CN114745192A - Communication method, system, device and medium - Google Patents
Communication method, system, device and mediumDownload PDFInfo
- Publication number
- CN114745192A CN114745192ACN202210435873.XACN202210435873ACN114745192ACN 114745192 ACN114745192 ACN 114745192ACN 202210435873 ACN202210435873 ACN 202210435873ACN 114745192 ACN114745192 ACN 114745192A
- Authority
- CN
- China
- Prior art keywords
- service system
- access request
- key
- value
- communication service
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 230000006854communicationEffects0.000titleclaimsabstractdescription136
- 238000004891communicationMethods0.000titleclaimsabstractdescription135
- 238000000034methodMethods0.000titleclaimsabstractdescription37
- 238000012795verificationMethods0.000claimsabstractdescription73
- 230000006870functionEffects0.000claimsdescription8
- 125000004122cyclic groupChemical group0.000claimsdescription7
- 238000004590computer programMethods0.000claims2
- 238000010586diagramMethods0.000description7
- 239000000284extractSubstances0.000description2
- 238000011161developmentMethods0.000description1
- 238000005516engineering processMethods0.000description1
- 238000012986modificationMethods0.000description1
- 230000004048modificationEffects0.000description1
- 230000003287optical effectEffects0.000description1
- 238000005192partitionMethods0.000description1
- 230000002085persistent effectEffects0.000description1
- 238000012545processingMethods0.000description1
- 238000006467substitution reactionMethods0.000description1
- 230000001052transient effectEffects0.000description1
- 239000002699waste materialSubstances0.000description1
Images
Classifications
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/14—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/70—Reducing energy consumption in communication networks in wireless communication networks
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer And Data Communications (AREA)
- Storage Device Security (AREA)
Abstract
Description
Technical Field
The present invention relates to the field of communication encryption, and in particular, to a communication method, system, device, and medium.
Background
With the progress of society and the development of science and technology, the security consciousness of people is continuously strengthened, the security and the privacy of communication are more and more popular with people, the existing secure communication mode is only to encrypt and decrypt through a single encryption algorithm, and the possibility of being brute-force cracked easily occurs.
Disclosure of Invention
The invention mainly aims to solve the technical problem that the existing communication encryption mode is single and cannot better protect communication contents.
The invention provides a communication method in the access aspect, which is applied to a communication system, wherein the communication system comprises a client system, an intermediate service system, a communication service system and a built-in secret key system, and the communication method comprises the following steps:
the client system sends an access request encrypted by the built-in key system to the intermediate service system;
the intermediate service system decrypts the access request through the built-in secret key system to obtain the decrypted access request, and determines the corresponding communication service system according to the decrypted access request;
the intermediate service system sends the decrypted access request to the corresponding communication service system, and verifies the access request through the corresponding communication service system to obtain verification result information;
the intermediate service system transmits the verification result information to the client system.
Optionally, the access request includes a security level value i, and the security level value i is operated by a hash function to obtain a hash H1And then hash H with the first key pair in the built-in key system1And encrypting to obtain a level identification code, and encrypting the security level value i through a second secret key in a built-in secret key system to obtain encrypted security level information.
Optionally, the communication service system includes a private network communication service system and a beidou communication service system, the intermediate service system decrypts the access request through the built-in key system to obtain the decrypted access request, and according to the decrypted access request, determining the corresponding communication service system includes:
decrypting the grade identifying code through a third secret key acquired from a built-in secret key system to obtain a hash H1And then obtaining the plaintext from the built-in key systemThe fourth key decrypts the encrypted security level information, extracts the security level value i, and the hash H is obtained by operating the security level value i through a hash function2And will hash H2And hash H1Comparing to determine the authenticity of the obtained secret grade value i;
judging whether the confirmed privacy level value i is larger than a preset level boundary value k, wherein i is larger than 0;
if the secret grade value i is larger than a preset grade boundary value k, transmitting the access request to a Beidou communication service system;
and if the secret grade value i is not greater than the preset grade boundary value k, transmitting the access request to a private network communication service system.
