CN113517980B - Key processing method, device and storage medium - Google Patents
Key processing method, device and storage medium Download PDFInfo
- Publication number
- CN113517980B CN113517980B CN202010276333.2A CN202010276333A CN113517980B CN 113517980 B CN113517980 B CN 113517980B CN 202010276333 A CN202010276333 A CN 202010276333A CN 113517980 B CN113517980 B CN 113517980B
- Authority
- CN
- China
- Prior art keywords
- split
- key
- path
- preset
- target
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000003672 processing method Methods 0.000 title claims abstract description 43
- 238000000034 method Methods 0.000 claims abstract description 72
- 238000012545 processing Methods 0.000 claims description 56
- 238000004891 communication Methods 0.000 claims description 39
- 230000005540 biological transmission Effects 0.000 claims description 22
- 238000004590 computer program Methods 0.000 claims description 21
- 238000010586 diagram Methods 0.000 description 14
- 238000005259 measurement Methods 0.000 description 3
- 230000003287 optical effect Effects 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- 230000007774 longterm Effects 0.000 description 2
- 230000002035 prolonged effect Effects 0.000 description 2
- 238000003491 array Methods 0.000 description 1
- 238000012937 correction Methods 0.000 description 1
- 230000001419 dependent effect Effects 0.000 description 1
- 235000019800 disodium phosphate Nutrition 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000010354 integration Effects 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 238000007781 pre-processing Methods 0.000 description 1
- 230000005610 quantum mechanics Effects 0.000 description 1
- 238000010187 selection method Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/085—Secret sharing or secret splitting, e.g. threshold schemes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0852—Quantum cryptography
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0852—Quantum cryptography
- H04L9/0855—Quantum cryptography involving additional nodes, e.g. quantum relays, repeaters, intermediate nodes or remote nodes
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Physics & Mathematics (AREA)
- Electromagnetism (AREA)
- Theoretical Computer Science (AREA)
- Storage Device Security (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention discloses a key processing method, a device and a storage medium, wherein the method applied to a first terminal comprises the following steps: determining at least one target path; splitting a first key to be sent to obtain at least one split message; transmitting the at least one split message through the at least one target path; the at least one split message is received by the second terminal and the first key is determined by the second terminal from the at least one split message.
Description
Technical Field
The present invention relates to data privacy technologies, and in particular, to a key processing method, device, and storage medium.
Background
The quantum secret communication has the technical advantages of non-subdivision of quantum, inaccurate quantum measurement, non-replicability of quantum, ideal randomness and the like, and the security is based on the basic principle of quantum mechanics, so that the quantum secret communication is a secret communication technology with the unique theoretical security capable of being strictly proved at present.
The prior practical quantum secret communication method mainly comprises two steps: quantum network-based quantum key distribution (QKD, quantum Key Distribution) and traditional network-based encrypted data transmission. Among them, quantum key distribution based on quantum network is a key step of the operation of the quantum secret communication system, and how to improve the security of the process is a very important problem.
Disclosure of Invention
In view of the above, a primary object of the present invention is to provide a key processing method, apparatus and storage medium.
In order to achieve the above purpose, the technical scheme of the invention is realized as follows:
the embodiment of the invention provides a key processing method, which is applied to a first terminal; the method comprises the following steps:
determining at least one target path;
splitting a first key to be sent to obtain at least one split message;
transmitting the at least one split message through the at least one target path; the at least one split message is received by the second terminal and the first key is determined by the second terminal from the at least one split message.
In the above solution, the determining at least one target path includes:
determining at least one path to be selected and a security state metric value of each path to be selected in the at least one path to be selected;
and selecting a path with the safety state meeting preset conditions from the at least one path to be selected as a target path according to the safety state metric value.
In the above solution, the determining, from the at least one path to be selected, a path with a security state meeting a preset condition, as the target path includes:
Selecting a target path from paths of which the safety state meets preset conditions according to at least one of the following requirements:
each target path passes through a trusted node and/or a general node;
any two label paths pass through different general nodes;
any two label paths pass through the same or different trusted nodes.
In the above scheme, splitting the first key to be sent to obtain at least one split message includes:
splitting the first key by using a preset splitting strategy to obtain at least one splitting message;
the preset splitting strategy comprises at least one of the following steps:
the total number of split messages is a preset first number;
any preset second number of split messages in the preset first number of split messages meet a preset polynomial of a finite field.
In the above scheme, the number of the target paths is at least two; the number of split messages is at least two;
transmitting at least two split messages over at least two of the target paths, comprising:
grouping the at least two split messages to obtain a preset third number of split message groups; the split message group includes at least one split message;
And sending the preset third number of split message groups through the at least two target paths.
The embodiment of the invention provides a key processing method, which is applied to a second terminal; the method comprises the following steps:
receiving at least one split message through at least one target path;
and determining a first key by using a preset data processing method according to the at least one split message.
In the above scheme, the determining the first key according to the at least one split message by using a preset data processing method includes:
randomly selecting at least one target split message set from the at least one split message; the target split message set includes: presetting a second number of split messages;
according to each target split message set in the at least one target split message set, calculating according to a polynomial of a preset finite field to obtain at least one key to be selected;
and comparing the at least one key to be selected, and determining a first key according to a comparison result.
The embodiment of the invention provides a key transmission device, which comprises: the device comprises a first processing module, a second processing module and a first communication module; wherein,,
The first processing module is used for determining at least one target path;
the second processing module is used for splitting the first key to be sent to obtain at least one split message;
the first communication module is configured to send the at least one split message through the at least one target path; the at least one split message is received by the second terminal and the first key is determined by the second terminal from the at least one split message.
In the above solution, the first processing module is specifically configured to determine at least one path to be selected and a security state metric value of each path to be selected in the at least one path to be selected;
and selecting a path with the safety state meeting preset conditions from the at least one path to be selected as a target path according to the safety state metric value.
In the above solution, the first processing module is configured to select a target path from paths in which the security state meets a preset condition according to at least one of the following requirements:
each target path passes through a trusted node and/or a general node;
any two label paths pass through different general nodes;
any two label paths pass through the same or different trusted nodes.
