Search

CN-121985330-A - Key generation method, device, apparatus, storage medium, and computer program product

CN121985330ACN 121985330 ACN121985330 ACN 121985330ACN-121985330-A

Abstract

The application discloses a key generation method, a device, equipment, a storage medium and a computer program product, which are used for solving the problems that the generation, rotation and suspension of a key in the conventional key generation scheme often need manual intervention, response is lagged and potential safety hazards are easily introduced due to operation omission. The method comprises the steps of judging a request type corresponding to a key request according to a key request uploaded by a received service load, generating a random key corresponding to the service load according to a natural language instruction in the key request based on a trained text-to-structured query language model when judging that the request type corresponding to the key request is a key request, acquiring a key to be verified carried in the key request when judging that the request type corresponding to the key request is a key verification request, verifying the key to be verified according to a service fingerprint carried in the key request, and returning a key verification result to the service load.

Inventors

  • XUE BAI
  • WU LONG
  • FU JIANBO
  • ZHAI DESHAN
  • YANG MINGTAO

Assignees

  • 中移物联网有限公司
  • 中国移动通信集团有限公司

Dates

Publication Date
20260505
Application Date
20251231

Claims (10)

  1. 1. A key generation method, comprising: Judging a request type corresponding to a key request according to the key request uploaded by a received service load, wherein the key request carries a service fingerprint corresponding to the service load; When judging that the request type corresponding to the key request is a key generation request, generating a random key corresponding to the service load based on a trained text-to-structured query language model according to a natural language instruction in the key request; When judging that the request type corresponding to the key request is a key verification request, acquiring a key to be verified carried in the key request, verifying the key to be verified according to the service fingerprint carried in the key request, and returning a key verification result to the service load.
  2. 2. The method according to claim 1, characterized in that generating the traffic fingerprint comprises in particular: Acquiring operation data corresponding to the service load, wherein the operation data comprises at least one of deployment metadata, a network address and a service identifier; And generating the business fingerprint through a cryptographic hash algorithm according to the operation data.
  3. 3. The method of claim 1, wherein the generating the random key corresponding to the traffic load based on the trained text-to-structured query language model according to natural language instructions in the key request comprises: Generating a key generation query sentence through the text-to-structured query language model according to the natural language instruction and predefined database structure information based on the text-to-structured query language model; executing the key generation query statement, and generating and storing a random key associated with the service load in a database.
  4. 4. The method according to claim 1, wherein the verifying the key to be verified according to the service fingerprint carried in the key request specifically includes: based on the trained text to structured query language model, generating a key query statement corresponding to the service load according to a key to be verified and a service fingerprint carried in the key request; Inquiring a verification key which is stored in a database and corresponds to the service load according to the key inquiry statement; and finishing the key verification of the service load by judging whether the verification key is matched with the key to be verified or not.
  5. 5. The method of claim 1, wherein pre-training the text-to-structured query language model comprises: constructing an initial training sample set according to the acquired structural information of the database and the historical key operation data; preprocessing the initial training sample set to obtain a training sample set; And training the original language model according to the training sample set so that the original language model converts natural language instructions into database operation instructions to obtain the text-to-structured query language model.
  6. 6. The method as recited in claim 1, further comprising: and when judging that the request type corresponding to the key request is other requests, returning a request error response to the business load.
  7. 7. A key generation apparatus, comprising: A request type judging unit, configured to judge a request type corresponding to a received key request uploaded by a service load, where the key request carries a service fingerprint corresponding to the service load; the key generation unit is used for generating a random key corresponding to the service load based on a trained text-to-structured query language model according to a natural language instruction in the key request when judging that the request type corresponding to the key request is a key generation request; And the key verification unit is used for acquiring a key to be verified carried in the key request when judging that the request type corresponding to the key request is the key verification request, verifying the key to be verified according to the service fingerprint carried in the key request, and returning a key verification result to the service load.
  8. 8. A key generation apparatus comprising: processor, and A memory arranged to store computer executable instructions that, when executed, cause the processor to: Judging a request type corresponding to a key request according to the key request uploaded by a received service load, wherein the key request carries a service fingerprint corresponding to the service load; When judging that the request type corresponding to the key request is a key generation request, generating a random key corresponding to the service load based on a trained text-to-structured query language model according to a natural language instruction in the key request; When judging that the request type corresponding to the key request is a key verification request, acquiring a key to be verified carried in the key request, verifying the key to be verified according to the service fingerprint carried in the key request, and returning a key verification result to the service load.
  9. 9. A computer readable storage medium storing one or more programs, which when executed by an electronic device comprising a plurality of application programs, cause the electronic device to perform the key generation method of any of claims 1-6.
  10. 10. A computer program product comprising a computer program which, when executed by a processor, implements the key generation method of any of claims 1-6.

Description

Key generation method, device, apparatus, storage medium, and computer program product Technical Field The present application relates to the field of wireless communications technologies, and in particular, to a key generation method, apparatus, device, storage medium, and computer program product. Background Under the cloud native architecture, the application programs are deployed and run in a containerized and micro-serviced mode, so that the elasticity, expandability and iteration efficiency of the system are remarkably improved. With this, under the cloud native architecture, security management for keys is also becoming more and more complex. However, the key is used as a core element for guaranteeing data encryption, identity authentication and access control, and the security of generation, storage, distribution and rotation of the key is directly related to the security level of the whole cloud primary environment. Currently, the key management schemes common under the cloud native framework mainly rely on the key management mechanism or external centralized configuration service provided by the container orchestration platform itself. For example, in Kubernetes clusters, sensitive information may be stored by a Secret object and saved in base64 encoded form, or a key may be centrally managed in ciphertext form by a configuration center, and each traffic load may locally configure a decryption key and then parse the decryption key. However, the base64 code of Secret does not have encryption semantics, cannot meet strict audit and compliance requirements, and if Pod is granted with too high authority, a Secret key is possibly accessed maliciously, in addition, when an external configuration center is introduced, a service load still needs to pre-embed a decryption Secret key, so that complexity of deployment and maintenance is increased, potential leakage risks in a Secret key distribution process are brought, finally, secret key management is carried out in a static configuration or manual strategy setting mode, a changeable cloud primary environment is difficult to adapt, and when the scenes of service flow fluctuation, service expansion and contraction, safety event response and the like are faced, manual intervention is often needed for generating, rotation and suspension of the Secret key, response is lagged, and potential safety hazards are easily introduced due to operation omission. Therefore, how to reduce the complexity of operation and maintenance and improve the security of the key on the premise of ensuring security has become a technical problem to be solved in the current cloud native security field. Disclosure of Invention The embodiment of the application provides a key generation method, which is used for solving the problems that the existing key generation scheme is difficult to adapt to changeable cloud primary environment, the generation, rotation and suspension of a key often need manual intervention when facing to scenes such as business flow fluctuation, service expansion and contraction, safety event response and the like, response is lagged, and potential safety hazards are easily introduced due to operation omission. The embodiment of the application also provides a key generation device which is used for solving the problems that the existing key generation scheme is difficult to adapt to changeable cloud primary environment, the generation, rotation and suspension of the key often need manual intervention when facing to scenes such as business flow fluctuation, service expansion and contraction capacity, safety event response and the like, response is lagged, and potential safety hazards are easily introduced due to operation omission. The embodiment of the application also provides key generation equipment, which is used for solving the problems that the existing key generation scheme is difficult to adapt to changeable cloud primary environment, the generation, rotation and suspension of the key often need manual intervention when facing to scenes such as business flow fluctuation, service expansion and contraction capacity, safety event response and the like, response is lagged, and potential safety hazards are easily introduced due to operation omission. The embodiment of the application also provides a computer readable storage medium for solving the problems that the existing key generation scheme is difficult to adapt to changeable cloud primary environment, the generation, rotation and suspension of keys often need manual intervention when facing to scenes such as business flow fluctuation, service expansion and contraction capacity, safety event response and the like, response is lagged, and potential safety hazards are easily introduced due to operation omission. A computer program product is used for solving the problems that the existing key generation scheme is difficult to adapt to changeable cloud primary environment, the key generation, rotation and sus