Optionally, the accessing request further includes a digital signature, and the verifying the accessing request by corresponding to the communication service system includes:
specifying a prime number domain Z, selecting a curve E (p, a, b, q) in the prime number domain Z, and generating a point A of a cyclic group of prime number orders q by using the curve E (p, a, b, q), wherein p is a modulus, a and b are coefficients, and q is the prime number order of the cyclic group of the prime number domain Z;
according to the point A and the obtained random integer d, obtaining a point B through a formula B ═ dA, and determining a public key kpub═ p, a, B, q, a, B) and the private key kpr(d), wherein the random integer d ranges from (0, q);
according to the point A and selecting an integer as the random temporary key kEBy the formula R ═ kEA derives a point R, where a random temporary key kEThe value range of (a) is (0, q);
by the formula
modq computes a signature parameter s, where R is a defining variable and is assigned by the coordinates of point R, and h is a hash value of the requested information.
Optionally, the verifying the access request by corresponding to the communication service system further includes:
defining an auxiliary value w, an auxiliary value u1And an auxiliary value u2And by the formula w ≡ s-1modq、u1W.hmdq and u2Is assigned separately from ≡ w · rmodq, and is assigned by P ═ u1A+u2B, calculating the coordinate of the point P;
according to the formula
mod q and R ═ kEA, R ═ P can be deduced;
judgment of xPWhether it is equivalent to rmodq;
if the digital signature is equivalent, judging that the digital signature is valid;
if not, the digital signature is judged to be invalid.
Optionally, the obtaining of the verification result information includes:
judging whether the digital signature is valid;
if the information is valid, the corresponding communication service system outputs and takes the encryption result information as the verification result information, wherein the encryption result information is obtained by using a secret key a provided in a built-in secret key system1Key a2And a secret key a3Respectively and sequentially encrypting, decrypting and encrypting the result information;
and if the verification result information is invalid, the corresponding communication service system outputs and takes invalid verification information as verification result information, wherein the invalid verification information is taken as the verification result information and has no encryption operation.
A second aspect of the present invention provides a communication system, including:
the client system is used for sending the access request and receiving the verification result information;
the built-in key system is used for encrypting and decrypting the access request;
the intermediate service system is used for receiving the access request, determining the corresponding communication service system according to the access request and transmitting verification result information;
and the communication service system is used for verifying the decrypted access request and sending verification result information.
A third aspect of the present invention provides a communication apparatus, including: a memory having instructions stored therein and at least one processor, the memory and the at least one processor interconnected by a line;
the at least one processor invokes the instructions in the memory to cause the device to perform the communication method as described above.
A fourth aspect of the present invention provides a computer-readable storage medium for communication, having stored therein instructions, which, when run on a computer, cause the computer to perform the above-mentioned communication method.
In the technical scheme provided by the invention, the access request of the client system is decrypted and judged through the intermediate service system, the target communication service system is determined, the access request is transmitted to the corresponding communication service system, the access request is verified through the corresponding communication service system, the verification result information is encrypted and fed back to the intermediate service system and transmitted to the client system through the intermediate service system, and the communication flow is encrypted and transmitted for three times so as to improve the communication safety.
Drawings
Fig. 1 is a schematic diagram of an embodiment of a communication method according to an embodiment of the invention;
FIG. 2 is a schematic diagram of another embodiment of thestep 102 of the communication method according to the embodiment of the invention;
FIG. 3 is a diagram of a first embodiment ofstep 103 of a communication method according to an embodiment of the present invention;
FIG. 4 is a diagram of a first embodiment ofstep 103 of the communication method according to the embodiment of the present invention;
FIG. 5 is a schematic diagram of an embodiment of a communication system in accordance with the present invention;
fig. 6 is a schematic diagram of an embodiment of a communication device according to an embodiment of the present invention.
Detailed Description
The embodiment of the invention provides a communication method, a communication system, communication equipment and a storage medium.
The terms "accessed," "second," "third," "fourth," and the like in the description and in the claims, as well as in the drawings, if any, are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It will be appreciated that the data so used may be interchanged under appropriate circumstances such that the embodiments described herein may be practiced otherwise than as specifically illustrated or described herein. Furthermore, the terms "comprises," "comprising," or "having," and any variations thereof, are intended to cover non-exclusive inclusions, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
For convenience of understanding, a detailed flow of an embodiment of the present invention is described below, with reference to fig. 1, in an embodiment of a communication method in an embodiment of the present invention, where the voice device includes: an error microphone and a speaker, the communication method comprising:
101. the client system sends an access request encrypted by the built-in secret key system to the intermediate service system;
further, the following is included in the "access request":
the access request comprises a security level value i, and the security level value i is operated by a hash function to obtain a hash H1And then hash H with the first key pair in the built-in key system1And encrypting to obtain a level identification code, and encrypting the security level value i through a second secret key in a built-in secret key system to obtain encrypted security level information.
