of course, the above-described one-way encryption method is merely an example, and other one-way encryption methods may be provided according to actual situations when implementing the present embodiment, and the present embodiment is not limited thereto. In addition, other one-way encryption modes besides the one-way encryption modes can be adopted by the person skilled in the art according to actual needs, and the embodiment is not limited to the one-way encryption mode.
Step 105, an encryption operation is performed to encrypt the source data into the target data according to the target key.
In this embodiment, a symmetric key algorithm may be negotiated in advance between the source device and the target device, where the symmetric key algorithm is an encryption and decryption method using a single key Cipher, and the same key may be used for both encryption and decryption of data, for example, AES (Advanced Encryption Standard ), RC4 (Rivest Cipher 4), and so on.
If the target key effective in the transmission operation is generated, the source device may perform an encryption operation on the symmetric key algorithm, encrypt the source data using the target key in the encryption operation, and record the encrypted ciphertext as the target data.
As shown in FIG. 2, the encryption operation may be represented as C y =Key(C x ) Wherein C y For target data, C x Key () represents encryption using a target Key for source data.
And 106, executing the transmission operation in the session to transmit part of parameters and target data to the target equipment.
The source device executes the transmission operation in the session, and transmits part of parameters and target data which are not agreed with the target device to the target device through the session, while part of parameters which are agreed with the target device are not transmitted to the target device.
For example, as shown in fig. 2, if the parameters valid in the present transmission operation include the number of times the encryption operation is performed in the present transmission operation in the session, the present transmission operation expects the number of times m of recursion of the one-way recursion encryption of the initial key in the session, the present transmission operation may be performed in the session to match the number of times m of recursion with the target data C y To the target device and not to the target device.
In addition, the source device can delete the source key and cache the target key in the session, so that the quantity of the leaked keys is minimum when the source device suffers from active attack, and the security is improved.
In this embodiment, when a session is established between a source device and a target device, source data to be transmitted in the current transmission operation is received; searching a key used in the last transmission operation as a source key; generating parameters effective in the transmission operation for the source data; generating a unidirectional key as a target key according to the parameters and the source key; performing an encryption operation to encrypt the source data into the target data according to the target key; and executing the transmission operation in the session to transmit part of parameters and target data to the target equipment. In this embodiment, a new key is generated unidirectionally in the transmission operation, so that the keys of each communication are different, perfect forward security is met in the session period, even if the source device and the target device are attacked to cause leakage of a certain key, leakage of a key used by historical data in the session is not caused, security of the historical data in the session can be ensured, and replay attack can be prevented. In addition, the embodiment generates a new key unidirectionally based on the key of the last time, so that the operation is simpler than the key exchange, and the time cost can be greatly reduced.
Example two
Fig. 3 is a flowchart of a data transmission method provided in the second embodiment of the present application, where the present embodiment may be applicable to a case of generating a one-time decryption key for data transmission, and the method may be performed by a data transmission device, where the data transmission device may be implemented in a form of hardware and/or software, and the data transmission device may be configured in an electronic device, especially a target device, that is, the present embodiment may be applied to the target device. As shown in fig. 3, the method includes:
step 301, when the source device establishes a session with the target device, a transmission operation is performed, and the target data sent by the source device and part of parameters valid in the transmission operation are received.
In the present embodiment, a session (session) is established between two electronic devices, in which the two electronic devices communicate with each other, transfer data between each other, and thus, a plurality of transfer operations are performed between each other.
In one transmission operation, two electronic devices are distinguished into a source device and a target device, that is, in one transmission operation, the source device is an electronic device that transmits data, and the target device is an electronic device that receives data.
The source device and the target device are different in different traffic scenarios, which the present embodiment does not limit.
For example, in a system with a C/S architecture, the client and the server may communicate with each other, and then the source device may be an electronic device installed with the client, and in this case, the server may be an electronic device installed with the server, or vice versa, and in this case, the server may be an electronic device installed with the client.
For example, in a system with a C/S architecture, a server is disposed between a plurality of electronic devices, that is, different modules between the servers are installed between different electronic devices, and the different modules may communicate with each other, so the source device may be an electronic device installed with a certain module in the server, where the server is an electronic device installed with a certain module in the server.
Accordingly, in different service scenarios, the applications (client/server) installed by the source device and the target device are different, for example, a browser, an email box, an address book, a shopping application, a short video application, a live broadcast application, and the like, and the data to be transmitted therebetween are different, which is not limited in this embodiment.