In the above scheme, the second processing module is configured to split the first key by using a preset splitting policy to obtain at least one split message;
the preset splitting strategy comprises at least one of the following steps:
the total number of split messages is a preset first number;
any preset second number of split messages in the preset first number of split messages meet a preset polynomial of a finite field.
In the above scheme, the number of the target paths is at least two; the number of split messages is at least two;
the second processing module is configured to group the at least two split messages to obtain a preset third number of split message groups; the split message group includes at least one split message;
and sending the preset third number of split message groups through the at least two target paths.
The embodiment of the invention provides a key transmission device, which comprises: the second communication module and the third processing module; wherein,,
the second communication module is used for receiving at least one split message through at least one target path;
the third processing module is configured to determine, according to the at least one split message, a first key by using a preset data processing method.
In the above solution, the third processing module is configured to randomly select at least one target split message set from the at least one split message; the target split message set includes: presetting a second number of split messages;
according to each target split message set in the at least one target split message set, calculating according to a polynomial of a preset finite field to obtain at least one key to be selected;
and comparing the at least one key to be selected, and determining a first key according to a comparison result.
The embodiment of the invention provides a key processing device, which comprises a memory, a processor and a computer program stored on the memory and capable of running on the processor, wherein the processor realizes the steps of the key processing method at a first terminal side when executing the program; or,
the processor implements the steps of the key processing method on the second terminal side when executing the program.
The embodiment of the invention also provides a computer readable storage medium, on which a computer program is stored, which when being executed by a processor, implements the steps of the key processing method of the first terminal side; or,
The computer program when executed by a processor implements the steps of the key processing method at the second terminal side.
The key processing method, the device and the storage medium provided by the embodiment of the invention determine at least one target path; splitting a first key to be sent to obtain at least one split message; transmitting the at least one split message through the at least one target path; the at least one split message is received by a second terminal and the first key is determined by the second terminal from the at least one split message; therefore, the split information is transmitted after the secret key is split, so that the attack difficulty is increased, and the security of secret key transmission is improved; in addition, the first secret key can be determined only according to at least one split message, so that the fault tolerance of secret key transmission is improved;
correspondingly, another key processing method, device and storage medium provided by the embodiment of the invention receive at least one split message through at least one target path; determining a first key by using a preset data processing method according to the at least one split message; thus, the first key can be determined through the received at least one split message, and the fault tolerance of key transmission is improved.
Drawings
FIG. 1 is a schematic diagram of a conventional quantum secret communication system;
fig. 2 is a schematic diagram of a prior art method of improving internet protocol security (IPSec, internet Protocol Security) in combination with quantum key distribution;
FIG. 3 is a schematic diagram of a conventional relay method for remote quantum secret communication;
FIG. 4 is a schematic diagram of the method of FIG. 3;
FIG. 5 is a schematic diagram of a prior art quantum key distribution system based on trusted relay;
FIG. 6 is a schematic diagram of a prior art quantum key distribution method;
FIG. 7 is a schematic diagram of a prior art end-to-end secure quantum key distribution method that does not rely on trusted relays;
fig. 8 is a schematic flow chart of a key processing method according to an embodiment of the present invention;
fig. 9 is a flowchart of another key processing method according to an embodiment of the present invention;
fig. 10 is a flowchart of another key processing method according to an embodiment of the present invention
Fig. 11 is a schematic structural diagram of a key processing device according to an embodiment of the present invention;
fig. 12 is a schematic structural diagram of another key processing device according to an embodiment of the present invention;
fig. 13 is a schematic structural diagram of another key processing device according to an embodiment of the present invention.
Detailed Description
The related art of quantum secure communications will be described before the present invention will be described in further detail with reference to the examples.
FIG. 1 is a schematic diagram of a conventional quantum secret communication system; as shown in fig. 1, in the quantum secret communication system, a quantum network and a corresponding quantum receiving and transmitting device (including a quantum key sending end and a quantum key receiving end) are used between two communication parties to carry out negotiation and distribution of a quantum key, and a transmission distance for session key distribution can be prolonged by utilizing a trusted quantum relay. The ideal security of session key distribution can be ensured through quantum key distribution. After the two parties of communication complete the distribution of the session key, the quantum key sending end and the quantum key receiving end respectively encrypt and decrypt the data to be transmitted by using the same session key, and transmit the encrypted data by using the traditional network, thereby realizing the safe and secret communication of the two parties of communication. Here, quantum key distribution based on quantum network is a key step of the operation of the quantum secret communication system, and it is also a very important problem to promote the security of the process. Existing solutions can be largely divided into four categories, including:
First category: realizing the distribution of the session key by combining a key distribution method based on a quantum network with a traditional key distribution method; for example, one method of improving IPSec security in combination with internet protocol security is illustrated in fig. 2, and in particular: IPSec security is improved by using quantum keys generated by quantum key distribution in combination with conventional keys generated by internet key exchange protocol (IKE) in IPSec by some combination (e.g., exclusive or, etc.) to generate the final session key (i.e., key set i, key set i+1, etc. in fig. 2).
The scheme is only suitable for classical IPSec protocols, has no wide applicability, and has no long-term security and usability because the security of the IPSec IKE protocol is mainly based on the traditional public key encryption system.
The second category: the long-distance session key distribution is realized by introducing a scheme of trusted relay in the quantum network; for example: a relay method of remote quantum secret communication shown in fig. 3, specifically: the two user terminals (namely Alice and Bob) linked by the quantum network and the high-speed optical module channels are provided with at least one relay station on the link, the relay station adopts the quantum network to firstly generate a corresponding root key, then the root key is utilized to carry out the section-by-section encryption transmission on the session keys transmitted by the two communication parties, and the relay station is used for carrying out connection and integration by a plurality of point-to-point key distribution, thereby realizing the quantum secret communication with ultra-long distance. The basic principle is as shown in fig. 4, the relay node generates and shares the corresponding root key Ki in a segmented way between (Alice, B1, A1, …, bi, ai, … an+1, bob) through the quantum network, and the root key Ki is utilized to carry out the encryption transmission on the session keys of Alice and Bob segment by segment. Where Bi represents the ith Bob and Ai represents the ith Alice.