In this embodiment, the security level value i is used as a judgment value for selecting to access different communication service systems, different security level values i are correspondingly generated by an internal random value generator according to different user-selected access target service systems before information of an access request is transmitted, wherein a value field is given in the value generator to avoid unnecessary waste of computing resources due to too large or too small randomly generated values, and furthermore, in order to avoid hijacking or tampering in the process of transmitting data to an intermediate server, the security level value i is separately computed through a hash function and a unique identification code is generated.
102. The intermediate service system decrypts the access request through the built-in secret key system to obtain the decrypted access request, and determines the corresponding communication service system according to the decrypted access request;
further, as shown in fig. 2, thestep 102 further includes the following specific steps:
1021. decrypting the grade identifying code through a third secret key acquired from a built-in secret key system to obtain a hash H1The encrypted security level information is decrypted by a fourth secret key obtained from a built-in secret key system, a security level value i is extracted, and the security level value i is operated by a hash function to obtain a hash H2And will hash H2And hash H1Comparing to determine the authenticity of the obtained secret grade value i;
in this embodiment, after receiving the information transmitted from the client system, the intermediary service system only analyzes and judges the security level value i and the level identification code thereof in the information, first extracts the level identification code alone, and then decrypts the level identification code by using the second key obtained from the built-in key system to obtain the hash H1Calculating the security level value i by a hash function to obtain a hash H2Comparing the two groups of hashes, if the two groups of hashes are not consistent, failing to verify, rejecting the request selected by the client system access system, and if the two groups of hashes are consistent, performing the following steps.
1022. Judging whether the confirmed privacy level value i is larger than a preset level boundary value k, wherein i is larger than 0;
1023. if the secret grade value i is larger than a preset grade boundary value k, transmitting the access request to a Beidou communication service system;
1024. and if the secret grade value i is not greater than the preset grade boundary value k, transmitting the access request to a private network communication service system.
In the 1022-1024 step, the level boundary value k is a preset value in the system, and is used to partition critical values of different communication service systems, in this embodiment, a private network communication service system and a beidou communication service system.
103. The intermediate service system sends the decrypted access request to the corresponding communication service system, and verifies the access request through the corresponding communication service system to obtain verification result information;
in this embodiment, the access request further includes a digital signature, and the access request is further secured through the digital signature.
Further, as shown in fig. 3 to fig. 4, thestep 103 further includes the following specific steps:
1031. specifying a prime number domain Z, selecting a curve E (p, a, b, q) in the prime number domain Z, and generating a point A of a cyclic group of prime number orders q by using the curve E (p, a, b, q), wherein p is a modulus, a and b are coefficients, and q is the prime number order of the cyclic group of the prime number domain Z;
1032. according to the point A and the obtained random integer d, obtaining a point B through a formula B ═ dA, and determining a public key kpub═ p, a, B, q, a, B) and the private key kpr(d), wherein the random integer d ranges from (0, q);
in 1031-1032 step, for the key generation of the digital signature, the private key and the public key are not directly obtained from the built-in key system, but are calculated according to a randomly generated integer d and a point a obtained from a curve E (p, a, B, q) in the specified prime number domain Z to obtain a point B, where the integer d is the private key and the point B is the public key, and in order to improve the security level, the value of the integer d may be increased to 160 bits or more.
1033. According to the point A and selecting an integer as the random temporary key kEBy the formula R ═ kEA derives a point R, where a random temporary key kEThe value range of (a) is (0, q);
1034. by the formula
modq computes a signature parameter s, where R is a defining variable and is assigned by the x coordinate of point R, and h is a hash value of the requested information.
In 1033-1034 step, signature generation is performed, an integer is randomly selected as a temporary key, and coordinates of a point R are obtained, where h is a hash value of the request information, so that when the request information is changed, the hash value of the request information will become completely different from the previous value, and the request information can be effectively protected in the operation.
1035. Defining an auxiliary value w, an auxiliary value u1And an auxiliary value u2And by the formula w ≡ s-1modq、u1W.hmdq and u2Is assigned separately, and is assigned by P ≡ w · rmodq, and1A+u2b, calculating the coordinate of the point P;
1036. according to the formula
mod q and R ═ kEA, R ═ P can be deduced;
1037. judgment of xPWhether it is equivalent to rmodq;
1038. if the digital signature is equivalent, judging that the digital signature is valid;
1039. if not, judging the digital signature as invalid;
in 1033-1039 step for signature verification, the target communication service system verifies the received mathematical signature, wherein it is mainly required to verify whether the signature (r, s) satisfies r ≡ xpmodq by defined auxiliary values w, u1And u2The coordinates of point P are calculated and a decision is made as to whether point P is in the signed cyclic group, thereby completing the verification.
Further, thestep 103 of "obtaining the verification result information" may further perform:
103a, judging whether the digital signature is valid;
103b, if valid, the corresponding communication service isThe system outputs the verification result information which is the encryption result information provided by the key a in the built-in key system1Key a2And a secret key a3Respectively and sequentially encrypting, decrypting and encrypting the verification passing information;
103c, if the verification result information is invalid, the corresponding communication service system outputs verification result information which is invalid verification information, wherein the invalid verification information is verification failure information.
103a-103c, the corresponding communication service system verifies the mathematical signature and then feeds back the mathematical signature, and encrypts the feedback, wherein the encryption of the feedback has conditional restriction, the digital signature needs to be verified to pass, the feedback is encrypted, after the digital signature is verified to pass, the corresponding communication service system not only sends out information of successful verification, but also sends out corresponding communication interface information, in order to ensure that the communication interface information is not leaked, the encryption needs to be carried out, the encryption algorithm is 3DES, and three different keys a are used for encryption, the encryption algorithm is1、a2And a3The encryption, the decryption and the encryption are sequentially carried out, and if the verification of the mathematical signature fails, the information of the verification failure is directly fed back.
104. The intermediate service system transmits verification result information to the client system;
in this embodiment, after receiving the verification result information, the intermediate service system does not read the content of the verification result information, but directly transmits the content to the client system, and the client system analyzes the verification result information.
The specific way of analyzing the verification result information by the client system is as follows:
judging whether the verification result information is encrypted or not;
specifically, since only one encryption condition is that the digital signature is verified, the received information without encryption is generally regarded as the verification failure;
if the encrypted verification result information is received, the key a is obtained again from the built-in key system3Key a2And a secret key a1According to the secret key a3Key a2And a secret key a1And respectively and sequentially decrypting, encrypting and decrypting the encrypted result information to obtain verification result information and communication interface information, and directly crossing the intermediate service system and establishing an encrypted communication channel with the corresponding communication service system through the communication interface information.
The method comprises the steps that an access request of a client system is decrypted and judged through an intermediate service system, a target communication service system is determined, the access request is transmitted to the corresponding communication service system, the access request is verified through the corresponding communication service system, verification result information is encrypted and fed back to the intermediate service system and transmitted to the client system through the intermediate service system, and the communication flow is encrypted and transmitted for three times to improve communication safety.
The above describes a communication method in an embodiment of the present invention, and the following describes a communication system in an embodiment of the present invention, where an embodiment of the communication system in the embodiment of the present invention includes:
201. the client system is used for sending the access request and receiving the verification result information;
202. the built-in key system is used for encrypting and decrypting the access request;
203. the intermediate service system is used for receiving the access request, determining the corresponding communication service system according to the access request and transmitting verification result information;
204. and the communication service system is used for verifying the decrypted access request and sending verification result information.
In this embodiment, the access request in the client system includes a security level value i, which is previously computed by a hash function to obtain a hash H1Hashing H by a first key pair in a built-in key system1Encrypting to obtain a grade identifying code, and passing through a second secret key in a built-in secret key systemEncrypting the security level value to obtain encrypted security level information, splicing the level identification code and the encrypted security level information, transmitting the access request to an intermediate service system, disassembling the level identification code and the encrypted security level information in the access request by the intermediate service system, respectively decrypting the level identification code and the encrypted security level information through a third key and a fourth key in a built-in key system to obtain a hash H1And the secret grade value i is calculated through a hash function to obtain a hash H2Will hash H1And hash H2Comparing and confirming the authenticity of the obtained privacy grade value i;
after the correctness of the secret grade value is confirmed, judging the secret grade value i and a preset grade boundary value k, judging a communication service system corresponding to the secret grade value i, and sending an access request to the corresponding communication service system;
after receiving the access request, the corresponding communication service system verifies and decrypts the digital signature of the access request, and after verifying the digital signature, different results are generated respectively, wherein the verification result comprises pass and fail, according to the passing verification result, the corresponding communication service system outputs verification pass information and communication interface information, and encrypts the verification pass information and the communication interface information, and the encryption mode is to use a secret key a in a built-in secret key system1Key a2And a secret key a3Encrypting, decrypting and encrypting the verification passing information and the communication interface information, transmitting the obtained encrypted result information serving as verification result information to an intermediate service system, outputting verification failing information by the corresponding communication service system according to the failing verification result, directly transmitting invalid verification information serving as the verification result information to the intermediate service system, and not encrypting;
the intermediate service system analyzes the received verification result information, wherein only invalid verification information is not encrypted, so that whether the verification result information is invalid verification information or not only needs to be analyzed, if so, the connection between the client system and the corresponding communication service system is disconnected, and if not, the verification result information is fed back to the client system.
The client system obtains the key a in the built-in key system for the verification result information received by the encryption result information1Key a2And a secret key a3According to the secret key a3Key a2And a secret key a1And respectively and sequentially decrypting, encrypting and decrypting the encrypted result information to obtain verification passing information and communication interface information, and directly establishing an encrypted communication channel with a corresponding communication service system through the communication interface information.
The method comprises the steps that an access request of a client system is decrypted and judged through an intermediate service system, a target communication service system is determined, the access request is transmitted to the corresponding communication service system, the access request is verified through the corresponding communication service system, verification result information is encrypted and fed back to the intermediate service system and transmitted to the client system through the intermediate service system, and the communication flow is encrypted and transmitted for three times to improve communication safety.
Fig. 3 above describes the communication system in the embodiment of the present invention in detail from the perspective of the modular functional entity, and the active noise reduction device in the embodiment of the present invention is described in detail from the perspective of hardware processing.
Fig. 5 is a schematic structural diagram of an active noise reduction device 300 according to an embodiment of the present invention, where the active noise reduction device 300 may have a relatively large difference due to different configurations or performances, and may include one or more processors (CPUs) 310 (e.g., one or more processors) and amemory 320, and one or more storage media 330 (e.g., one or more mass storage devices) storingapplications 333 ordata 332.Memory 320 andstorage media 330 may be, among other things, transient or persistent storage. The program stored on thestorage medium 330 may include one or more modules (not shown), each of which may include a series of instructions operating on the active noise reduction device 300. Still further,processor 310 may be configured to communicate withstorage medium 330 to execute a series of instruction operations in storage medium 230 on active noise reduction device 300.
The communications-based device 300 may also include one ormore power supplies 340, one or more wired or wireless network interfaces 350, one or more input-output interfaces 360, and/or one ormore operating systems 331, such as Windows Server, Mac OS, Uni, Linu, FreeBSD, etc. Those skilled in the art will appreciate that the configuration of the active noise reduction device shown in FIG. 4 does not constitute a limitation of active noise reduction based devices, and may include more or fewer components than shown, or some components in combination, or a different arrangement of components.
The present invention also provides a computer-readable storage medium, which may be a non-volatile computer-readable storage medium or a volatile computer-readable storage medium, having stored therein instructions, which, when executed on a computer, cause the computer to perform the steps of the communication method and system.
It is clear to those skilled in the art that, for convenience and brevity of description, the specific working processes of the above-described system or system and unit may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.
The integrated unit, if implemented in the form of a software functional unit and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a service system, or a network device) to execute all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: various media capable of storing program codes, such as a usb disk, a removable hard disk, a read-only memory (ROM), a Random Access Memory (RAM), a magnetic disk, or an optical disk.
The above-mentioned embodiments are only used for illustrating the technical solutions of the present invention, and not for limiting the same; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions of the embodiments of the present invention.
Claims (9)
1. A communication method is applied to a communication system, wherein the communication system comprises a client system, an intermediate service system, a communication service system and a built-in key system, and the communication method comprises the following steps:
the client system sends an access request encrypted by the built-in secret key system to the intermediate service system;
the intermediate service system decrypts the access request through the built-in secret key system to obtain the decrypted access request, and determines the corresponding communication service system according to the decrypted access request;
the intermediate service system sends the decrypted access request to the corresponding communication service system, and verifies the access request through the corresponding communication service system to obtain verification result information;
the intermediate service system transmits the verification result information to the client system.
2. The communication method of claim 1, wherein the access request comprises a security level value i, and the security level value i is hashed by a hash function1And then hash H with the first key pair in the built-in key system1Encrypting to obtain a grade identifying code, and encrypting the secret grade value i through a second secret key in a built-in secret key system to obtain an encryption keyAnd encrypting the security level information.
3. The communication method according to claim 2, wherein the communication service system includes a private network communication service system and a beidou communication service system, the intermediate service system decrypts an access request through the built-in key system to obtain the decrypted access request, and determining the corresponding communication service system according to the decrypted access request includes:
decrypting the grade identifying code through a third secret key acquired from a built-in secret key system to obtain a hash H1The encrypted security level information is decrypted by a fourth secret key obtained from a built-in secret key system, a security level value i is extracted, and the security level value i is operated by a hash function to obtain a hash H2And will hash H2And hash H1Comparing to determine the authenticity of the obtained secret grade value i;
judging whether the confirmed confidential grade value i is larger than a preset grade boundary value k, wherein i is larger than 0;
if the secret grade value i is larger than a preset grade boundary value k, transmitting the access request to a Beidou communication service system;
and if the secret grade value i is not greater than the preset grade boundary value k, transmitting the access request to a private network communication service system.
4. The communication method according to claim 1, wherein the access request further includes a digital signature, and the verifying the access request by the corresponding communication service system comprises:
specifying a prime number domain Z, selecting a curve E (p, a, b, q) in the prime number domain Z, and generating a point A of a cyclic group of prime number orders q by using the curve E (p, a, b, q), wherein p is a modulus, a and b are coefficients, and q is the prime number order of the cyclic group of the prime number domain Z;
according to the point A and the obtained random integer d, obtaining a point B through a formula B ═ dA, and determining a public key kpub(p, a, B, q, A, B) andprivate key kpr(d), wherein the random integer d ranges from (0, q);
according to the point A and selecting an integer as the random temporary key kEBy the formula R ═ kEA derives a point R, where a random temporary key kEThe value range of (b) is (0, q);
by the formula
And calculating a signature parameter s, wherein R is a definition variable and is assigned by an x coordinate of a point R, and h is a hash value of the request information.
5. The communication method according to claim 4, wherein the authenticating the access request by the corresponding communication service system further comprises:
defining an auxiliary value w, an auxiliary value u1And an auxiliary value u2And by the formula w ≡ s-1modq、u1Q and u ≡ w · h mod q2The values are assigned separately to ≡ w · r mod q, and by P ═ u1A+u2B, calculating the coordinate of the point P;
according to the formula
And R ═ kEA, R ═ P can be deduced;
judgment of xPWhether or not it is equivalent to r mod q;
if the digital signature is equivalent, judging that the digital signature is valid;
if not, the digital signature is judged to be invalid.
6. The communication method according to claim 5, wherein the obtaining the verification result information comprises:
judging whether the digital signature is valid;
if the encryption result information is valid, the corresponding communication service system outputs verification result information which is encrypted result information, wherein the encryption result informationInformation is generated by using a key a provided in a built-in key system1Key a2And a secret key a3Respectively and sequentially encrypting, decrypting and encrypting the verification passing information;
and if the verification result information is invalid, the corresponding communication service system outputs verification result information which takes invalid verification information as verification result information, wherein the invalid verification information is verification failure information.
7. A communication system, comprising:
the client system is used for sending the access request and receiving the verification result information;
the built-in key system is used for encrypting and decrypting the access request;
the intermediate service system is used for receiving the access request, determining the corresponding communication service system according to the access request and transmitting verification result information;
and the communication service system is used for verifying the decrypted access request and sending verification result information.
8. A communication device, comprising: a memory having instructions stored therein and at least one processor, the memory and the at least one processor interconnected by a line;
the at least one processor invokes the instructions in the memory to cause the active noise reduction device to perform the communication method of any of claims 1-6.
9. A computer-readable storage medium of a speech device, the computer-readable storage medium of the speech device having a computer program stored thereon, the speech device comprising: an error microphone and a loudspeaker, the computer program realizing the communication method according to any one of claims 1 to 7 when executed by a processor.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210435873.XACN114745192B (en) | 2022-04-24 | 2022-04-24 | Communication method, system, equipment and medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210435873.XACN114745192B (en) | 2022-04-24 | 2022-04-24 | Communication method, system, equipment and medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114745192Atrue CN114745192A (en) | 2022-07-12 |
| CN114745192B CN114745192B (en) | 2024-05-31 |
Family
ID=82284041
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210435873.XAActiveCN114745192B (en) | 2022-04-24 | 2022-04-24 | Communication method, system, equipment and medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114745192B (en) |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20130031598A1 (en)* | 2010-11-18 | 2013-01-31 | The Boeing Company | Contextual-Based Virtual Data Boundaries |
| CN105933315A (en)* | 2016-04-21 | 2016-09-07 | 浪潮集团有限公司 | Network service security communication method, device and system |
| US20170171174A1 (en)* | 2015-12-11 | 2017-06-15 | Amazon Technologies, Inc. | Key exchange through partially trusted third party |
- 2022
- 2022-04-24CNCN202210435873.XApatent/CN114745192B/enactiveActive
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20130031598A1 (en)* | 2010-11-18 | 2013-01-31 | The Boeing Company | Contextual-Based Virtual Data Boundaries |
| US20170171174A1 (en)* | 2015-12-11 | 2017-06-15 | Amazon Technologies, Inc. | Key exchange through partially trusted third party |
| CN105933315A (en)* | 2016-04-21 | 2016-09-07 | 浪潮集团有限公司 | Network service security communication method, device and system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114745192B (en) | 2024-05-31 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9847880B2 (en) | Techniques for ensuring authentication and integrity of communications | |
| AU2003203712B2 (en) | Methods for remotely changing a communications password | |
| US8925109B2 (en) | Client-side player file and content license verification | |
| DK2811708T3 (en) | User authentication system and method | |
| KR100702499B1 (en) | Message Integrity Assurance Systems, Methods, and Recording Media | |
| US20060195402A1 (en) | Secure data transmission using undiscoverable or black data | |
| US9531540B2 (en) | Secure token-based signature schemes using look-up tables | |
| US20130028419A1 (en) | System and a method for use in a symmetric key cryptographic communications | |
| US7805616B1 (en) | Generating and interpreting secure and system dependent software license keys | |
| CN114244508A (en) | Data encryption method, device, equipment and storage medium | |
| US10503915B2 (en) | Encrypted text verification system, method and recording medium | |
| JP6738061B2 (en) | Ciphertext verification system, method, and recording medium | |
| Chen et al. | Privacy-preserving anomaly detection of encrypted smart contract for blockchain-based data trading | |
| CN114553557A (en) | Key calling method, key calling device, computer equipment and storage medium | |
| CN117255341A (en) | MIFI-based data encryption transmission protection method and system | |
| JP4436294B2 (en) | Authentication processing method, authentication processing program, recording medium, and authentication processing apparatus | |
| CN117714185A (en) | Bank counter data processing method and system based on cryptographic algorithm | |
| CN114745192B (en) | Communication method, system, equipment and medium | |
| CN108960385A (en) | Two dimensional code generation and verification method and system based on the encryption of multiple code key | |
| WO2005018138A1 (en) | Generation and validation of diffie-hellman digital signatures | |
| CN111167122A (en) | Wake algorithm based dynamic key issuing reinforcing method and system | |
| JP4604523B2 (en) | Data transfer method and data storage device | |
| HK40063358A (en) | Data encryption method, device, equipment, and storage medium | |
| JP5446768B2 (en) | Key exchange system and key exchange method | |
| Ertaul et al. | Implementation of authenticated encryption algorithm offset code book (OCB) |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB03 | Change of inventor or designer information | ||
| CB03 | Change of inventor or designer information | Inventor after:Song Kunhong Inventor after:Wang Hongjie Inventor before:Xiao Jianjun Inventor before:Yu Kangzhen Inventor before:Nong Mingtian | |
| GR01 | Patent grant | ||
| GR01 | Patent grant |