For example, for a browser, when a user logs in to a website by using an account number and a password (also called a password), the browser can send the account number and the password to the website for verification, and the website returns a Cookie after the account number and the password are successfully verified, and at this time, the account number, the password and the Cookie can be used as data.
For another example, for an address book, the user records contact information, such as a name, a mobile phone number, an avatar, etc., and the contact information may be uploaded to a cloud backup, or shared to other users through IM (Instant Messaging ), where the contact information may be used as data.
Of course, the source device, the target device, and the source data are merely examples, and other source devices, target devices, and source data may be set according to actual situations when implementing the present embodiment, which is not limited in this embodiment. In addition, other applications and source data to be encrypted thereof can be adopted by those skilled in the art according to actual needs besides the source device, the target device and the source data, which is not limited in this embodiment.
In the transmission operation, the target device receives target data sent by the source device in a session and part of parameters effective in the transmission operation, wherein the target data is ciphertext and part of parameters waiting for decryption, and the part of parameters effective in the transmission operation are part of parameters which are not agreed by the source device and the target device.
For example, as shown in fig. 4, if the parameters valid in the present transmission operation include the number of encryption operations performed by the present transmission operation in the session, the present transmission operation expects the number of recursions m of the one-way recursion encryption of the initial key in the session, and the source device transmits the number of recursions m as a part of the parameters valid in the present transmission operation to the target device, the target device may receive the target data C sent by the source device y The recursion number m is the number of times that the transmission operation expects to carry out unidirectional recursion encryption on the initial key in the session.
Step 302, searching a key used in the last transmission operation as a source key.
In the process of establishing a session, the source device and the target device can negotiate a key effective in the session through SSL (Secure Sockets Layer, secure socket protocol) and other protocols, and the target device writes the key into a buffer memory of the session, wherein the key belongs to an initial key in the session between the source device and the target device.
In this embodiment, the target device may search, in the buffer of the session, a key used by the last transmission operation when the source device and the target device communicate in the session, and record the key as the source key.
The last transmission operation may be that the source device transmits the data to the target device, or that the electronic device currently serving as the target device transmits the data to the electronic device currently serving as the source device, which is not limited in this embodiment.
When the transmission operation is performed for the first time, the key used in the last transmission may be null, that is, the key negotiated between the source device and the target device is used in the first transmission operation, and the key used in the last transmission may also be the key negotiated between the source device and the target device, which is not limited in this embodiment.
Step 303, generating partial parameters effective in the current transmission operation for the target data.
In order to achieve perfect forward security for data historically transmitted in a session between a source device and a target device, in this embodiment, for the present transmission operation, a part of parameters valid for the present transmission operation may be generated in the target device for the target data, where the part of parameters are parameters agreed by the source device and the target device, and the source device does not transmit to the target device.
By perfect forward security, it is meant, among other things, that data communicated historically in a session between a source device and a target device is protected from future exposure of passwords or keys. If perfect forward security exists, even if the source device and the target device are subject to active attack to leak passwords or keys, the security of historical communication data can be ensured when the current key is leaked.
Further, the parameter effective for the current transmission operation is data indicating that the operation of the current transmission source data is unique, that is, the parameter is disposable data and is not reused.
In one way of generating the parameters, a decryption counter may be generated in the target device when a session is established between the source device and the target device, the decryption counter being used to count the number of times a decryption operation is performed in the session, the number of times the decryption counter is initially zero, and subsequently the number of recursions is greater than the number of times the decryption counter in order to ensure the unidirectionality of the key.
Further, when a session is established between the source device and the target device, an encryption counter may be generated in the source device, where the encryption counter is used to count the number of times an encryption operation is performed in the session, and at this time, the number of times the encryption counter in the source device is equal to the number of times the decryption counter in the target device.
For the same electronic device, in different transmission operations in the same session, the electronic device can be a source device or a target device, so that an encryption counter, a decryption counter and a target counter can be generated simultaneously in the same electronic device, and the encryption counter, the decryption counter and the target counter are independently operated and independently counted.
In this embodiment, the partial parameter valid in the current transfer operation is the number of times of confidentiality, specifically, the decryption counter in the session is searched, and the number of times is read from the decryption counter as the number of times of decryption in the session currently performed.
Step 304, generating a unidirectional key as a target key according to all the parameters and the source key.