The above scheme requires that the relay node must be completely trusted, otherwise, an attacker can easily acquire the session key and further steal the communication data of both parties of the session.
Third category: by introducing a session key distribution manner based on multiple paths in the quantum network, for example: a quantum key distribution system based on trusted relay as shown in fig. 5, in particular, the system may comprise: a quantum key distribution device, a routing device for relaying keys and forwarding encrypted data, and a data device; each quantum key distribution device is connected with at least one routing device, each quantum key distribution device is connected with at least one data device, and the routing devices are connected with each other to form a mesh topology; the quantum key distribution device is used for carrying out key negotiation with the opposite-end quantum key distribution device by adopting two or more different paths, determining whether the shared key obtained by negotiation needs to be combined by adopting a preset strategy, and executing corresponding combining operation when needed.
The above scheme relies on the selected path for transmission in the actual transmission process, if there is an untrusted node in the path, the transmission security will be destroyed, and in addition, it cannot provide sufficient transmission redundancy and error correction, and cannot guarantee high availability.
The third type of scheme may also be a quantum key distribution method shown in fig. 6, where a transmitting end (i.e., alice) pre-processes original session key information, splits the original session key information into a plurality of sub-session key information, and transmits the sub-session key information through a plurality of disjoint paths, and a receiving end (i.e., bob) receives the sub-session key information and recovers the original session key information from the sub-session key information. The path selection method of the scheme does not consider the state information of different paths, meanwhile, the selected paths are required to be absolutely disjoint, and the method is difficult to meet in an actual scene and has low applicability.
Fourth category: the session key is preprocessed and post-processed by presetting the key, for example: a method of quantum key distribution independent of trusted relay end-to-end security, shown in fig. 7, is specifically: before the session key is transmitted through the quantum relay network, the session key Ks is encoded through a preset key K of communication opposite ends Alice and Bob, a temporary key Kt is generated, the temporary key Kt is transmitted to a receiver through the quantum relay network, and finally the receiver uses the key K to reversely encode the Kt so as to obtain the session key Ks.
The scheme can solve the problem that the relay node is not trusted, but depends on the preset initial key at the opposite communication end and excessively depends on the initial configuration, and the processes of updating, managing and the like of the initial key are complicated and difficult, and a quick and effective updating and managing mechanism is lacked.
Based on the above-mentioned problems, according to the solution provided by the embodiments of the present invention, a first terminal determines at least one target path; splitting a first key to be sent to obtain at least one split message; transmitting the at least one split message through the at least one target path; wherein the at least one split message is received by a second terminal and the first key is determined by the second terminal from the at least one split message; correspondingly, the second terminal receives at least one split message through at least one target path; and determining a first key by using a preset data processing method according to the at least one split message.
The present invention will be described in further detail with reference to examples.
Fig. 8 is a schematic flow chart of a key processing method according to an embodiment of the present invention; as shown in fig. 8, the key processing method is applied to a first terminal (such as Alice described above); the method comprises the following steps:
Step 801, determining at least one target path;
step 802, splitting a first key to be sent to obtain at least one split message;
step 803, sending the at least one split message through the at least one target path;
wherein the at least one split message is received by the second terminal and the first key is determined by the second terminal from the at least one split message.
In an embodiment, the determining at least one target path includes:
determining at least one path to be selected and a security state metric value of each path to be selected in the at least one path to be selected;
and selecting a path with the safety state meeting preset conditions from the at least one path to be selected as a target path according to the safety state metric value.
Here, the security state measurement value is introduced as a measure of the path security state to evaluate the security states of links of different paths, so that a relatively secure path can be selected for transmission, thereby improving the security of key distribution.
Specifically, the security state metric value can be obtained from a network management system (Network Management System), and the network management system is a system for adjusting the network state by combining software and hardware, so that the network system can be ensured to operate normally and efficiently, resources in a network can be better utilized, and the network management system is a set for realizing various network management functions on the basis of a network management platform.
Specifically, the determining, from the at least one path to be selected, a path with a safety state meeting a preset condition as a target path includes:
selecting a target path from paths of which the safety state meets preset conditions according to at least one of the following requirements:
each target path passes through a trusted node and/or a general node;
any two label paths pass through different general nodes;
any two label paths pass through the same or different trusted nodes.
Specifically, the settings of the trusted node and the general node may be set and saved in advance by a developer according to the security of the node;
for example, assuming that a certain node is a machine room, security is general, it may be considered as a general node; and one node is a backbone machine room, so that the security is high, and the node can be generally considered as a trusted node.
The above is merely an example of a trusted node and a general node, and a specific setting manner is not limited.
Here, by allowing multiple disjoint paths to share the same trusted node (i.e., any two target paths pass through the same or different trusted nodes), the applicability of the quantum key distribution system in an actual deployment environment can be improved, and the transmission distance of the quantum key distribution system can be effectively prolonged.
Here, the quantum key distribution system includes: a first terminal (which may be understood as a transmitting end), a second terminal (which may be understood as a receiving end), and a communication link between the first terminal and the second terminal, which may comprise at least one generic node, at least one trusted node.
Here, by the method for selecting the target path from the paths with the security state meeting the preset conditions, multiple target paths can be randomly selected from a group of relatively better paths to send the split message, so that the dynamic performance of the quantum key distribution system can be improved, the attack difficulty for network attackers is increased, and the security of the split message is improved.
In an embodiment, the splitting the first key to be sent to obtain at least one split message includes:
splitting the first key by using a preset splitting strategy to obtain at least one splitting message;
the preset splitting strategy comprises at least one of the following steps:
the total number of split messages is a preset first number;
any preset second number of split messages in the preset first number of split messages meet a preset polynomial of a finite field.
Here, the splitting policy is set in advance by a developer; the splitting policy is predetermined and stored by both the first terminal (specifically, the transmitting terminal) and the receiving terminal (denoted as the second terminal).
The following examples are provided for the split policy.
Assuming the split policy is F, the first key is K i For K i After splitting, K is obtained ij (i=1,2,…,s;j=1,2,3,…,n),K ij Representing the key K by splitting the policy i The j-th splitting information obtained after splitting, namely K ij =F(j,K i )。
Wherein F is j, K i As input, and satisfy:
given a specific j, K i Value (i.e. total number of split messages and first key determined), K ij The value of (2) can be uniquely determined by calculating F;
given any number not less than t groups active (j, K ij ) Can uniquely solve for K i Is a value of (2);
given that no more than t-1 groups are active (j, K) ij ),K i The value of (2) cannot be determined.
For example, F may be embodied by a finite field polynomial, such as:
K ij =F(j,K i )=B t-1 j t-1 +B t-2 j t-2 +…+B 2 j 2 +B 1 j+K i ;j=1,2,3,…,n
the splitting strategy described above is further described.
In determining the total number j of split messages, the first key K i In the case of (a), each split message K can be uniquely determined ij ;
In determining that any of not less than t groups are valid (j, K ij ) In the case of (A), i.e., equivalent to obtaining not less than t of the information (B t-1 ,B t-2 ,…,B 2 ,B 1 ,K i ) The equations are linearly related, and the value of Ki can be uniquely solved, namely, a first secret key is determined;
in determining that no more than any of groups t-1 are active (j, K ij ) In the case of (B), i.e., equivalent to obtaining not more than t-1 of the information (B t-1 ,B t-2 ,…,B 2 ,B 1 ,K i ) And the equations are linearly independent, i.e. the resulting system of equations is underdetermined, K i The value of (2) may be any element of the value range and thus cannot be uniquely determined.
In an embodiment, the number of target paths is at least two; the number of split messages is at least two;
transmitting at least two split messages over at least two of the target paths, comprising:
grouping the at least two split messages to obtain a preset third number of split message groups; the split message group includes at least one split message;
and sending the preset third number of split message groups through the at least two target paths.
Specifically, the at least two target paths include: path one, path two, path three; the at least two split messages include: splitting a first message, splitting a second message, splitting a third message, splitting a fourth message, and splitting a fifth message;
Grouping the split message I, the split message II, the split message III, the split message IV and the split message V to obtain a first split message group (comprising the split message I), a second split message group (comprising the split message II and the split message III) and a third split message group (comprising the split message IV and the split message V);
the sending the preset third number of split message groups through the at least two target paths includes:
the first split message group is sent by path one, the second split message group is sent by path two, the third split message group is sent by path three, or,
the first split message group and the second split message group can be sent by the path I, and the path II sends the third split message group;
the above is merely provided as an example, and may be transmitted in other manners, without limitation.
The scheme partially solves the problem that the traditional quantum secret communication is excessively dependent on the security of the trusted relay, namely, if at least one path is completely trusted, the key transmission security during quantum key distribution can be ensured.
In addition, the above scheme can ensure the accuracy, availability and fault tolerance of the quantum network by transmitting split messages through multiple paths, and the first key can be completely recovered through the fault tolerance mechanism of the embodiment of the invention even if a few paths in the multiple paths have transmission errors or line breaks. The fault-tolerant mechanism is to split the first key to obtain a plurality of split messages; and obtaining the first secret key by using a polynomial of a finite field through any preset second number of split messages in the plurality of split messages. Thus, even if there is an error in splitting the message, the final result is not affected.
Therefore, the scheme of the embodiment of the invention has wide applicability without depending on a specific communication protocol or algorithm, and can meet long-term safety and usability. In addition, no private information needs to be preset at the opposite communication end, and portable management and configuration can be realized.
Fig. 9 is a flowchart of another key processing method according to an embodiment of the present invention; as shown in fig. 9, the key processing method is applied to the second terminal; the method comprises the following steps:
step 901, receiving at least one split message through at least one target path;
step 902, determining a first key by using a preset data processing method according to the at least one split message.
In an embodiment, the determining the first key according to the at least one split message by using a preset data processing method includes:
randomly selecting at least one target split message set from the at least one split message; the target split message set includes: presetting a second number of split messages;
according to each target split message set in the at least one target split message set, calculating according to a polynomial of a preset finite field to obtain at least one key to be selected;
And comparing the at least one key to be selected, and determining a first key according to a comparison result.
Here, the polynomial of the finite field is preset by a developer and stored in the second terminal.
It should be noted that, the preset data processing method is related to a preset splitting policy in the method shown in fig. 8; that is, the finite field polynomial used in the splitting policy is the same as the finite field polynomial used in the preset data processing method. The polynomial of the finite field may refer to the polynomial in the method shown in fig. 8, and is not limited herein.
When the method is applied, the second terminal can calculate the corresponding secret key by using the polynomial of the finite field according to any preset second number of split messages;
and calculating a plurality of keys through a plurality of target split message sets, selecting the key with the largest calculated number, and determining the key as a first key.
It should be noted that, the finite field polynomial used in the above-mentioned splitting policy and data processing method is only an example, and other formulas may be adopted in practical application, which only need to satisfy:
the total number of split messages is a preset first number;
Any preset second number of split messages in the preset first number of split messages meet a preset formula;
therefore, the method provided by the embodiment of the invention can be adopted to process the secret key.
An application example is provided below. Specifically, the sender (denoted Alice, corresponding to the first terminal) needs to send the session key K 1 、K 2 、K 3 、…、K s Transmitting to the opposite terminal (Bob, corresponding to the second terminal); for each key K i The method provided by the embodiment of the invention is adopted for key processing.
Fig. 10 is a flowchart of another key processing method according to an embodiment of the present invention; as shown in fig. 10, the method includes:
step 1001, alice (i.e. the transmitting end is equivalent to the first terminal) pre-processes a first key to be transmitted;
specifically, the preprocessing method (such as a splitting strategy) is denoted by F, and K ij (i=1, 2, …, s; j=1, 2,3, …, n) denotes the pair of first keys K by F i The j-th splitting information obtained after splitting, namely
K ij =F(j,K i )。
Wherein F is j, K i As input (said F, j, K i Determined), satisfy:
given a specific j, K i Value, K ij The value of (2) can be uniquely determined by calculating F;
given any number not less than t groups active (j, K ij ) Can uniquely solve for K i Is a value of (2);
given that no more than t-1 groups are active (j, K) ij ),K i The value of (2) cannot be determined.
For example, F may be embodied by a finite field polynomial, namely:
K ij =F(j,K i )=B t-1 j t-1 +B t-2 j t-2 +…+B 2 j 2 +B 1 j+K i the method comprises the steps of carrying out a first treatment on the surface of the j=1, 2,3, …, n; wherein K is i Representing the original first key, B t-1 ,B t-2 ,…,B 2 ,B 1 All are constant term coefficients;
for the three requirements above, it can be seen that:
given a particular input j, K i Then K is ij Uniquely determining the value of (2);
given any number not less than t groups active (j, K ij ) That is, it is equivalent to obtaining not less than t pieces of information (B t-1 ,B t-2 ,…,B 2 ,B 1 ,K i ) And the equations are linearly related, can be uniquely solved to obtain K i Is a value of (2);
given that no more than any of the t-1 groups are active (j, K ij ) I.e. equivalent to obtaining no more than t-1 references (B t-1 ,B t-2 ,…,B 2 ,B 1 ,K i ) And the equations are linearly independent, i.e. the resulting system of equations is underdetermined, K i The value of (2) may be any element of the value range and thus cannot be uniquely determined.
That is, by according to K i T split messages obtained by splitting can determine the key K by using a preset polynomial of a finite field i 。
Step 1002, alice determines a security state metric value of at least one path, and determines a target path set according to the security state metric value of the at least one path;
Specifically, the step 1002 includes:
step 0021, alice obtains all or more alternative paths that can connect Bob; respectively denoted as path 1, path 2, …, path L;
step 0022, for each acquired path, alice performs security status measurement on the L paths according to network monitoring and operation status data (which may be specifically determined by the network management system), and records the security of each pathA full state metric; respectively marked as R 1 、R 2 、R 3 、…、R L ;
Step 0023, alice selects a set containing M available paths from the L paths according to the security state metric values of the paths, to obtain a target path set, where the target path set includes: target path 1, target paths 2, …, target path M.
Here, when selecting a set of M available paths, it may be selected by combining other indexes such as path congestion and delay, that is, priority security (specifically referring to security state metric value), and then combining indexes such as path congestion and delay. Other indicators of path congestion, delay, etc. may be obtained from the network management system.
The L paths are specifically 10 paths, the security state metrics of the 10 paths exceed a preset threshold (namely, meet the security requirement), and 5 paths with no congestion and low delay are selected from the L paths by combining other indexes such as path congestion and delay and serve as the target path set.
Step 1003, alice transmits splitting information according to each path in the target path set.
Specifically, the step 1003 includes:
step 0031, determining the key K based on the required transmission 1 Split information K after splitting ij (j=1, 2,3, …, n) dividing the split information into m disjoint sets;
here, the m disjoint sets may be described as: k (K) 1 {A 1 },K 1 {A 2 },K 1 {A 3 },…,K 1 {A m And satisfy A 1 +A 2 +…+A m =n, and a 1 ,A 2 ,A 3 ,…,A m >0,m<M;
Step 0032, according to M different paths in the target path set, selecting different M target paths randomly, and transmitting the M disjoint sets through the M target paths respectively, namely transmitting a set of split messages for each target path.
Step 0033, for the remaining key K to be transmitted 2 、K 3 、…、K s Steps 0031, 0032 are repeated to effect the transmission.
It should be noted that for each K i (i=1, 2, …, s) the m paths can be selected in different ways, which can further promote the dynamics and unpredictability of the key distribution process.
Step 1004, bob (i.e. the receiving end, which is equivalent to the second terminal) receives the split message and determines the first key according to the split message.
Specifically, the step 1004 includes:
Step 0041, bob receives the split information sent by Alice, namely K ij (i=1,2,…,s;j=1,2,3,…,n);
Step 0042 for K 1 Bob randomly selects t split messages K from n split messages 1,j1 ,K 1,j2 ,…,K 1,jt And get K i,ji =F(ji,K 1 ) (i=1, 2,3, …, t), solving an equation comprising t equations, gives K 1 Is a value of (a);
step 0043, randomly selecting different t split messages from the n split messages according to different modes, repeating 0042 and solving equation to obtain the key K 1 Is a plurality of values of (a);
step 0044, bob slave-directed to key K 1 K having the largest number of occurrences is selected from among a plurality of values of (2) 1 Take the value of the key K initially sent by Alice 1 I.e. determining the first key;
step 0045 for residual Key K 2 、K 3 、…、K s Repeating steps 0042, 0043, 0044 to obtain the key K initially transmitted by Alice 2 、K 3 、…、K s 。
Based on the method provided by the embodiment of the invention, even though errors, data loss and other anomalies may occur in the transmission process, a small amount of such errors do not affect the final determination result, i.e. the correct operation of the method of the embodiment of the invention is not affected.
Fig. 11 is a schematic structural diagram of a key processing device according to an embodiment of the present invention; as shown in fig. 11, the key processing apparatus includes: the device comprises a first processing module, a second processing module and a first communication module; wherein,,
The first processing module is used for determining at least one target path;
the second processing module is used for splitting the first key to be sent to obtain at least one split message;
the first communication module is configured to send the at least one split message through the at least one target path; the at least one split message is received by the second terminal and the first key is determined by the second terminal from the at least one split message.
The first processing module is specifically configured to determine at least one path to be selected and a security state metric value of each path to be selected in the at least one path to be selected;
and selecting a path with the safety state meeting preset conditions from the at least one path to be selected as a target path according to the safety state metric value.
Specifically, the first processing module is configured to select a target path from paths in which the safety state meets a preset condition according to at least one of the following requirements:
each target path passes through a trusted node and/or a general node;
any two label paths pass through different general nodes;
any two label paths pass through the same or different trusted nodes.
Specifically, the second processing module is configured to split the first key by applying a preset splitting policy to obtain at least one splitting message;
the preset splitting strategy comprises at least one of the following steps:
the total number of split messages is a preset first number;
any preset second number of split messages in the preset first number of split messages meet a preset polynomial of a finite field.
Specifically, the number of the target paths is at least two; the number of split messages is at least two;
the second processing module is configured to group the at least two split messages to obtain a preset third number of split message groups; the split message group includes at least one split message;
and sending the preset third number of split message groups through the at least two target paths.
It should be noted that: the key processing device provided in the above embodiment only uses the division of each program module to illustrate when implementing the corresponding key processing method, and in practical application, the processing allocation may be completed by different program modules according to needs, that is, the internal structure of the server is divided into different program modules to complete all or part of the processing described above. In addition, the apparatus provided in the foregoing embodiments and the embodiments of the corresponding methods belong to the same concept, and specific implementation processes of the apparatus and the embodiments of the methods are detailed in the method embodiments, which are not described herein again.
Fig. 12 is a schematic structural diagram of another key processing device according to an embodiment of the present invention; as shown in fig. 12, the key processing apparatus includes: the second communication module and the third processing module; wherein,,
the second communication module is used for receiving at least one split message through at least one target path;
the third processing module is configured to determine, according to the at least one split message, a first key by using a preset data processing method.
Specifically, the third processing module is configured to randomly select at least one target split message set from the at least one split message; the target split message set includes: presetting a second number of split messages;
according to each target split message set in the at least one target split message set, calculating according to a polynomial of a preset finite field to obtain at least one key to be selected;
and comparing the at least one key to be selected, and determining a first key according to a comparison result.
It should be noted that: the key processing device provided in the above embodiment only uses the division of each program module to illustrate when implementing the corresponding key processing method, and in practical application, the processing allocation may be completed by different program modules according to needs, that is, the internal structure of the server is divided into different program modules to complete all or part of the processing described above. In addition, the apparatus provided in the foregoing embodiments and the embodiments of the corresponding methods belong to the same concept, and specific implementation processes of the apparatus and the embodiments of the methods are detailed in the method embodiments, which are not described herein again.
Fig. 13 is a schematic structural diagram of a key processing device according to an embodiment of the present invention; as shown in fig. 13, the apparatus 130 includes: a processor 1301 and a memory 1302 for storing a computer program capable of running on the processor; wherein,,
when the apparatus is applied to a first terminal, the processor 1301 is configured to execute, when executing the computer program: determining at least one target path; splitting a first key to be sent to obtain at least one split message; transmitting the at least one split message through the at least one target path; the at least one split message is received by the second terminal and the first key is determined by the second terminal from the at least one split message.
In one embodiment, the processor 1301 is configured to execute, when executing the computer program: determining at least one path to be selected and a security state metric value of each path to be selected in the at least one path to be selected; and selecting a path with the safety state meeting preset conditions from the at least one path to be selected as a target path according to the safety state metric value.
In one embodiment, the processor 1301 is configured to execute, when executing the computer program: selecting a target path from paths of which the safety state meets preset conditions according to at least one of the following requirements:
Each target path passes through a trusted node and/or a general node;
any two label paths pass through different general nodes;
any two label paths pass through the same or different trusted nodes.
In one embodiment, the processor 1301 is configured to execute, when executing the computer program: splitting the first key by using a preset splitting strategy to obtain at least one splitting message;
the preset splitting strategy comprises at least one of the following steps:
the total number of split messages is a preset first number;
any preset second number of split messages in the preset first number of split messages meet a preset polynomial of a finite field.
In one embodiment, the processor 1301 is configured to execute, when executing the computer program: grouping the at least two split messages to obtain a preset third number of split message groups; the split message group includes at least one split message; and sending the preset third number of split message groups through the at least two target paths.
Specifically, the above-mentioned apparatus specifically executes the method shown in fig. 8, which belongs to the same concept as the key processing method embodiment shown in fig. 8, and the specific implementation process is detailed in the method embodiment, which is not described herein again.
When the apparatus is applied to a second terminal, the processor 1301 is configured to execute, when executing the computer program: receiving at least one split message through at least one target path; and determining a first key by using a preset data processing method according to the at least one split message.
In one embodiment, the processor 1301 is configured to execute, when executing the computer program: randomly selecting at least one target split message set from the at least one split message; the target split message set includes: presetting a second number of split messages; according to each target split message set in the at least one target split message set, calculating according to a polynomial of a preset finite field to obtain at least one key to be selected; and comparing the at least one key to be selected, and determining a first key according to a comparison result.
Specifically, the apparatus specifically performs the method shown in fig. 13, which belongs to the same concept as the key processing method embodiment shown in fig. 13, and the specific implementation process of the apparatus is detailed in the method embodiment, which is not described herein again.
In practical applications, the apparatus 130 may further include: at least one network interface 1303. The various components in key processing device 130 are coupled together by a bus system 1304. It is appreciated that the bus system 1304 is used to facilitate connected communications between the components. The bus system 1304 includes a power bus, a control bus, and a status signal bus in addition to a data bus. But for clarity of illustration, the various buses are labeled as bus system 1304 in fig. 13. The number of the processors 1301 may be at least one. The network interface 1303 is used for wired or wireless communication between the key processing apparatus 130 and other devices.
The memory 1302 in embodiments of the present invention is used to store various types of data to support the operation of the key processing device 130.
The method disclosed in the above embodiment of the present invention may be applied to the processor 1301 or implemented by the processor 1301. Processor 1301 may be an integrated circuit chip with signal processing capabilities. In implementation, the steps of the method described above may be performed by integrated logic circuitry in hardware in processor 1301 or instructions in software. The Processor 1301 may be a general purpose Processor, a DiGital Signal Processor (DSP), or other programmable logic device, discrete gate or transistor logic device, discrete hardware components, or the like. Processor 1301 may implement or perform the methods, steps, and logic blocks disclosed in embodiments of the present invention. The general purpose processor may be a microprocessor or any conventional processor or the like. The steps of the method disclosed in the embodiment of the invention can be directly embodied in the hardware of the decoding processor or can be implemented by combining hardware and software modules in the decoding processor. The software modules may be located in a storage medium in the memory 1302 and the processor 1301 reads information in the memory 1302, performing the steps of the method described above in connection with its hardware.
In an exemplary embodiment, the key processing device 130 may be implemented by one or more application specific integrated circuits (ASIC, application Specific Integrated Circuit), DSPs, programmable logic devices (PLD, programmable Logic Device), complex programmable logic devices (CPLD, complex Programmable Logic Device), field-programmable gate arrays (FPGA, field-Programmable Gate Array), general purpose processors, controllers, microcontrollers (MCU, micro Controller Unit), microprocessors (Microprocessor), or other electronic components for performing the aforementioned methods.
The embodiment of the invention also provides a computer readable storage medium, on which a computer program is stored;
the computer readable storage medium, when applied to a first terminal, performs: determining at least one target path; splitting a first key to be sent to obtain at least one split message; transmitting the at least one split message through the at least one target path; the at least one split message is received by the second terminal and the first key is determined by the second terminal from the at least one split message.
In one embodiment, the computer program, when executed by a processor, performs: determining at least one path to be selected and a security state metric value of each path to be selected in the at least one path to be selected; and selecting a path with the safety state meeting preset conditions from the at least one path to be selected as a target path according to the safety state metric value.
In one embodiment, the computer program, when executed by a processor, performs: selecting a target path from paths of which the safety state meets preset conditions according to at least one of the following requirements:
each target path passes through a trusted node and/or a general node;
any two label paths pass through different general nodes;
any two label paths pass through the same or different trusted nodes.
In one embodiment, the computer program, when executed by a processor, performs: splitting the first key by using a preset splitting strategy to obtain at least one splitting message;
the preset splitting strategy comprises at least one of the following steps:
the total number of split messages is a preset first number;
any preset second number of split messages in the preset first number of split messages meet a preset polynomial of a finite field.
In one embodiment, the computer program, when executed by a processor, performs: grouping the at least two split messages to obtain a preset third number of split message groups; the split message group includes at least one split message; and sending the preset third number of split message groups through the at least two target paths.
The computer readable storage medium, when applied to a second terminal, performs: receiving at least one split message through at least one target path; and determining a first key by using a preset data processing method according to the at least one split message.
In one embodiment, the computer program, when executed by a processor, performs: randomly selecting at least one target split message set from the at least one split message; the target split message set includes: presetting a second number of split messages; according to each target split message set in the at least one target split message set, calculating according to a polynomial of a preset finite field to obtain at least one key to be selected; and comparing the at least one key to be selected, and determining a first key according to a comparison result.
In the several embodiments provided in this application, it should be understood that the disclosed apparatus and method may be implemented in other ways. The above described device embodiments are only illustrative, e.g. the division of the units is only one logical function division, and there may be other divisions in practice, such as: multiple units or components may be combined or may be integrated into another system, or some features may be omitted, or not performed. In addition, the various components shown or discussed may be coupled or directly coupled or communicatively coupled to each other via some interface, whether indirectly coupled or communicatively coupled to devices or units, whether electrically, mechanically, or otherwise.
The units described as separate units may or may not be physically separate, and units displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units; some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
In addition, each functional unit in each embodiment of the present invention may be integrated in one processing unit, or each unit may be separately used as one unit, or two or more units may be integrated in one unit; the integrated units may be implemented in hardware or in hardware plus software functional units.
Those of ordinary skill in the art will appreciate that: all or part of the steps for implementing the above method embodiments may be implemented by hardware associated with program instructions, where the foregoing program may be stored in a computer readable storage medium, and when executed, the program performs steps including the above method embodiments; and the aforementioned storage medium includes: a mobile storage device, a Read-Only Memory (ROM), a random access Memory (RAM, random Access Memory), a magnetic disk or an optical disk, or the like, which can store program codes.
Alternatively, the above-described integrated units of the present invention may be stored in a computer-readable storage medium if implemented in the form of software functional modules and sold or used as separate products. Based on such understanding, the technical solutions of the embodiments of the present invention may be embodied in essence or a part contributing to the prior art in the form of a software product stored in a storage medium, including several instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to execute all or part of the methods described in the embodiments of the present invention. And the aforementioned storage medium includes: a removable storage device, ROM, RAM, magnetic or optical disk, or other medium capable of storing program code.
The foregoing is merely illustrative of the present invention, and the present invention is not limited thereto, and any person skilled in the art will readily recognize that variations or substitutions are within the scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.
Claims (14)
1. A key processing method, characterized in that the method is applied to a first terminal; the method comprises the following steps:
determining at least one target path;
splitting a first key to be sent to obtain at least one split message;
transmitting the at least one split message through the at least one target path; the at least one split message is received by a second terminal and the first key is determined by the second terminal from the at least one split message;
wherein said determining at least one target path comprises:
determining at least one path to be selected and a security state metric value of each path to be selected in the at least one path to be selected;
and selecting a path with the safety state meeting preset conditions from the at least one path to be selected as a target path according to the safety state metric value.
2. The method according to claim 1, wherein the determining, from the at least one path to be selected, a path whose safety state meets a preset condition as a target path includes:
selecting a target path from paths of which the safety state meets preset conditions according to at least one of the following requirements:
each target path passes through a trusted node and/or a general node;
any two label paths pass through different general nodes;
any two label paths pass through the same or different trusted nodes.
3. The method of claim 1, wherein splitting the first key to be sent to obtain at least one split message comprises:
splitting the first key by using a preset splitting strategy to obtain at least one splitting message;
the preset splitting strategy comprises at least one of the following steps:
the total number of split messages is a preset first number;
any preset second number of split messages in the preset first number of split messages meet a preset polynomial of a finite field.
4. The method of claim 1, wherein the number of target paths is at least two; the number of split messages is at least two;
Transmitting at least two split messages over at least two of the target paths, comprising:
grouping the at least two split messages to obtain a preset third number of split message groups; the split message group includes at least one split message;
and sending the preset third number of split message groups through the at least two target paths.
5. A key processing method, characterized in that the method is applied to a second terminal; the method comprises the following steps:
receiving at least one split message through at least one target path;
determining a first key by using a preset data processing method according to the at least one split message;
wherein, the target path is: and the first terminal selects a path with the safety state meeting the preset condition from the at least one path to be selected according to the safety state metric value of the at least one path to be selected.
6. The method of claim 5, wherein determining the first key using a predetermined data processing method based on the at least one split message comprises:
randomly selecting at least one target split message set from the at least one split message; the target split message set includes: presetting a second number of split messages;
According to each target split message set in the at least one target split message set, calculating according to a polynomial of a preset finite field to obtain at least one key to be selected;
and comparing the at least one key to be selected, and determining a first key according to a comparison result.
7. A key transmission apparatus, the apparatus comprising: the device comprises a first processing module, a second processing module and a first communication module; wherein,,
the first processing module is used for determining at least one target path;
the second processing module is used for splitting the first key to be sent to obtain at least one split message;
the first communication module is configured to send the at least one split message through the at least one target path; the at least one split message is received by a second terminal and the first key is determined by the second terminal from the at least one split message;
the first processing module is specifically configured to determine at least one path to be selected and a security state metric value of each path to be selected in the at least one path to be selected;
and selecting a path with the safety state meeting preset conditions from the at least one path to be selected as a target path according to the safety state metric value.
8. The apparatus of claim 7, wherein the first processing module is configured to select a target path from paths for which the security state meets a preset condition according to at least one of:
each target path passes through a trusted node and/or a general node;
any two label paths pass through different general nodes;
any two label paths pass through the same or different trusted nodes.
9. The apparatus of claim 7, wherein the second processing module is configured to split the first key using a preset splitting policy to obtain at least one split message;
the preset splitting strategy comprises at least one of the following steps:
the total number of split messages is a preset first number;
any preset second number of split messages in the preset first number of split messages meet a preset polynomial of a finite field.
10. The apparatus of claim 7, wherein the number of target paths is at least two; the number of split messages is at least two;
the second processing module is configured to group the at least two split messages to obtain a preset third number of split message groups; the split message group includes at least one split message;
And sending the preset third number of split message groups through the at least two target paths.
11. A key transmission apparatus, the apparatus comprising: the second communication module and the third processing module; wherein,,
the second communication module is used for receiving at least one split message through at least one target path;
the third processing module is configured to determine, according to the at least one split message, a first key by using a preset data processing method;
wherein, the target path is: and the first terminal selects a path with the safety state meeting the preset condition from the at least one path to be selected according to the safety state metric value of the at least one path to be selected.
12. The apparatus of claim 11, wherein the third processing module is configured to randomly select at least one target split message set from the at least one split message; the target split message set includes: presetting a second number of split messages;
according to each target split message set in the at least one target split message set, calculating according to a polynomial of a preset finite field to obtain at least one key to be selected;
And comparing the at least one key to be selected, and determining a first key according to a comparison result.
13. A key processing device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, characterized in that the processor implements the steps of the method of any one of claims 1 to 4 when the program is executed by the processor; or,
the processor, when executing the program, implements the steps of the method of claim 5 or 6.
14. A computer readable storage medium having stored thereon a computer program, characterized in that the computer program when executed by a processor realizes the steps of the method according to any of claims 1 to 4; or,
which computer program, when being executed by a processor, carries out the steps of the method according to claim 5 or 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010276333.2A CN113517980B (en) | 2020-04-09 | 2020-04-09 | Key processing method, device and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010276333.2A CN113517980B (en) | 2020-04-09 | 2020-04-09 | Key processing method, device and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113517980A CN113517980A (en) | 2021-10-19 |
| CN113517980B true CN113517980B (en) | 2023-07-21 |
Family
ID=78060424
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010276333.2A Active CN113517980B (en) | 2020-04-09 | 2020-04-09 | Key processing method, device and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113517980B (en) |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6885747B1 (en) * | 1997-02-13 | 2005-04-26 | Tec.Sec, Inc. | Cryptographic key split combiner |
| CN106788989B (en) * | 2016-11-30 | 2020-01-21 | 华为技术有限公司 | Method and equipment for establishing secure encrypted channel |
| CN110009346A (en) * | 2019-03-11 | 2019-07-12 | 巍乾全球技术有限责任公司 | For splitting and restoring method, program product, storage medium and the system of key |
| CN110826097A (en) * | 2019-10-29 | 2020-02-21 | 维沃移动通信有限公司 | Data processing method and electronic equipment |
| CN110912703B (en) * | 2019-10-29 | 2022-09-09 | 上海唯链信息科技有限公司 | Network security-based multi-level key management method, device and system |
-
2020
- 2020-04-09 CN CN202010276333.2A patent/CN113517980B/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| CN113517980A (en) | 2021-10-19 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111404672B (en) | Quantum key distribution method and device | |
| US11595196B2 (en) | Quantum key distribution method and device, and storage medium | |
| Salvail et al. | Security of trusted repeater quantum key distribution networks | |
| EP3987711B1 (en) | Authenticated lattice-based key agreement or key encapsulation | |
| CN108111305B (en) | Multi-type quantum terminal compatible converged network access system and method | |
| US20150236852A1 (en) | Quantum key distribution device, quantum key distribution system, and quantum key distribution method | |
| CN110690928B (en) | Quantum relay link virtualization method and device | |
| CN111566990A (en) | Secure key agreement with untrusted devices | |
| CN104660602A (en) | Quantum key transmission control method and system | |
| CN110581763A (en) | Quantum key service block chain network system | |
| CN110011795A (en) | Symmetric group cryptographic key negotiation method based on block chain | |
| Mejri et al. | A new group Diffie-Hellman key generation proposal for secure VANET communications | |
| CN108650085B (en) | Block chain-based group member expansion method, device, equipment and medium | |
| CN111726346B (en) | Data secure transmission method, device and system | |
| CN110365474A (en) | Cryptographic key negotiation method and communication equipment | |
| CN110620660A (en) | Key distribution method for data communication based on block chain | |
| Lou et al. | SPREAD: Improving network security by multipath routing | |
| US20070055870A1 (en) | Process for secure communication over a wireless network, related network and computer program product | |
| CN113517980B (en) | Key processing method, device and storage medium | |
| CN116112458B (en) | Communication method, device, equipment and storage medium | |
| KR20220049208A (en) | Method and apparatus for quantum key distribution | |
| WO2022239129A1 (en) | Key exchange system, device, key exchange method, and program | |
| Hsu et al. | Extremely Lightweight Constant-Round Membership-Authenticated Group Key Establishment for Resource-Constrained Smart Environments toward 5G | |
| Langberg et al. | Network coding multicast key-capacity | |
| Huang et al. | A novel key distribution scheme based on transmission delays |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |