Search

CN-122001585-A - Encryption communication method and system

CN122001585ACN 122001585 ACN122001585 ACN 122001585ACN-122001585-A

Abstract

The application discloses an encryption communication method and system, which comprise the steps of responding to a communication request sent by source equipment for target equipment, obtaining an original key, a random parameter and an equipment encryption parameter corresponding to the locally stored source equipment, sending the equipment encryption parameter and the random parameter to the source equipment, receiving the returned target encryption parameter and first authentication information after parameter synchronous verification of the source equipment based on the equipment encryption parameter, generating second authentication information and first key based on the target encryption parameter, the random parameter and the original key, generating a session key when the source equipment initiates a session to the target equipment under the condition that the equipment authentication of the first authentication information and the second authentication information passes, and encrypting and sending the session key to the source equipment based on the first key, so that the source equipment and the target equipment carry out encryption communication based on the session key. The application can improve the network communication safety.

Inventors

  • WANG JUN

Assignees

  • 南京易科腾信息技术有限公司

Dates

Publication Date
20260508
Application Date
20260410

Claims (10)

  1. 1. An encrypted communication method, applied to a key management end, comprising: Responding to a communication request sent by source equipment aiming at target equipment, and acquiring a locally stored original key, a random parameter and an equipment encryption parameter corresponding to the source equipment; the equipment encryption parameters and the random parameters are sent to the source equipment, and the returned target encryption parameters and first authentication information are received after the source equipment performs parameter synchronization verification based on the equipment encryption parameters; generating second authentication information and a first key based on the target encryption parameter, the random parameter, and the original key; generating a session key when the source device initiates a session to the target device in the case that the device authentication of the first authentication information and the second authentication information passes; the session key is sent to the source device in an encrypted manner based on the first key, so that the source device and the target device are in encrypted communication based on the session key.
  2. 2. The encrypted communication method according to claim 1, wherein generating second authentication information and a first key based on the target encryption parameter, the random parameter, and the original key, comprises: Generating second authentication information according to a first algorithm based on the target encryption parameter, the random parameter and the original key; And generating a first key according to a second algorithm based on the target encryption parameter, the random parameter and the original key.
  3. 3. The encrypted communication method according to claim 1, wherein after the generating of the second authentication information and the first key based on the target encryption parameter, the random parameter, and the original key, the method further comprises: Under the condition that the target encryption parameter is consistent with the equipment encryption parameter, carrying out self-increment on the equipment encryption parameter in local storage; And under the condition that the target encryption parameter is inconsistent with the equipment encryption parameter, replacing the equipment encryption parameter with the target encryption parameter in local storage, and performing self-increment on the target encryption parameter.
  4. 4. The method of encrypted communication according to claim 1, wherein the method further comprises: And establishing a first encryption channel for communicating with the source device based on the first key, and encrypting and transmitting the session key to the source device through the first encryption channel under the condition that the device authentication of the first authentication information and the second authentication information passes.
  5. 5. The method of encrypted communication according to claim 1, wherein the method further comprises: Searching a second encryption channel communicated with the target device, wherein the second encryption channel is established based on a second key corresponding to the target device; and encrypting and transmitting the session key to the target equipment through the second encryption channel.
  6. 6. The method of encrypted communications according to claim 5, wherein the communications request includes a communications service identification, the method further comprising: encrypting and transmitting the session key and the communication service identifier to the target equipment through the second encryption channel; Receiving a session permission message returned by the target equipment after the service configuration verification based on the communication service identifier is passed; And sending a session notification to the source device based on the session permission message, so that the source device and the target device perform encrypted communication based on the session key.
  7. 7. An encrypted communication method, applied to a source device, comprising: Receiving a returned device encryption parameter and a random parameter by a key management terminal based on a communication request sent by the source device for the target device; Acquiring a local encryption parameter and an original key which are locally stored, and synchronously checking the local encryption parameter and the equipment encryption parameter to determine a target encryption parameter; Generating first authentication information and a first key based on the target encryption parameter, the random parameter and the original key, and returning the target encryption parameter and the first authentication information to the key management end; when the source equipment initiates a session to the target equipment, receiving an encrypted session key sent by the key management end through a first encryption channel after equipment authentication based on the first authentication information passes; And decrypting the encrypted session key by using the first key to obtain a session key, and performing device encrypted communication with the target device by using the session key.
  8. 8. The method of encrypted communication according to claim 7, wherein the step of performing synchronization verification on the local encryption parameter and the device encryption parameter to determine a target encryption parameter comprises: Determining the local encryption parameter or the equipment encryption parameter as a target encryption parameter under the condition that the local encryption parameter is consistent with the equipment encryption parameter; And determining a target encryption parameter from the local encryption parameter and the equipment encryption parameter when the local encryption parameter is inconsistent with the equipment encryption parameter.
  9. 9. The encrypted communication method according to claim 7, wherein, in the case where the local encryption parameter does not coincide with the device encryption parameter, determining a target encryption parameter from among the local encryption parameter and the device encryption parameter, comprises: And determining the larger value of the local encryption parameter and the equipment encryption parameter as a target encryption parameter.
  10. 10. An encrypted communication system is characterized by comprising a key management end and a device end, wherein the device end comprises a source device and a target device; The key management terminal being configured to perform the encrypted communication method according to any one of claims 1 to 6; The source device is configured to perform the encrypted communication method of any one of claims 7-9 to cryptographically communicate with the target device.

Description

Encryption communication method and system Technical Field The application relates to the technical field of network security, in particular to an encryption communication method and system. Background With the development of quantum computing, computing power represented by quantum computing is leap, and related algorithms in classical cryptography are greatly influenced in network security, for example, traditional public key algorithms such as RSA/ECC can be theoretically cracked by quantum computers. In order to cope with the security risk of future quantum computer cracking, a key exchange technology based on QKD (quantum key distribution) is proposed in the industry, which needs to deploy special devices for key exchange based on optical quantum characteristics, however, the deployment of proprietary devices needs to monopolize optical fiber channels for key exchange, and cannot be suitable for the scene of ordinary internet access. Thus, providing cryptographic techniques that are versatile and capable of withstanding quantum computing attacks is a problem to be solved in network communication security. Disclosure of Invention The encryption communication method and the system are provided, and aim to realize the encryption communication method which is universal and can resist quantum computing attacks and improve network communication safety. In a first aspect, the present application provides an encrypted communication method, applied to a key management terminal, including: Responding to a communication request sent by source equipment aiming at target equipment, and acquiring an original secret key, a random parameter and an equipment encryption parameter corresponding to the locally stored source equipment; The method comprises the steps of sending equipment encryption parameters and random parameters to source equipment, and receiving returned target encryption parameters and first authentication information after the source equipment performs parameter synchronization verification based on the equipment encryption parameters; Generating second authentication information and a first key based on the target encryption parameter, the random parameter and the original key; Under the condition that the equipment authentication of the first authentication information and the second authentication information passes, generating a session key when the source equipment initiates a session to the target equipment; the session key is sent to the source device based on the first key encryption such that the source device and the target device are in encrypted communication based on the session key. In one embodiment, generating the second authentication information and the first key based on the target encryption parameter, the random parameter, and the original key includes: Generating second authentication information according to a first algorithm based on the target encryption parameter, the random parameter and the original key; The first key is generated according to a second algorithm based on the target encryption parameter, the random parameter, and the original key. In one embodiment, after generating the second authentication information and the first key based on the target encryption parameter, the random parameter, and the original key, the encrypted communication method further includes: under the condition that the target encryption parameter is consistent with the equipment encryption parameter, carrying out self-increment on the equipment encryption parameter in the local storage; And under the condition that the target encryption parameter is inconsistent with the device encryption parameter, replacing the device encryption parameter with the target encryption parameter in the local storage, and performing self-increment on the target encryption parameter. In one embodiment, the encrypted communication method further comprises: In the case that the device authentication of the first authentication information and the second authentication information passes, a first encryption channel for communication with the source device is established based on the first key, and the session key is sent to the source device through the first encryption channel in an encrypted manner. In one embodiment, the encrypted communication method further comprises: Searching a second encryption channel communicated with the target device, wherein the second encryption channel is established based on a second key corresponding to the target device; the session key is sent to the target device through the second encryption channel in an encrypted manner. In one embodiment, the communication request includes a communication service identification, and the encrypted communication method further includes: encrypting and transmitting the session key and the communication service identifier to the target equipment through a second encryption channel; receiving a session permission message returned by the target equ