In the present embodiment, the target device is provided with a key generation function FKD for generating a one-way key, that is, one-way key having a unidirectional property from input to output, and the output is also predetermined for a predetermined input, and the input cannot be reversely derived from the output.
For the transmission operation, combining all parameters, wherein all parameters and a source key are input into a key generation function FKD, running the key generation function FKD, outputting a key which is effective in the transmission operation, and recording the key as a target key.
In one embodiment of the present application, step 304 includes the steps of:
step 3041, subtracting the encryption times from the recursion times to obtain the target times.
Step 3042, performing recursive encryption on the source key in one direction until reaching the target times to obtain the target key.
In this embodiment, for the target device, the parameters valid in the current transmission operation include the number of times the current transmission operation performs decryption operation in the session, and the number of times the current transmission operation expects one-way recursive encryption of the initial key in the session.
As shown in fig. 4, the key generation function FKD may be defined as:
Key=FKD(K n ,n,m)
=FKD(FKD(FKD(K n ,n,n+1),n+1,n+2)…,m-1,m)
wherein Key is a target Key, n is decryption times, m is recursion times, and Kn is a source Key.
Because the source key is the key after the initial key one-way recursion decryption times, the target device can subtract the decryption times from the recursion times to obtain the target times, and the target times are used as the times of one-way recursion encryption on the basis of the source key, and at the moment, the source key is subjected to one-way recursion encryption until the target times are reached to obtain the target key.
Here, recursion refers to a key output from the key generation function FKD at the last time, and is a key of the key generation function FKD at the present time.
In one example, if the target number of times is one, that is, when the number of times of encryption n=i (i is a positive integer), the number of recursions m=i+1, the number of recursions and the source key may be formed into a string, and the string may be input into a one-way Hash function Hash to be processed to output the target key, which may be expressed as:
FKD(K i ,i,i+1)=Hash(concat(K i ,(i+1)))
the one-way Hash function Hash may calculate any length data to generate L-byte fixed length digest information B0B1B2 … BL-2BL-1, e.g., MD5 output 16B digest, SHA1 output 20B digest, SHA256 output 32B digest, SHA512 output 64B digest, etc.
In another example, if the target number of times is one, that is, when the encryption number n=i (i is a positive integer), the recursion number m=i+1, the Hash operation message authentication code function (Hash-based Message Authentication Code, HMAC) in which the recursion number is related to the source key input key may be processed to output the target key, which may be expressed as:
FKD(K i ,i,i+1)=HMAC(K i ,i+1)
wherein the HMAC takes a message M of arbitrary length and a key K as inputs and generates a message digest of fixed length as output.
Of course, the above-described one-way encryption method is merely an example, and other one-way encryption methods may be provided according to actual situations when implementing the present embodiment, and the present embodiment is not limited thereto. In addition, other one-way encryption modes besides the one-way encryption modes can be adopted by the person skilled in the art according to actual needs, and the embodiment is not limited to the one-way encryption mode.
Step 305, a decryption operation is performed to decrypt the target data into the source data according to the target key.
In this embodiment, a symmetric key algorithm, such as AES, RC4, or the like, may be negotiated in advance between the source device and the target device.
If the target key effective in the transmission operation is generated, the target device may execute a decryption operation on the symmetric key algorithm, decrypt the target data using the target key in the decryption operation, and record the decrypted plaintext as the source data.
As shown in FIG. 4, the decryption key operation may be represented as C x =Key(C y ) Wherein C y For target data, C x Key () represents decryption using a target Key for source data.
In addition, the target device can delete the source key and cache the target key in the session, so that the minimum number of leaked keys is ensured when the target device suffers from active attack, and the security is improved.
In this embodiment, when a session is established between a source device and a target device, a transmission operation is performed, and target data sent by the source device and a part of parameters valid in the transmission operation are received; searching a key used in the last transmission operation as a source key; generating partial parameters which are effective in the transmission operation for the target data; generating a unidirectional key as a target key according to all the parameters and the source key; a decryption operation is performed to decrypt the target data into the source data according to the target key. In this embodiment, a new key is generated unidirectionally in the transmission operation, so that the keys of each communication are different, perfect forward security is met in the session period, even if the source device and the target device are attacked to cause leakage of a certain key, leakage of a key used by historical data in the session is not caused, security of the historical data in the session can be ensured, and replay attack can be prevented. In addition, the embodiment generates a new key unidirectionally based on the key of the last time, so that the operation is simpler than the key exchange, and the time cost can be greatly reduced.
Example III
Fig. 5 is a schematic structural diagram of a data transmission device according to a third embodiment of the present application, where the device is applied to a source device, as shown in fig. 5, and the device includes:
A source data receiving module 501, configured to receive source data to be transmitted in the current transmission operation when the source device establishes a session with a target device;
a source key searching module 502, configured to search a key used in the previous transmission operation as a source key;
a parameter generating module 503, configured to generate, for the source data, parameters valid in the transmission operation at this time;
a target key generating module 504, configured to generate a unidirectional key as a target key according to the parameter and the source key;
a data encryption module 505, configured to perform an encryption operation to encrypt the source data into target data according to the target key;
a session transmission module 506, configured to perform the transmission operation in the session at this time, so as to transmit a part of the parameters and the target data to the target device.
In one embodiment of the present application, the parameters include the number of encryption and the number of recursion; the parameter generating module 503 includes:
an encryption counter lookup module configured to lookup an encryption counter in the session, the encryption counter being configured to count a number of times an encryption operation is performed in the session;
A target counter searching module, configured to search a target counter in the session, where the target counter is used to count a number of times that the initial key is expected to be recursively encrypted in one direction;
an encryption counter reading module for reading the number of times from the encryption counter as the number of times the transmission operation is executed in the session,
a target counter reading module, configured to read the number of times from the target counter as a number of recursions that the transmission operation expects to perform one-way recursive encryption on the key initially in the session.
In one embodiment of the present application, the target key generation module 504 includes:
the target frequency calculation module is used for subtracting the encryption frequency from the recursion frequency to obtain target frequency;
and the target frequency recursion module is used for carrying out recursion encryption on the source key in one way until the target frequency is reached, so as to obtain a target key.
In one embodiment of the present application, the target number of times recursion module includes:
the character string generation module is used for forming a character string by the recursion times and the source key if the target times are one time;
The hash processing module is used for inputting the character string into a one-way hash function for processing so as to output a target key;
or,
and the hash authentication module is used for processing the hash operation message authentication code function related to the recursion times and the source key input key to output a target key if the target times are one time.
In one embodiment of the present application, the session transmission module 506 is further configured to:
and executing the transmission operation in the session to transmit the recursion times and the target data to the target device.
In one embodiment of the present application, further comprising:
and the key updating module is used for deleting the source key and caching the target key in the session.
The data transmission device provided by the embodiment of the application can execute the data transmission method provided by any embodiment of the application, and has the corresponding functional modules and beneficial effects of executing the data transmission method.
Example IV
Fig. 6 is a schematic structural diagram of a data transmission device according to a fourth embodiment of the present application, where the device is applied to a target apparatus, as shown in fig. 6, and the device includes:
a data receiving module 601, configured to perform a transmission operation when a session is established between a source device and the target device, and receive target data sent by the source device, and a part of parameters valid in the transmission operation at this time;
A source key searching module 602, configured to search a key used in the previous transmission operation as a source key;
a parameter generating module 603, configured to generate, for the target data, a partial parameter valid in the transmission operation at this time;
a target key generating module 604, configured to generate a unidirectional key as a target key according to all the parameters and the source key;
the data decryption module 605 is configured to perform a decryption operation to decrypt the target data into the source data according to the target key.
In one embodiment of the present application, the data receiving module 601 is further configured to:
and receiving target data sent by the source equipment and recursion times, wherein the recursion times are times of one-way recursion encryption of the initial key expected by the transmission operation in a session.
In one embodiment of the present application, the parameter generating module 603 includes:
a decryption counter searching module, configured to search a decryption counter in the session, where the decryption counter is used to count the number of times of executing a decryption operation in the session;
and the decryption counter reading module is used for reading the number of times from the decryption counter as the decryption number of times of executing decryption operation in the transmission operation in the session.
In one embodiment of the present application, the target key generation module 604 includes:
the target frequency calculation module is used for subtracting the decryption frequency from the recursion frequency to obtain target frequency;
and the target frequency recursion module is used for carrying out recursion encryption on the source key in one way until the target frequency is reached, so as to obtain a target key.
In one embodiment of the present application, the target number of times recursion module includes:
the character string generation module is used for forming a character string by the recursion times and the source key if the target times are one time;
the hash processing module is used for inputting the character string into a one-way hash function for processing so as to output a target key;
or,
and the hash authentication module is used for processing the hash operation message authentication code function related to the recursion times and the source key input key to output a target key if the target times are one time.
In one embodiment of the present application, further comprising:
and the key updating module is used for deleting the source key and caching the target key in the session.
The data transmission device provided by the embodiment of the application can execute the data transmission method provided by any embodiment of the application, and has the corresponding functional modules and beneficial effects of executing the data transmission method.
Example five
Fig. 7 shows a schematic diagram of the structure of an electronic device 10 that may be used to implement embodiments of the present application.
As shown in fig. 7, the electronic device 10 includes at least one processor 11, and a memory, such as a Read Only Memory (ROM) 12, a Random Access Memory (RAM) 13, etc., communicatively connected to the at least one processor 11, in which the memory stores a computer program executable by the at least one processor, and the processor 11 may perform various appropriate actions and processes according to the computer program stored in the Read Only Memory (ROM) 12 or the computer program loaded from the storage unit 18 into the Random Access Memory (RAM) 13. In the RAM 13, various programs and data required for the operation of the electronic device 10 may also be stored. The processor 11, the ROM 12 and the RAM 13 are connected to each other via a bus 14. An input/output (I/O) interface 15 is also connected to bus 14.
Various components in the electronic device 10 are connected to the I/O interface 15, including: an input unit 16 such as a keyboard, a mouse, etc.; an output unit 17 such as various types of displays, speakers, and the like; a storage unit 18 such as a magnetic disk, an optical disk, or the like; and a communication unit 19 such as a network card, modem, wireless communication transceiver, etc. The communication unit 19 allows the electronic device 10 to exchange information/data with other devices via a computer network, such as the internet, and/or various telecommunication networks.
The processor 11 may be a variety of general and/or special purpose processing components having processing and computing capabilities. Some examples of processor 11 include, but are not limited to, a Central Processing Unit (CPU), a Graphics Processing Unit (GPU), various specialized Artificial Intelligence (AI) computing chips, various processors running machine learning model algorithms, digital Signal Processors (DSPs), and any suitable processor, controller, microcontroller, etc. The processor 11 performs the various methods and processes described above, such as the data transmission method.
In some embodiments, the data transmission method may be implemented as a computer program tangibly embodied on a computer-readable storage medium, such as the storage unit 18. In some embodiments, part or all of the computer program may be loaded and/or installed onto the electronic device 10 via the ROM 12 and/or the communication unit 19. When the computer program is loaded into the RAM 13 and executed by the processor 11, one or more steps of the data transmission method described above may be performed. Alternatively, in other embodiments, the processor 11 may be configured to perform the data transmission method in any other suitable way (e.g. by means of firmware).
Claims (10)
1. A data transmission method, applied to a source device, the method comprising:
when the source equipment establishes a session with the target equipment, receiving source data to be transmitted in the transmission operation;
searching a key used by the last transmission operation as a source key;
generating parameters for the source data that are valid at the present time for the transfer operation; the effective parameter of the transmission operation is data with uniqueness in the operation of the pointer on the transmission source data;
generating a unidirectional key as a target key according to the parameter and the source key;
performing an encryption operation to encrypt the source data into target data according to the target key;
performing the transmission operation in the session to transmit a part of the parameters and the target data to the target device;
the parameters comprise encryption times and recursion times; the generating parameters for the source data that are valid for the transmission operation at this time includes:
searching an encryption counter in the session, wherein the encryption counter is used for counting the times of executing encryption operation in the session;
searching a target counter in the session, wherein the target counter is used for counting the expected number of times of unidirectional recursive encryption of an initial key; the initial secret key is a secret key which is effective in the session of the source equipment and the target equipment in the process of establishing the session; reading the number of times from the encryption counter as the number of times the transmission operation is executed in the session;
The number of times is read from the target counter as the number of recursions that the transmission operation expects to one-way recursively encrypt the original key in the session.
2. The method of claim 1, wherein the generating a one-way key as a target key from the parameter and the source key comprises:
subtracting the encryption times from the recursion times to obtain target times;
and carrying out recursive encryption on the source key in one direction until the target times are reached, and obtaining a target key.
3. The method of claim 2, wherein the one-way recursively encrypting the source key until the target number is reached to obtain a target key, comprising:
if the target times are one time, the recursion times and the source key form a character string;
inputting the character string into a one-way hash function for processing so as to output a target key;
or,
and if the target times are one times, processing the hash operation message authentication code function related to the recursion times and the source key input key to output a target key.
4. The method of claim 1, wherein the performing the transmitting operation this time in the session to transmit a portion of the parameters and the target data to the target device comprises:
And executing the transmission operation in the session to transmit the recursion times and the target data to the target device.
5. The method of any one of claims 1-4, further comprising:
deleting the source key and caching the target key in the session.
6. A data transmission method, applied to a target device, the method comprising:
when a source device establishes a session with the target device, a transmission operation is executed, and partial parameters which are sent by the source device and are effective in the transmission operation at the present time are received;
searching a key used by the last transmission operation as a source key;
generating partial parameters for the target data, which are valid in the transmission operation at the present time; the effective parameter of the transmission operation is data with uniqueness in the operation of the pointer on the transmission source data;
generating a unidirectional key as a target key according to all the parameters and the source key;
performing a decryption operation to decrypt the target data into source data according to the target key;
the parameters effective for the transmission operation include the decryption times of the decryption operation executed by the transmission operation in the session, and the recursion times of the unidirectional recursion encryption of the initial key expected by the transmission operation in the session; the initial secret key is a secret key which is effective in the session of the source equipment and the target equipment in the process of establishing the session;
Searching a decryption counter in the session, and reading the number of times from the decryption counter as the number of times of decryption operation currently executed in the session;
the number of times is read from a target counter in a session as the number of recursions that the transmission operation expects to encrypt the initial key unidirectionally recursively in the session.
7. A data transmission apparatus, the apparatus comprising:
the source data receiving module is used for receiving source data to be transmitted in the transmission operation when the source equipment and the target equipment establish a session;
the source key searching module is used for searching a key used in the last transmission operation and taking the key as a source key;
a parameter generating module, configured to generate, for the source data, parameters valid in the transmission operation at this time; the effective parameter of the transmission operation is data with uniqueness in the operation of the pointer on the transmission source data;
the target key generation module is used for generating a unidirectional key as a target key according to the parameters and the source key;
the data encryption module is used for executing encryption operation so as to encrypt the source data into target data according to the target key;
A session transmission module, configured to perform the transmission operation in the session at this time, so as to transmit a part of the parameters and the target data to the target device;
the parameters comprise encryption times and recursion times; the parameter generation module comprises:
an encryption counter lookup module configured to lookup an encryption counter in the session, the encryption counter being configured to count a number of times an encryption operation is performed in the session;
a target counter searching module, configured to search a target counter in the session, where the target counter is used to count the number of times that the initial key is expected to be recursively encrypted in one direction; the initial secret key is a secret key which is effective in the session of the source equipment and the target equipment in the process of establishing the session;
an encryption counter reading module configured to read the number of times from the encryption counter as the number of times the transmission operation performed the encryption operation this time in the session;
a target counter reading module, configured to read the number of times from the target counter as a number of recursions that the transmission operation expects to perform unidirectional recursive encryption on the initial key in the session.
8. A data transmission apparatus, the apparatus comprising:
the data receiving module is used for executing transmission operation when the source equipment and the target equipment establish a session, and receiving target data sent by the source equipment and partial parameters which are effective in the transmission operation at the present time; the effective parameter of the transmission operation is data with uniqueness in the operation of the pointer on the transmission source data;
the source key searching module is used for searching a key used in the last transmission operation and taking the key as a source key;
a parameter generating module, configured to generate, for the target data, a partial parameter that is valid in the transmission operation at this time;
the target key generation module is used for generating a unidirectional key as a target key according to all the parameters and the source key;
the data decryption module is used for executing decryption operation so as to decrypt the target data into source data according to the target key;
the data receiving module is further configured to:
receiving target data and recursion times sent by the source equipment, wherein the recursion times are times of one-way recursion encryption of an initial key expected by the transmission operation in a session; the initial secret key is a secret key which is effective in the session of the source equipment and the target equipment in the process of establishing the session;
The parameter generation module comprises:
a decryption counter searching module, configured to search a decryption counter in the session, where the decryption counter is used to count the number of times of executing a decryption operation in the session;
a decryption counter reading module configured to read the number of times from the decryption counter as the number of times of decryption operation performed by the transmission operation this time in the session;
a target counter searching module, configured to search a target counter in the session, where the target counter is used to count the number of times that the initial key is expected to be recursively encrypted in one direction;
and the target counter reading module is used for reading the number of times from the target counter as the recursion number of the one-way recursion encryption of the initial key expected by the current transmission operation in the session.
9. An electronic device, the electronic device comprising:
at least one processor; and
a memory communicatively coupled to the at least one processor; wherein,
the memory stores a computer program executable by the at least one processor to enable the at least one processor to perform the data transmission method of any one of claims 1-6.
10. A computer readable storage medium storing computer instructions for causing a processor to perform the data transmission method of any one of claims 1-6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210187062.2A CN114553412B (en) | 2022-02-28 | 2022-02-28 | Data transmission method, device, equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210187062.2A CN114553412B (en) | 2022-02-28 | 2022-02-28 | Data transmission method, device, equipment and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114553412A CN114553412A (en) | 2022-05-27 |
| CN114553412B true CN114553412B (en) | 2024-02-23 |
Family
ID=81680353
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210187062.2A Active CN114553412B (en) | 2022-02-28 | 2022-02-28 | Data transmission method, device, equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114553412B (en) |
Citations (15)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1694397A (en) * | 2004-05-08 | 2005-11-09 | 侯方勇 | Method and device for constructing sequential cipher |
| CN1768502A (en) * | 2002-06-19 | 2006-05-03 | 安全通信公司 | Inter-authentication method and device |
| CN101118586A (en) * | 2006-08-04 | 2008-02-06 | 佳能株式会社 | Information processing apparatus, data processing apparatus, and methods thereof |
| FR3004041A1 (en) * | 2013-03-28 | 2014-10-03 | Commissariat Energie Atomique | METHOD AND DEVICE FOR ESTABLISHING SESSION KEYS |
| CN105681039A (en) * | 2016-04-15 | 2016-06-15 | 上海上讯信息技术股份有限公司 | Method and device for secret key generation and corresponding decryption |
| US9374373B1 (en) * | 2015-02-03 | 2016-06-21 | Hong Kong Applied Science And Technology Research Institute Co., Ltd. | Encryption techniques for improved sharing and distribution of encrypted content |
| CN106067871A (en) * | 2015-04-23 | 2016-11-02 | 恩智浦有限公司 | For guaranteeing the safe method and system of the data transmitted in a network |
| CN109274494A (en) * | 2018-11-27 | 2019-01-25 | 新华三技术有限公司 | A kind of method and device of key maintenance |
| CN109584456A (en) * | 2018-11-21 | 2019-04-05 | 北京四达时代软件技术股份有限公司 | A kind of solar power supply unit, system and monthly payment plan control method |
| CN110611570A (en) * | 2019-09-26 | 2019-12-24 | 鹏城实验室 | Encryption, key information providing and data acquisition methods and devices |
| CN110890962A (en) * | 2019-12-20 | 2020-03-17 | 支付宝(杭州)信息技术有限公司 | Authentication key negotiation method, device, storage medium and equipment |
| CN111917540A (en) * | 2020-08-07 | 2020-11-10 | 广州市百果园信息技术有限公司 | Data encryption and decryption method and device, mobile terminal and storage medium |
| CN112751821A (en) * | 2020-07-29 | 2021-05-04 | 上海安辰网络科技有限公司 | Data transmission method, electronic equipment and storage medium |
| CN113346998A (en) * | 2021-08-06 | 2021-09-03 | 苏州浪潮智能科技有限公司 | Key updating and file sharing method, device, equipment and computer storage medium |
| CN113517981A (en) * | 2021-04-28 | 2021-10-19 | 河南中烟工业有限责任公司 | Key management method, code version management method and device |
-
2022
- 2022-02-28 CN CN202210187062.2A patent/CN114553412B/en active Active
Patent Citations (15)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1768502A (en) * | 2002-06-19 | 2006-05-03 | 安全通信公司 | Inter-authentication method and device |
| CN1694397A (en) * | 2004-05-08 | 2005-11-09 | 侯方勇 | Method and device for constructing sequential cipher |
| CN101118586A (en) * | 2006-08-04 | 2008-02-06 | 佳能株式会社 | Information processing apparatus, data processing apparatus, and methods thereof |
| FR3004041A1 (en) * | 2013-03-28 | 2014-10-03 | Commissariat Energie Atomique | METHOD AND DEVICE FOR ESTABLISHING SESSION KEYS |
| US9374373B1 (en) * | 2015-02-03 | 2016-06-21 | Hong Kong Applied Science And Technology Research Institute Co., Ltd. | Encryption techniques for improved sharing and distribution of encrypted content |
| CN106067871A (en) * | 2015-04-23 | 2016-11-02 | 恩智浦有限公司 | For guaranteeing the safe method and system of the data transmitted in a network |
| CN105681039A (en) * | 2016-04-15 | 2016-06-15 | 上海上讯信息技术股份有限公司 | Method and device for secret key generation and corresponding decryption |
| CN109584456A (en) * | 2018-11-21 | 2019-04-05 | 北京四达时代软件技术股份有限公司 | A kind of solar power supply unit, system and monthly payment plan control method |
| CN109274494A (en) * | 2018-11-27 | 2019-01-25 | 新华三技术有限公司 | A kind of method and device of key maintenance |
| CN110611570A (en) * | 2019-09-26 | 2019-12-24 | 鹏城实验室 | Encryption, key information providing and data acquisition methods and devices |
| CN110890962A (en) * | 2019-12-20 | 2020-03-17 | 支付宝(杭州)信息技术有限公司 | Authentication key negotiation method, device, storage medium and equipment |
| CN112751821A (en) * | 2020-07-29 | 2021-05-04 | 上海安辰网络科技有限公司 | Data transmission method, electronic equipment and storage medium |
| CN111917540A (en) * | 2020-08-07 | 2020-11-10 | 广州市百果园信息技术有限公司 | Data encryption and decryption method and device, mobile terminal and storage medium |
| CN113517981A (en) * | 2021-04-28 | 2021-10-19 | 河南中烟工业有限责任公司 | Key management method, code version management method and device |
| CN113346998A (en) * | 2021-08-06 | 2021-09-03 | 苏州浪潮智能科技有限公司 | Key updating and file sharing method, device, equipment and computer storage medium |
Non-Patent Citations (3)
| Title |
|---|
| Generation of Symmetric Key Using Randomness of Hash Function;Kamana Sai Charan等;2020 11th International Conference on Computing, Communication and Networking Technologies (ICCCNT);全文 * |
| 基于PKI体系的跨域密钥协商协议;魏振宇;芦翔;史庭俊;;计算机科学(01);全文 * |
| 基于哈希链的序列密码算法;姜璇;李永珍;;延边大学学报(自然科学版)(03);全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114553412A (en) | 2022-05-27 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Jost et al. | Efficient ratcheting: almost-optimal guarantees for secure messaging | |
| CN113691502B (en) | Communication method, device, gateway server, client and storage medium | |
| US20230254129A1 (en) | Key management for multi-party computation | |
| WO2022022009A1 (en) | Message processing method and apparatus, device, and storage medium | |
| Ngo et al. | Dynamic Key Cryptography and Applications. | |
| US20200195446A1 (en) | System and method for ensuring forward & backward secrecy using physically unclonable functions | |
| US20110145579A1 (en) | Password authentication method | |
| CN108549824A (en) | A kind of data desensitization method and device | |
| CN117155615A (en) | Data encryption transmission method, system, electronic equipment and storage medium | |
| Miculan et al. | Automated verification of Telegram’s MTProto 2.0 in the symbolic model | |
| KR101131929B1 (en) | Public key-based authentication apparatus and method for authentication | |
| Albrecht et al. | Device-oriented group messaging: a formal cryptographic analysis of matrix’core | |
| CN113810779A (en) | Code stream signature checking method and device, electronic equipment and computer readable medium | |
| CN114553412B (en) | Data transmission method, device, equipment and storage medium | |
| CN109120621B (en) | Data processor | |
| CN113784342B (en) | Encryption communication method and system based on Internet of things terminal | |
| CN114285557B (en) | Communication decryption method, system and device | |
| CN113411347B (en) | Transaction message processing method and processing device | |
| CN115550007A (en) | Signcryption method and system with equivalence test function based on heterogeneous system | |
| EP3871363A2 (en) | Computing key rotation period for block cipher-based encryption schemes system and method | |
| CN118646602B (en) | Encryption and decryption method, cloud server, equipment and medium for user outsourcing data | |
| CN114374519B (en) | Data transmission method, system and equipment | |
| CN117749527B (en) | Safety protection method and system based on big data analysis and cloud computing | |
| CN114499829B (en) | Key management method and device, electronic equipment and storage medium | |
| CN115460020B (en) | Data sharing method, device, equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |