CN119030693A - Data transmission method and device, storage medium and electronic device - Google Patents
Data transmission method and device, storage medium and electronic device Download PDFInfo
- Publication number
- CN119030693A CN119030693A CN202310604453.4A CN202310604453A CN119030693A CN 119030693 A CN119030693 A CN 119030693A CN 202310604453 A CN202310604453 A CN 202310604453A CN 119030693 A CN119030693 A CN 119030693A
- Authority
- CN
- China
- Prior art keywords
- target
- key
- communication
- terminal
- communication link
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 75
- 230000005540 biological transmission Effects 0.000 title claims abstract description 22
- 230000006854 communication Effects 0.000 claims abstract description 405
- 238000004891 communication Methods 0.000 claims abstract description 399
- 230000004044 response Effects 0.000 claims description 36
- 230000015654 memory Effects 0.000 claims description 17
- 238000004590 computer program Methods 0.000 claims description 16
- 206010048669 Terminal state Diseases 0.000 claims description 12
- 230000008569 process Effects 0.000 abstract description 23
- 230000000694 effects Effects 0.000 abstract description 3
- 101001121408 Homo sapiens L-amino-acid oxidase Proteins 0.000 description 7
- 102100026388 L-amino-acid oxidase Human genes 0.000 description 7
- 238000010586 diagram Methods 0.000 description 6
- 238000013478 data encryption standard Methods 0.000 description 3
- 230000000977 initiatory effect Effects 0.000 description 3
- 238000012986 modification Methods 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 238000012545 processing Methods 0.000 description 3
- 101000827703 Homo sapiens Polyphosphoinositide phosphatase Proteins 0.000 description 2
- 102100023591 Polyphosphoinositide phosphatase Human genes 0.000 description 2
- 101100233916 Saccharomyces cerevisiae (strain ATCC 204508 / S288c) KAR5 gene Proteins 0.000 description 2
- 239000013078 crystal Substances 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- 238000002955 isolation Methods 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 101100012902 Saccharomyces cerevisiae (strain ATCC 204508 / S288c) FIG2 gene Proteins 0.000 description 1
- 230000002457 bidirectional effect Effects 0.000 description 1
- 230000006835 compression Effects 0.000 description 1
- 238000007906 compression Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 238000010295 mobile communication Methods 0.000 description 1
- 230000035945 sensitivity Effects 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0838—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04B—TRANSMISSION
- H04B7/00—Radio transmission systems, i.e. using radiation field
- H04B7/14—Relay systems
- H04B7/15—Active relay systems
- H04B7/185—Space-based or airborne stations; Stations for satellite systems
- H04B7/1851—Systems using a satellite or space-based relay
- H04B7/18513—Transmission in a satellite or space-based system
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0863—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving passwords or one-time passwords
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Physics & Mathematics (AREA)
- Astronomy & Astrophysics (AREA)
- Aviation & Aerospace Engineering (AREA)
- General Physics & Mathematics (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
Description
技术领域Technical Field
本公开实施例涉及通信领域,具体而言,涉及一种数据发送方法和装置、存储介质和电子装置方法及装置。The embodiments of the present disclosure relate to the field of communications, and in particular, to a data sending method and device, a storage medium, and an electronic device method and device.
背景技术Background Art
现在随着IMS的普及,短信、语音以及普通上网数据都是通过IP数据报文的方式在移动网络上传输。但IMS的基础仍旧是IP网络,具有基于会话初始协议(SIP)的全IP架构,IP协议固有的缺陷和安全漏洞使IMS很容易遭受攻击,引入IMS的同时也引入了IP网络的安全性问题。而随着各种信息服务的开展,各种机密性、敏感性、隐私性的传输也会大大增加,这对网络的安全性提出了更高的要求。With the popularity of IMS, short messages, voice messages, and general Internet data are all transmitted on mobile networks via IP datagrams. However, the foundation of IMS is still the IP network, with an all-IP architecture based on the Session Initiation Protocol (SIP). The inherent defects and security vulnerabilities of the IP protocol make IMS vulnerable to attacks. The introduction of IMS also introduces security issues of IP networks. With the development of various information services, the transmission of various confidentiality, sensitivity, and privacy will also increase greatly, which puts higher requirements on network security.
目前现有的方法是对SIP数据包采用对称加密技术,如DES、AES、IDEA等,即通信双发都拥有一个预共享密钥,一方用该密钥对SIP数据加密,另一方用该密钥对加密后的数据解密。但是由于密钥协商的过程同样使用IMS网络进行传输,因此预共享密钥在协商过程中很容易被第三方窃取,因此现有通信过程之前的通信密钥协商过程存在安全性较低的技术问题。The current existing method is to use symmetric encryption technology for SIP data packets, such as DES, AES, IDEA, etc., that is, both parties in communication have a pre-shared key, one party uses the key to encrypt SIP data, and the other party uses the key to decrypt the encrypted data. However, since the key negotiation process also uses the IMS network for transmission, the pre-shared key can be easily stolen by a third party during the negotiation process. Therefore, the communication key negotiation process before the existing communication process has a technical problem of low security.
针对上述技术问题,现有技术尚未提出有效的解决方法。With respect to the above-mentioned technical problems, the prior art has not yet provided an effective solution.
发明内容Summary of the invention
本公开实施例提供了一种数据发送方法和装置、存储介质和电子装置,以至少解决相关技术中通信密钥的协商过程安全性较低的问题。The embodiments of the present disclosure provide a data sending method and device, a storage medium, and an electronic device to at least solve the problem of low security in the negotiation process of communication keys in the related art.
根据本公开的一个实施例,提供了一种数据发送方法,包括:生成与目标卫星通信链路匹配的通信密钥;通过上述目标卫星通信链路向目标终端发送上述通信密钥;在确定上述目标终端接收到上述通信密钥的情况下,根据上述通信密钥对待发送的通信数据进行加密,得到目标密文数据;通过目标网络通信链路向上述目标终端发送上述目标密文数据。According to one embodiment of the present disclosure, a data sending method is provided, comprising: generating a communication key matching a target satellite communication link; sending the communication key to a target terminal via the target satellite communication link; upon determining that the target terminal has received the communication key, encrypting the communication data to be sent according to the communication key to obtain target ciphertext data; and sending the target ciphertext data to the target terminal via the target network communication link.
可选地,上述生成与目标卫星通信链路匹配的通信密钥,包括:在上述目标网络通信链路为第一类型的通信链路的情况下,生成与上述目标卫星通信链路匹配的对称通信密钥;在上述目标网络通信链路为第二类型的通信链路的情况下,生成与上述目标卫星通信链路匹配的非对称通信密钥对;其中,上述第一类型的上述通信链路的链路带宽大于或等于目标带宽阈值,上述第二类型的上述通信链路的链路带宽小于上述目标带宽阈值。Optionally, the above-mentioned generation of a communication key matching the target satellite communication link includes: when the above-mentioned target network communication link is a first type of communication link, generating a symmetric communication key matching the above-mentioned target satellite communication link; when the above-mentioned target network communication link is a second type of communication link, generating an asymmetric communication key pair matching the above-mentioned target satellite communication link; wherein the link bandwidth of the above-mentioned first type of communication link is greater than or equal to a target bandwidth threshold, and the link bandwidth of the above-mentioned second type of communication link is less than the above-mentioned target bandwidth threshold.
可选地,在上述目标网络通信链路为第一类型的通信链路的情况下,上述生成与上述目标卫星通信链路匹配的对称通信密钥之后,还包括:获取参考非对称通信密钥对;利用上述参考非对称通信密钥对加密上述对称通信密钥,得到目标密钥密文;通过上述目标卫星通信链路向上述目标终端发送上述目标密钥密文。Optionally, in the case where the target network communication link is a first type of communication link, after generating the symmetric communication key matching the target satellite communication link, it also includes: obtaining a reference asymmetric communication key pair; encrypting the symmetric communication key using the reference asymmetric communication key pair to obtain a target key ciphertext; and sending the target key ciphertext to the target terminal via the target satellite communication link.
可选地,在上述目标网络通信链路为第二类型的通信链路的情况下,上述生成与上述目标卫星通信链路匹配的非对称通信密钥对之后,还包括:通过上述目标卫星通信链路向上述目标终端发送上述非对称通信密钥对中包括的第一公钥,其中,上述非对称通信密钥对包括上述第一公钥和第一私钥,上述第一私钥用于在当前终端中对上述通信数据进行加密,以得到参考密文数据,上述第一公钥用于在上述目标终端中对上述参考密文数据进行解密;在上述目标终端接收到上述第一公钥的情况下,通过上述目标卫星通信链路接收上述目标终端发送的非对称通信密钥对中包括的第二公钥,其中,上述目标终端发送的非对称通信密钥对中包括上述第二公钥和第二私钥,上述第二公钥用于在上述当前终端中对上述参考密文数据进行加密,得到目标密文数据,上述第二私钥用于在上述目标终端中对上述目标密文数据进行解密。Optionally, in the case where the target network communication link is a second type of communication link, after the asymmetric communication key pair matching the target satellite communication link is generated, it also includes: sending the first public key included in the asymmetric communication key pair to the target terminal through the target satellite communication link, wherein the asymmetric communication key pair includes the first public key and the first private key, the first private key is used to encrypt the communication data in the current terminal to obtain reference ciphertext data, and the first public key is used to decrypt the reference ciphertext data in the target terminal; when the target terminal receives the first public key, receiving the second public key included in the asymmetric communication key pair sent by the target terminal through the target satellite communication link, wherein the asymmetric communication key pair sent by the target terminal includes the second public key and the second private key, the second public key is used to encrypt the reference ciphertext data in the current terminal to obtain the target ciphertext data, and the second private key is used to decrypt the target ciphertext data in the target terminal.
可选地,上述在上述目标终端接收到上述通信密钥的情况下,根据上述通信密钥对待发送的通信数据进行加密,得到目标密文数据包括:利用上述第一私钥对上述通信数据进行第一加密操作,得到参考密文数据;利用上述第二公钥对上述参考密文数据进行第二加密操作,得到上述目标密文数据。Optionally, when the target terminal receives the communication key, the communication data to be sent is encrypted according to the communication key to obtain the target ciphertext data, including: performing a first encryption operation on the communication data using the first private key to obtain reference ciphertext data; performing a second encryption operation on the reference ciphertext data using the second public key to obtain the target ciphertext data.
可选地,上述通过目标网络通信链路向上述目标终端发送上述目标密文数据之后,还包括:在通过上述目标网络通信链路接收到上述目标终端发送的响应密文数据的情况下,根据上述第一私钥对上述响应密文数据进行第一解密操作,得到参考响应密文数据;根据上述第二公钥对上述参考响应密文数据进行第二解密操作,得到响应通信数据。Optionally, after sending the target ciphertext data to the target terminal through the target network communication link, the method further includes: when receiving response ciphertext data sent by the target terminal through the target network communication link, performing a first decryption operation on the response ciphertext data according to the first private key to obtain reference response ciphertext data; performing a second decryption operation on the reference response ciphertext data according to the second public key to obtain response communication data.
可选地,上述通过上述目标卫星通信链路向目标终端发送上述通信密钥包括:在当前终端中将上述通信密钥加入目标北斗短报文;通过所述当前终端将上述目标北斗短报文发送至目标北斗卫星终端,其中,上述目标北斗卫星终端用于将上述目标北斗短报文转发至上述目标终端。Optionally, sending the above-mentioned communication key to the target terminal through the above-mentioned target satellite communication link includes: adding the above-mentioned communication key to the target Beidou short message in the current terminal; sending the above-mentioned target Beidou short message to the target Beidou satellite terminal through the current terminal, wherein the above-mentioned target Beidou satellite terminal is used to forward the above-mentioned target Beidou short message to the above-mentioned target terminal.
可选地,上述生成与目标卫星通信链路匹配的通信密钥,包括:根据当前终端的第一终端状态参数和/或上述目标北斗卫星终端的第二终端状态参数确定密钥生成参数;根据上述密钥生成参数通过密钥生成算法生成与上述目标卫星通信链路匹配的上述通信密钥。Optionally, the above-mentioned generation of a communication key matching the target satellite communication link includes: determining a key generation parameter based on a first terminal state parameter of the current terminal and/or a second terminal state parameter of the above-mentioned target Beidou satellite terminal; and generating the above-mentioned communication key matching the above-mentioned target satellite communication link through a key generation algorithm based on the above-mentioned key generation parameters.
可选地,上述通过目标网络通信链路向上述目标终端发送上述目标密文数据之后,还包括:在当前终端与上述目标终端之间的通信会话结束的情况下,删除上述通信密钥。Optionally, after sending the target ciphertext data to the target terminal via the target network communication link, the method further includes: deleting the communication key when the communication session between the current terminal and the target terminal ends.
根据本公开的另一个实施例,提供了一种数据发送装置,其特征在于,包括:生成单元,用于生成与目标卫星通信链路匹配的通信密钥;第一发送单元,用于通过上述目标卫星通信链路向目标终端发送上述通信密钥;加密单元,用于在确定上述目标终端接收到上述通信密钥的情况下,根据上述通信密钥对待发送的通信数据进行加密,得到目标密文数据;第二发送单元,用于通过目标网络通信链路向上述目标终端发送上述目标密文数据。According to another embodiment of the present disclosure, a data sending device is provided, characterized in that it includes: a generation unit for generating a communication key matching a target satellite communication link; a first sending unit for sending the communication key to a target terminal via the target satellite communication link; an encryption unit for encrypting communication data to be sent according to the communication key to obtain target ciphertext data when it is determined that the target terminal has received the communication key; and a second sending unit for sending the target ciphertext data to the target terminal via a target network communication link.
可选地,上述生成单元包括:第一生成模块,用于在上述目标网络通信链路为第一类型的通信链路的情况下,生成与上述目标卫星通信链路匹配的对称通信密钥;第二生成模块,用于在上述目标网络通信链路为第二类型的通信链路的情况下,生成与上述目标卫星通信链路匹配的非对称通信密钥对;其中,上述第一类型的上述通信链路的链路带宽大于或等于目标带宽阈值,上述第二类型的上述通信链路的链路带宽小于上述目标带宽阈值。Optionally, the above-mentioned generation unit includes: a first generation module, used to generate a symmetric communication key matching the above-mentioned target satellite communication link when the above-mentioned target network communication link is a first type of communication link; a second generation module, used to generate an asymmetric communication key pair matching the above-mentioned target satellite communication link when the above-mentioned target network communication link is a second type of communication link; wherein the link bandwidth of the above-mentioned first type of communication link is greater than or equal to the target bandwidth threshold, and the link bandwidth of the above-mentioned second type of communication link is less than the above-mentioned target bandwidth threshold.
可选地,上述第一生成模块包括:获取子模块,用于获取参考非对称通信密钥对;加密子模块,用于利用上述参考非对称通信密钥对加密上述对称通信密钥,得到目标密钥密文;发送子模块,用于通过上述目标卫星通信链路向上述目标终端发送上述目标密钥密文。Optionally, the above-mentioned first generation module includes: an acquisition submodule, used to obtain a reference asymmetric communication key pair; an encryption submodule, used to encrypt the above-mentioned symmetric communication key using the above-mentioned reference asymmetric communication key pair to obtain a target key ciphertext; and a sending submodule, used to send the above-mentioned target key ciphertext to the above-mentioned target terminal through the above-mentioned target satellite communication link.
可选地,上述第二生成模块包括:发送子模块,用于通过上述目标卫星通信链路向上述目标终端发送上述非对称通信密钥对中包括的第一公钥,其中,上述非对称通信密钥对包括上述第一公钥和第一私钥,上述第一私钥用于在当前终端中对上述通信数据进行加密,以得到参考密文数据,,上述第一公钥用于在上述目标终端中对上述参考密文数据进行解密;接收子模块,用于在上述目标终端接收到上述第一公钥的情况下,通过上述目标卫星通信链路接收上述目标终端发送的非对称通信密钥对中包括的第二公钥,其中,上述目标终端发送的非对称通信密钥对包括上述第二公钥和第二私钥,上述第二公钥用于在上述当前终端中对上述参考密文数据进行加密,得到目标密文数据,上述第二私钥用于在上述目标终端中对上述目标密文数据进行解密。Optionally, the second generation module includes: a sending submodule, used to send the first public key included in the asymmetric communication key pair to the target terminal through the target satellite communication link, wherein the asymmetric communication key pair includes the first public key and the first private key, and the first private key is used to encrypt the communication data in the current terminal to obtain reference ciphertext data, and the first public key is used to decrypt the reference ciphertext data in the target terminal; a receiving submodule, used to receive the second public key included in the asymmetric communication key pair sent by the target terminal through the target satellite communication link when the target terminal receives the first public key, wherein the asymmetric communication key pair sent by the target terminal includes the second public key and the second private key, and the second public key is used to encrypt the reference ciphertext data in the current terminal to obtain the target ciphertext data, and the second private key is used to decrypt the target ciphertext data in the target terminal.
可选地,上述加密单元包括:第一加密模块,用于利用上述第一私钥对上述通信数据进行第一加密操作,得到参考密文数据;第二加密模块,用于利用上述第二公钥对上述参考密文数据进行第二加密操作,得到上述目标密文数据。Optionally, the encryption unit includes: a first encryption module, used to perform a first encryption operation on the communication data using the first private key to obtain reference ciphertext data; a second encryption module, used to perform a second encryption operation on the reference ciphertext data using the second public key to obtain the target ciphertext data.
可选地,上述数据发送装置还包括:第一解密模块,用于在通过上述目标网络通信链路接收到上述目标终端发送的响应密文数据的情况下,根据上述第一私钥对上述响应密文数据进行第一解密操作,得到参考响应密文数据;第二解密模块,用于根据上述第二公钥对上述参考响应密文数据进行第二解密操作,得到响应通信数据。Optionally, the above-mentioned data sending device also includes: a first decryption module, which is used to perform a first decryption operation on the above-mentioned response ciphertext data according to the above-mentioned first private key to obtain reference response ciphertext data when the response ciphertext data sent by the above-mentioned target terminal is received through the above-mentioned target network communication link; a second decryption module, which is used to perform a second decryption operation on the above-mentioned reference response ciphertext data according to the above-mentioned second public key to obtain response communication data.
可选地,上述第一发送单元包括:添加模块,用于将上述通信密钥加入目标北斗短报文;发送模块,用于将上述目标北斗短报文发送至目标北斗卫星终端,其中,上述目标北斗卫星终端用于将上述目标北斗短报文转发至上述目标终端。Optionally, the above-mentioned first sending unit includes: an adding module, used to add the above-mentioned communication key to the target Beidou short message; a sending module, used to send the above-mentioned target Beidou short message to the target Beidou satellite terminal, wherein the above-mentioned target Beidou satellite terminal is used to forward the above-mentioned target Beidou short message to the above-mentioned target terminal.
可选地,上述述生成单元包括:确定模块,用于根据当前终端的第一终端状态参数和/或上述目标北斗卫星终端的第二终端状态参数确定密钥生成参数;生成模块,用于根据上述密钥生成参数通过密钥生成算法生成与上述目标卫星通信链路匹配的上述通信密钥。Optionally, the above-mentioned generation unit includes: a determination module, used to determine the key generation parameters according to the first terminal state parameters of the current terminal and/or the second terminal state parameters of the above-mentioned target Beidou satellite terminal; a generation module, used to generate the above-mentioned communication key matching the above-mentioned target satellite communication link through a key generation algorithm according to the above-mentioned key generation parameters.
可选地,上述数据发送装置还包括:删除单元,用于在当前终端与上述目标终端之间的通信会话结束的情况下,删除上述通信密钥。Optionally, the data sending device further includes: a deleting unit, configured to delete the communication key when the communication session between the current terminal and the target terminal ends.
根据本公开的又一个实施例,还提供了一种计算机可读存储介质,所述计算机可读存储介质中存储有计算机程序,其中,所述计算机程序被设置为运行时执行上述任一项方法实施例中的步骤。According to another embodiment of the present disclosure, a computer-readable storage medium is provided, in which a computer program is stored, wherein the computer program is configured to execute the steps of any one of the above method embodiments when running.
根据本公开的又一个实施例,还提供了一种电子装置,包括存储器和处理器,所述存储器中存储有计算机程序,所述处理器被设置为运行所述计算机程序以执行上述任一项方法实施例中的步骤。According to another embodiment of the present disclosure, an electronic device is provided, including a memory and a processor, wherein the memory stores a computer program, and the processor is configured to run the computer program to execute the steps in any one of the above method embodiments.
通过本公开的上述实施方式,通过生成与目标卫星通信链路匹配的通信密钥;通过目标卫星通信链路向目标终端发送通信密钥;在确定目标终端接收到通信密钥的情况下,根据通信密钥对待发送的通信数据进行加密,得到目标密文数据;通过目标网络通信链路向目标终端发送目标密文数据,从而实现了对通信数据的加密传输,确保了通信安全。此外,在上述实施方式中,通过卫星通信链路进行通信密钥的协商,避免了与网络通信链路共用相同的通信链路,在物理网络系统上实现了密钥协商路径与网络通信路径之间的物理隔离,避免了由于协商过程和通信过程共用相同的通信链路而造成密钥泄露的风险,进而解决现有技术在密钥协商过程中存在的安全性较低的技术问题,达到提升密钥协商过程的安全性的技术效果。Through the above-mentioned implementation mode of the present disclosure, by generating a communication key matching the target satellite communication link; sending the communication key to the target terminal through the target satellite communication link; in the case of determining that the target terminal has received the communication key, encrypting the communication data to be sent according to the communication key to obtain the target ciphertext data; sending the target ciphertext data to the target terminal through the target network communication link, thereby realizing the encrypted transmission of the communication data and ensuring the communication security. In addition, in the above-mentioned implementation mode, the communication key is negotiated through the satellite communication link, thereby avoiding sharing the same communication link with the network communication link, and realizing the physical isolation between the key negotiation path and the network communication path on the physical network system, thereby avoiding the risk of key leakage caused by sharing the same communication link between the negotiation process and the communication process, thereby solving the technical problem of low security in the key negotiation process of the prior art, and achieving the technical effect of improving the security of the key negotiation process.
附图说明BRIEF DESCRIPTION OF THE DRAWINGS
图1是根据本公开实施例的一种数据发送方法的移动终端的硬件结构框图;FIG1 is a hardware structure block diagram of a mobile terminal according to a data sending method according to an embodiment of the present disclosure;
图2是根据本公开实施例的一种数据发送方法的流程图;FIG2 is a flow chart of a data sending method according to an embodiment of the present disclosure;
图3是根据本公开实施例的另一种数据发送方法的流程图;FIG3 is a flow chart of another data sending method according to an embodiment of the present disclosure;
图4是根据本公开实施例的又一种数据发送方法的流程图;FIG4 is a flow chart of another data sending method according to an embodiment of the present disclosure;
图5是根据本公开实施例的一种数据发送方法的时序图;FIG5 is a timing diagram of a data sending method according to an embodiment of the present disclosure;
图6是根据本公开实施例的另一种数据发送方法的时序图;FIG6 is a timing diagram of another data sending method according to an embodiment of the present disclosure;
图7是根据本公开实施例的又一种数据发送方法的流程图;FIG7 is a flowchart of another data sending method according to an embodiment of the present disclosure;
图8是根据本公开实施例的一种数据发送装置的结构示意图。FIG8 is a schematic structural diagram of a data sending device according to an embodiment of the present disclosure.
具体实施方式DETAILED DESCRIPTION
下文中将参考附图并结合实施例来详细说明本公开的实施例。Hereinafter, embodiments of the present disclosure will be described in detail with reference to the accompanying drawings and in combination with the embodiments.
需要说明的是,本公开的说明书和权利要求书及上述附图中的术语“第一”、“第二”等是用于区别类似的对象,而不必用于描述特定的顺序或先后次序。It should be noted that the terms "first", "second", etc. in the specification and claims of the present disclosure and the above-mentioned drawings are used to distinguish similar objects, and are not necessarily used to describe a specific order or sequence.
实施例1Example 1
本申请实施例中所提供的方法实施例可以在移动终端、计算机终端或者类似的运算装置中执行。以运行在移动终端上为例,图1是本公开实施例的一种数据发送方法的移动终端的硬件结构框图。如图1所示,移动终端可以包括一个或多个(图1中仅示出一个)处理器102(处理器102可以包括但不限于微处理器MCU或可编程逻辑器件FPGA等的处理装置)和用于存储数据的存储器104,其中,上述移动终端还可以包括用于通信功能的传输设备106以及输入输出设备108。本领域普通技术人员可以理解,图1所示的结构仅为示意,其并不对上述移动终端的结构造成限定。例如,移动终端还可包括比图1中所示更多或者更少的组件,或者具有与图1所示不同的配置。The method embodiments provided in the embodiments of the present application can be executed in a mobile terminal, a computer terminal or a similar computing device. Taking running on a mobile terminal as an example, FIG1 is a hardware structure block diagram of a mobile terminal of a data sending method of an embodiment of the present disclosure. As shown in FIG1 , the mobile terminal may include one or more (only one is shown in FIG1 ) processors 102 (the processor 102 may include but is not limited to a processing device such as a microprocessor MCU or a programmable logic device FPGA) and a memory 104 for storing data, wherein the mobile terminal may also include a transmission device 106 and an input/output device 108 for communication functions. It can be understood by those skilled in the art that the structure shown in FIG1 is only for illustration and does not limit the structure of the mobile terminal. For example, the mobile terminal may also include more or fewer components than those shown in FIG1 , or have a configuration different from that shown in FIG1 .
存储器104可用于存储计算机程序,例如,应用软件的软件程序以及模块,如本公开实施例中的数据发送方法对应的计算机程序,处理器102通过运行存储在存储器104内的计算机程序,从而执行各种功能应用以及数据处理,即实现上述的方法。存储器104可包括高速随机存储器,还可包括非易失性存储器,如一个或者多个磁性存储装置、闪存、或者其他非易失性固态存储器。在一些实例中,存储器104可进一步包括相对于处理器102远程设置的存储器,这些远程存储器可以通过网络连接至移动终端。上述网络的实例包括但不限于互联网、企业内部网、局域网、移动通信网及其组合。The memory 104 can be used to store computer programs, for example, software programs and modules of application software, such as the computer program corresponding to the data transmission method in the embodiment of the present disclosure. The processor 102 executes various functional applications and data processing by running the computer program stored in the memory 104, that is, to implement the above method. The memory 104 may include a high-speed random access memory, and may also include a non-volatile memory, such as one or more magnetic storage devices, flash memory, or other non-volatile solid-state memory. In some examples, the memory 104 may further include a memory remotely arranged relative to the processor 102, and these remote memories may be connected to the mobile terminal via a network. Examples of the above-mentioned network include, but are not limited to, the Internet, an intranet, a local area network, a mobile communication network, and combinations thereof.
传输设备106用于经由一个网络接收或者发送数据。上述的网络具体实例可包括移动终端的通信供应商提供的无线网络。在一个实例中,传输设备106包括一个网络适配器(Network Interface Controller,简称为NIC),其可通过基站与其他网络设备相连从而可与互联网进行通讯。在一个实例中,传输设备106可以为射频(Radio Frequency,简称为RF)模块,其用于通过无线方式与互联网进行通讯。The transmission device 106 is used to receive or send data via a network. The specific example of the above network may include a wireless network provided by a communication provider of the mobile terminal. In one example, the transmission device 106 includes a network adapter (Network Interface Controller, referred to as NIC), which can be connected to other network devices through a base station so as to communicate with the Internet. In one example, the transmission device 106 can be a radio frequency (RF) module, which is used to communicate with the Internet wirelessly.
在本实施例中提供了一种数据发送方法,图2是根据本公开实施例的数据发送方法的流程图,如图2所示,该流程包括如下步骤:In this embodiment, a data sending method is provided. FIG. 2 is a flow chart of the data sending method according to an embodiment of the present disclosure. As shown in FIG. 2 , the flow chart includes the following steps:
S202,生成与目标卫星通信链路匹配的通信密钥;S202, generating a communication key matching the target satellite communication link;
S204,通过目标卫星通信链路向目标终端发送通信密钥;S204, sending a communication key to a target terminal via a target satellite communication link;
S206,在确定目标终端接收到通信密钥的情况下,根据通信密钥对待发送的通信数据进行加密,得到目标密文数据;S206, when it is determined that the target terminal has received the communication key, encrypt the communication data to be sent according to the communication key to obtain target ciphertext data;
S208,通过目标网络通信链路向目标终端发送目标密文数据。S208, sending the target ciphertext data to the target terminal through the target network communication link.
可选地,在本实施方式中,上述步骤可以应用于一个数据发送终端,通过实施于上述信息发送终端上的上述步骤,可以与另一个数据接收终端之间进行数据交互。可以理解的是,在本实施方式中,上述数据发送终端可以配置有通过上述卫星通信链路进行数据接收的能力,例如,可以是利用上述卫星通信链路进行导航定位的能力,也可以是利用上述卫星通信链路进行通信的能力。在本实施方式中,不对上述接收终端的具体通信能力类型进行限定。Optionally, in this embodiment, the above steps can be applied to a data sending terminal, and by implementing the above steps on the above information sending terminal, data can be exchanged with another data receiving terminal. It can be understood that in this embodiment, the above data sending terminal can be configured with the ability to receive data through the above satellite communication link, for example, it can be the ability to use the above satellite communication link for navigation and positioning, or it can be the ability to use the above satellite communication link for communication. In this embodiment, the specific communication capability type of the above receiving terminal is not limited.
需要说明的是,在上述步骤S202中的目标卫星通信链路可以包括但不限于是一种基于全球导航卫星系统(Global Navigation Satellite System,GNSS)实现的通信链路,也可以是一种基于独立的卫星导航定位系统实现的通信链路,例如可以包括但不限于是北斗卫星导航系统(Beidou Navigation Satellite System,BDS),全球定位系统(GlobalPositioning System,GPS)、格洛纳斯系统(GLONASS)、伽利略卫星导航系统(GalileoSatellite Navigation System,GALILEO)等卫星导航系统中的一种或多种。在本实施方式中,不对上述目标卫星通信链路所对应的具体卫星导航系统类型进行限定。It should be noted that the target satellite communication link in the above step S202 may include but is not limited to a communication link based on a global navigation satellite system (GNSS), or a communication link based on an independent satellite navigation and positioning system, such as but not limited to one or more satellite navigation systems such as the Beidou Navigation Satellite System (BDS), the Global Positioning System (GPS), the GLONASS, and the Galileo Satellite Navigation System (GALILEO). In this embodiment, the specific satellite navigation system type corresponding to the above target satellite communication link is not limited.
进一步地,在上述步骤S204中,上述通信密钥可以包括但不限于是一种非对称密钥,例如可以是基于RSA算法确定的非对称密钥对、DSA(Digital Signature Algorithm,数字签名算法)确定的非对称密钥对,基于椭圆曲线算法确定的非对称密钥对;上述通信密钥还可以是一种对称密钥,例如可以是基于DES(Data Encryption Standard,数据加密标准)确定的密钥,也可以是基于IDEA(International Data Encryption Algorithm,国际数据加密算法)确定的密钥。在本实施方式中,不对上述通信密钥的具体类型进行限定。Further, in the above step S204, the above communication key may include but is not limited to an asymmetric key, such as an asymmetric key pair determined based on the RSA algorithm, an asymmetric key pair determined by DSA (Digital Signature Algorithm), and an asymmetric key pair determined based on an elliptic curve algorithm; the above communication key may also be a symmetric key, such as a key determined based on DES (Data Encryption Standard) or a key determined based on IDEA (International Data Encryption Algorithm). In this embodiment, the specific type of the above communication key is not limited.
可以理解的是,通过上述步骤S202和步骤S204,基于目标卫星通信链路发送本端生成的通信密钥的情况下,在确定接收端接收到本端发送的通信密钥的情况下,即可在目标网络通信链路基于两端均已获悉的通信密钥进行加密通信。It can be understood that, through the above-mentioned steps S202 and S204, when the communication key generated by this end is sent based on the target satellite communication link, and when it is determined that the receiving end has received the communication key sent by this end, encrypted communication can be performed on the target network communication link based on the communication key known to both ends.
通过本公开的上述实施方式,通过生成与目标卫星通信链路匹配的通信密钥;通过目标卫星通信链路向目标终端发送通信密钥;在确定目标终端接收到通信密钥的情况下,根据通信密钥对待发送的通信数据进行加密,得到目标密文数据;通过目标网络通信链路向目标终端发送目标密文数据,从而实现了对通信数据的加密传输,确保了通信安全。此外,在上述实施方式中,通过卫星通信链路进行通信密钥的协商,避免了与网络通信链路共用相同的通信链路,在物理网络系统上实现了密钥协商路径与网络通信路径之间的物理隔离,避免了由于协商过程和通信过程共用相同的通信链路而造成密钥泄露的风险,进而解决现有技术在密钥协商过程中存在的安全性较低的技术问题,达到提升密钥协商过程的安全性的技术效果。Through the above-mentioned implementation mode of the present disclosure, by generating a communication key matching the target satellite communication link; sending the communication key to the target terminal through the target satellite communication link; in the case of determining that the target terminal has received the communication key, encrypting the communication data to be sent according to the communication key to obtain the target ciphertext data; sending the target ciphertext data to the target terminal through the target network communication link, thereby realizing the encrypted transmission of the communication data and ensuring the communication security. In addition, in the above-mentioned implementation mode, the communication key is negotiated through the satellite communication link, thereby avoiding sharing the same communication link with the network communication link, and realizing the physical isolation between the key negotiation path and the network communication path on the physical network system, thereby avoiding the risk of key leakage caused by sharing the same communication link between the negotiation process and the communication process, thereby solving the technical problem of low security in the key negotiation process of the prior art, and achieving the technical effect of improving the security of the key negotiation process.
作为一种可选的实施方式,上述步骤S202生成与目标卫星通信链路匹配的通信密钥,包括:As an optional implementation, the above step S202 generates a communication key matching the target satellite communication link, including:
S11,在目标网络通信链路为第一类型的通信链路的情况下,生成与目标卫星通信链路匹配的对称通信密钥;S11, when the target network communication link is a communication link of the first type, generating a symmetric communication key matching the target satellite communication link;
S12,在目标网络通信链路为第二类型的通信链路的情况下,生成与目标卫星通信链路匹配的非对称通信密钥对;S12, when the target network communication link is a second type of communication link, generating an asymmetric communication key pair that matches the target satellite communication link;
其中,第一类型的通信链路的链路带宽大于或等于目标带宽阈值,第二类型的通信链路的链路带宽小于目标带宽阈值。The link bandwidth of the first type of communication link is greater than or equal to the target bandwidth threshold, and the link bandwidth of the second type of communication link is less than the target bandwidth threshold.
可以理解的是,在本实施方式中,在通信过程使用的通信密钥的密钥类型可以根据当前目标网络通信链路的链路类型确定。上述链路类型还可以是根据当前通信场景确定,例如,在语音通信的场景中,普通语音包是每20毫秒发送一次,其中包含20毫秒的语音数据,根据语音压缩率的不同,一般在几KB到几十KB不等,也就是传输速率一般在1MBps,即在网络通信链路的带宽较小,即终端与对端之间的每次通信允许交换的数据量较少的情况下,可以通过生成的非对称密钥对对交换的数据内容进行加密;在视频浏览场景或文件上传、下载场景中,网络通信链路的带宽较大,即终端与对端之间的每次通信允许交换的数据量较多的情况下,可以通过生成的对称密钥对交换的数据内容进行加密。It is understandable that in this embodiment, the key type of the communication key used in the communication process can be determined according to the link type of the current target network communication link. The above link type can also be determined according to the current communication scenario. For example, in the voice communication scenario, the ordinary voice packet is sent every 20 milliseconds, which contains 20 milliseconds of voice data. Depending on the voice compression rate, it generally ranges from a few KB to tens of KB, that is, the transmission rate is generally 1MBps, that is, when the bandwidth of the network communication link is small, that is, the amount of data allowed to be exchanged between the terminal and the other end is small, the exchanged data content can be encrypted by the generated asymmetric key; in the video browsing scenario or file upload and download scenario, the bandwidth of the network communication link is large, that is, the amount of data allowed to be exchanged between the terminal and the other end is large, and the exchanged data content can be encrypted by the generated symmetric key.
具体地,上述第一类型的通信链路可以是一种基于LTE/NR的IMS(IP多媒体子系统)网络,在上述网络链路对于通信安全的要求较高,且数据量较少,因此可以采用非对称密钥对对每次发送的数据进行加密以提升数据传输的安全性;上述第二类型的通信链路可以是一种用于传输大量数据的网络链路,在上述第二类网络链路中进行数据传输的过程中,由于数据量较大,例如,可以是因此可以采用对称加密的方式提升数据传输效率。Specifically, the first type of communication link may be an IMS (IP Multimedia Subsystem) network based on LTE/NR. The network link has high requirements for communication security and a small amount of data. Therefore, an asymmetric key pair may be used to encrypt the data sent each time to improve the security of data transmission. The second type of communication link may be a network link for transmitting a large amount of data. During data transmission in the second type of network link, due to the large amount of data, for example, symmetric encryption may be used to improve data transmission efficiency.
在另一种可选的实施方式中,可以响应于对加密方式的选择操作,生成对应类型的通信密钥;In another optional implementation, a corresponding type of communication key may be generated in response to a selection operation of an encryption mode;
在又一种可选的实施方式中,可以响应于对待传输的数据的数据类型的选择操作,生成与数据类型对应的通信密钥。例如,在待传输的数据的数据类型指示该数据交换较为频繁,且每次交换的数据量较少的情况下,例如语音类型的数据、文本类型的数据,可以选择生成非对称密钥对以提升通信安全;在待传输的数据的数据类型指示该数据的数据量较大的情况下,例如视频类型的数据,可以选择生成对称密钥以提升通信效率。In another optional implementation, a communication key corresponding to the data type may be generated in response to a selection operation of the data type of the data to be transmitted. For example, when the data type of the data to be transmitted indicates that the data is exchanged frequently and the amount of data exchanged each time is small, such as voice type data and text type data, an asymmetric key pair may be generated to improve communication security; when the data type of the data to be transmitted indicates that the amount of data is large, such as video type data, a symmetric key may be generated to improve communication efficiency.
通过本申请的上述实施方式,生成与目标网络通信链路对应类型的通信密钥,从而适应于不同网络链路对于通信效率和安全性的要求。Through the above-mentioned implementation mode of the present application, a communication key of a type corresponding to the target network communication link is generated, thereby adapting to the requirements of different network links for communication efficiency and security.
作为一种可选的实施方式,如图3所示,上述在目标网络通信链路为第一类型的通信链路的情况下,生成与目标卫星通信链路匹配的对称通信密钥之后,还包括:As an optional implementation, as shown in FIG3, in the case where the target network communication link is a communication link of the first type, after generating a symmetric communication key matching the target satellite communication link, the method further includes:
S302,获取参考非对称通信密钥对;S302, obtaining a reference asymmetric communication key pair;
S304,利用参考非对称通信密钥对加密对称通信密钥,得到目标密钥密文;S304, encrypting the symmetric communication key using the reference asymmetric communication key pair to obtain a target key ciphertext;
S306,通过目标卫星通信链路向目标终端发送目标密钥密文。S306, sending the target key ciphertext to the target terminal via the target satellite communication link.
可以理解的是,在本实施方式中,在生成的密钥为对称密钥的情况下,可以先获取参考非对称密钥,以对待通过目标卫星通信链路传输至对端的对称密钥进行加密,避免发送至对端的对称密钥在网络链路中明文传输,从而提升密钥传输过程的安全性。It can be understood that in this embodiment, when the generated key is a symmetric key, a reference asymmetric key can be obtained first to encrypt the symmetric key to be transmitted to the other end through the target satellite communication link, so as to avoid the symmetric key sent to the other end from being transmitted in plain text in the network link, thereby improving the security of the key transmission process.
作为可选的实施方式,如图4所示,上述在目标网络通信链路为第二类型的通信链路的情况下,生成与目标卫星通信链路匹配的非对称通信密钥对之后,还包括:As an optional implementation, as shown in FIG4 , in the case where the target network communication link is a communication link of the second type, after generating an asymmetric communication key pair matching the target satellite communication link, the method further includes:
S402,通过目标卫星通信链路向目标终端发送非对称通信密钥对中包括的第一公钥;S402, sending a first public key included in the asymmetric communication key pair to a target terminal via a target satellite communication link;
其中,非对称通信密钥对中包括第一公钥和第一私钥,第一私钥用于在当前终端中对通信数据进行加密,以得到参考密文数据,第一公钥用于在目标终端中对参考密文数据进行解密;The asymmetric communication key pair includes a first public key and a first private key, the first private key is used to encrypt the communication data in the current terminal to obtain reference ciphertext data, and the first public key is used to decrypt the reference ciphertext data in the target terminal;
S404,在目标终端接收到第一公钥的情况下,通过目标卫星通信链路接收目标终端发送的非对称通信密钥对中包括的第二公钥;S404, when the target terminal receives the first public key, receiving a second public key included in the asymmetric communication key pair sent by the target terminal through the target satellite communication link;
其中,目标终端发送的非对称通信密钥对包括第二公钥和第二私钥,第二公钥用于在当前终端中对参考密文数据进行加密,得到目标密文数据,第二私钥用于在目标终端中对目标密文数据进行解密。Among them, the asymmetric communication key pair sent by the target terminal includes a second public key and a second private key, the second public key is used to encrypt the reference ciphertext data in the current terminal to obtain the target ciphertext data, and the second private key is used to decrypt the target ciphertext data in the target terminal.
可以理解的是,在本实施方式中,可以在数据发送端(当前终端)和接收端(目标终端)的两端分别生成各自的非对称密钥对,并将非对称密钥对中的公钥发送至对端,从而实现两端的非对称密钥对的协商。It can be understood that in this embodiment, respective asymmetric key pairs can be generated at the data sending end (current terminal) and the receiving end (target terminal), and the public key in the asymmetric key pair can be sent to the other end, thereby realizing the negotiation of the asymmetric key pairs at both ends.
以下结合图5对上述非对称密钥对的协商过程进行说明。如图5所示,在一种具体的实施方式中,终端A和终端B可以通过基于卫星终端实现的卫星网络通信链路进行密钥协商。具体可以包括步骤如下:The negotiation process of the asymmetric key pair is described below in conjunction with FIG5. As shown in FIG5, in a specific implementation, terminal A and terminal B may perform key negotiation via a satellite network communication link implemented based on a satellite terminal. Specifically, the steps may include:
S502,终端A利用非对称密钥对生成算法生成公私密钥对,包括APrivate和APublic;S502, terminal A generates a public-private key pair using an asymmetric key pair generation algorithm, including APrivate and APublic;
S504,终端A通过卫星通信链路(即根据卫星终端建立的卫星通信链路)向终端B发送APublic(即终端A生成的公钥);S504, terminal A sends APublic (i.e., a public key generated by terminal A) to terminal B via a satellite communication link (i.e., a satellite communication link established by a satellite terminal);
S506,终端B响应于接收到Apublic,利用非对称密钥对生成算法生成公私密钥对,包括BPrivate和BPublic;S506, in response to receiving Apublic, terminal B generates a public-private key pair using an asymmetric key pair generation algorithm, including BPrivate and BPublic;
S508,终端B通过卫星通信链路向终端A发送BPublic(即终端B生成的公钥);S508, terminal B sends BPublic (i.e., the public key generated by terminal B) to terminal A via the satellite communication link;
S510,终端A根据接收到的BPublic确定终端B接收APublic成功。S510, terminal A determines, based on the received BPublic, that terminal B has successfully received the APublic.
以下结合图6对上述对称密钥的协商过程进行说明。如图6所示,在一种具体的实施方式中,终端A和终端B可以通过基于卫星终端实现的卫星网络通信链路进行密钥协商。具体可以包括步骤如下:The negotiation process of the symmetric key is described below in conjunction with FIG6. As shown in FIG6, in a specific implementation, terminal A and terminal B may perform key negotiation via a satellite network communication link implemented based on a satellite terminal. Specifically, the steps may include:
S602,终端A生成公共对称密钥;S602, terminal A generates a public symmetric key;
S604,终端A利用BPublic对公共对称密钥进行加密,得到密钥密文;其中,BPublic为终端B生成的非对称密钥对中的公钥;S604, terminal A uses BPublic to encrypt the public symmetric key to obtain a key ciphertext; wherein BPublic is the public key in the asymmetric key pair generated by terminal B;
S606,终端A通过卫星通信链路向终端B发送密钥密文;S606, terminal A sends a key ciphertext to terminal B via a satellite communication link;
S608,终端B响应于接收到密钥密文,利用BPrivate对密钥密文进行解密,得到公共对称密钥。S608: In response to receiving the key ciphertext, terminal B uses BPrivate to decrypt the key ciphertext to obtain a public symmetric key.
可以理解的是,在图6中使用的BPrivate和BPublic可以是上述终端A和终端B预先协商获知的非对称密钥对,也可以是在协商上述对称密钥对的过程中协商确定的密钥对。例如,在一种可选的方式中,可以先按照图5中的示出的方法,使得终端A和终端B完成非对称密钥对的交换,接着执行图6中的方法,利用协商确定的非对称密钥对对对称密钥的协同过程进行加密;在另一种可选的方式中,还可以是在执行完图6中的步骤S602之后,再顺序执行图5中的S502至S510,以完成非对称密钥对的协商,接着执行步骤S606至步骤S608,从而实现在对称密钥对的协同过程中进行非对称密钥对的协商,进而对对称密钥对的协同过程进行加密。It is understandable that BPrivate and BPublic used in FIG6 can be the asymmetric key pair known in advance by the above-mentioned terminal A and terminal B through negotiation, or can be the key pair determined through negotiation in the process of negotiating the above-mentioned symmetric key pair. For example, in an optional manner, the method shown in FIG5 can be first used to enable terminal A and terminal B to complete the exchange of asymmetric key pairs, and then the method in FIG6 can be executed to encrypt the collaborative process of the symmetric key using the asymmetric key pair determined through negotiation; in another optional manner, after executing step S602 in FIG6, S502 to S510 in FIG5 can be sequentially executed to complete the negotiation of the asymmetric key pair, and then steps S606 to S608 can be executed, so as to realize the negotiation of the asymmetric key pair in the collaborative process of the symmetric key pair, and then encrypt the collaborative process of the symmetric key pair.
图5、图6中示出的方法和步骤或者步骤之间的结合仅为一种示例,不对具体的密钥协商过程进行限定。The method and steps or the combination of the steps shown in FIG. 5 and FIG. 6 are only examples and do not limit the specific key negotiation process.
作为一种可选的实施方式,上述在目标终端接收到通信密钥的情况下,根据通信密钥对待发送的通信数据进行加密,得到目标密文数据包括:As an optional implementation manner, in the case where the target terminal receives the communication key, encrypting the communication data to be sent according to the communication key to obtain the target ciphertext data includes:
S41,利用第一私钥对通信数据进行第一加密操作,得到参考密文数据;S41, performing a first encryption operation on the communication data using the first private key to obtain reference ciphertext data;
S42,利用第二公钥对参考密文数据进行第二加密操作,得到目标密文数据。S42, using the second public key to perform a second encryption operation on the reference ciphertext data to obtain target ciphertext data.
可以理解的是,在本实施方式中,在数据发送端(当前终端)和接收端(目标终端)的两端分别生成各自的非对称密钥对,并完成非对称密钥对的协商之后,可以在当前终端通过上述实施方式完成通信数据的加密。It can be understood that in this embodiment, after generating respective asymmetric key pairs at the data sending end (current terminal) and the receiving end (target terminal) and completing the negotiation of the asymmetric key pairs, the encryption of communication data can be completed at the current terminal through the above embodiment.
具体而言,包括以上至少两个加密步骤,首先可以通过当前终端生成的第一私钥对通信数据进行第一次加密,得到参考密文数据(即数字签名);接着利用对端生成的第二公钥对参考密文数据进行第二次加密,得到待发送的目标密文数据;Specifically, it includes at least two encryption steps as above. First, the communication data can be encrypted for the first time by using the first private key generated by the current terminal to obtain reference ciphertext data (i.e., digital signature); then, the reference ciphertext data is encrypted for the second time by using the second public key generated by the opposite terminal to obtain the target ciphertext data to be sent;
可以理解的是,在对端接收到上述目标密文数据的情况下,可以采用对应的方式对上述目标密文数据进行解密。具体地,可以首先通过目标终端利用目标终端自身生成的第二私钥对上述目标密文数据进行解密,得到上述参考密文数据(即数字签名);接着利用目标终端接收的第一公钥对上述参考密文数据第二次解密,以验证上述数字签名,并得到还原后的通信数据。It is understandable that, when the other end receives the target ciphertext data, the target ciphertext data can be decrypted in a corresponding manner. Specifically, the target ciphertext data can be first decrypted by the target terminal using the second private key generated by the target terminal itself to obtain the reference ciphertext data (i.e., digital signature); then the reference ciphertext data can be decrypted for the second time using the first public key received by the target terminal to verify the digital signature and obtain the restored communication data.
作为一种可选的实施方式,上述通过目标网络通信链路向目标终端发送目标密文数据之后,还包括:As an optional implementation manner, after sending the target ciphertext data to the target terminal through the target network communication link, the method further includes:
S51,在通过目标网络通信链路接收到目标终端发送的响应密文数据的情况下,根据第一私钥对响应密文数据进行第一解密操作,得到参考响应密文数据;S51, when receiving response ciphertext data sent by the target terminal through the target network communication link, performing a first decryption operation on the response ciphertext data according to the first private key to obtain reference response ciphertext data;
S52,根据第二公钥对参考响应密文数据进行第二解密操作,得到响应通信数据。S52, performing a second decryption operation on the reference response ciphertext data according to the second public key to obtain response communication data.
可以理解的是,在当前终端接收到目标终端返回的响应密文数据的情况下,可以采用对应的方式对上述接收的响应密文数据进行解密。具体地,可以首先通过接收到的由目标终端发送的第二公钥对上述响应密文数据进行解密,得到上述参考响应密文数据(即数字签名);接着利用当前终端自身的第一私钥对上述参考响应密文数据第二次解密,以验证上述数字签名,并得到还原后的响应通信数据。It is understandable that, when the current terminal receives the response ciphertext data returned by the target terminal, the received response ciphertext data can be decrypted in a corresponding manner. Specifically, the response ciphertext data can be first decrypted by the second public key sent by the target terminal to obtain the reference response ciphertext data (i.e., digital signature); then the reference response ciphertext data can be decrypted for the second time using the first private key of the current terminal itself to verify the digital signature and obtain the restored response communication data.
作为一种可选的实施方式,上述通过目标卫星通信链路向目标终端发送通信密钥包括:As an optional implementation manner, the sending of the communication key to the target terminal through the target satellite communication link includes:
S61,在当前终端中将通信密钥加入目标北斗短报文;S61, adding the communication key to the target Beidou short message in the current terminal;
S62,通过当前终端将目标北斗短报文发送至目标北斗卫星终端,其中,目标北斗卫星终端用于将目标北斗短报文转发至目标终端。S62, sending the target Beidou short message to the target Beidou satellite terminal through the current terminal, wherein the target Beidou satellite terminal is used to forward the target Beidou short message to the target terminal.
可以理解的是,在本实施方式中,具体可以采用北斗短报文的形式,利用基于BDS系统的网络链路完成上述密钥协商。例如,在构造该短报文消息时,可以使用北斗短报文协议包头中的一个保留字节来标识该短报文用于保密通信。目前的北斗协议中已经预留了一个保留字节,该字节具有8个bit的大小。举例来说,可以使用类似‘0100 0001’进行标识,从右侧往左数,第7bit标识这是一个用于保密通信的北斗短报文,第1bit的1标识这是第一个密钥协商短报文,可以用于包含交换的密钥。It can be understood that in this embodiment, the Beidou short message can be used to complete the above-mentioned key negotiation using a network link based on the BDS system. For example, when constructing the short message, a reserved byte in the Beidou short message protocol header can be used to identify that the short message is used for confidential communication. A reserved byte has been reserved in the current Beidou protocol, and the byte has a size of 8 bits. For example, you can use something like '0100 0001' for identification, counting from the right to the left, the 7th bit identifies that this is a Beidou short message for confidential communication, and the 1 in the 1st bit identifies that this is the first key negotiation short message, which can be used to contain the exchanged key.
作为一种可选的实施方式,上述生成与目标卫星通信链路匹配的通信密钥,包括:As an optional implementation manner, the above-mentioned generation of a communication key matching the target satellite communication link includes:
S71,根据当前终端的第一终端状态参数和/或目标北斗卫星终端的第二终端状态参数确定密钥生成参数;S71, determining a key generation parameter according to a first terminal state parameter of the current terminal and/or a second terminal state parameter of the target Beidou satellite terminal;
S72,根据密钥生成参数通过密钥生成算法生成与目标卫星通信链路匹配的通信密钥。S72, generating a communication key matching the target satellite communication link through a key generation algorithm according to the key generation parameters.
具体地,生成上述通信密钥的可以基于当前终端的第一终端状态参数和/或者目标北斗卫星的第二终端状态参数确定用于后续加密通信的通信密钥,例如,可以获取的第一终端状态参数可以包括但不限于是:此时终端的网络的信号强度、信噪比、底层硬件晶振频率、操作系统心跳次数、终端电池电量;可以获取的第二终端状态参数可以包括但不限于是:卫星轨道参数、差分数据等信息;在获取到上述第一终端状态参数或者第二终端状态参数的情况下,可以通过类似移位、异或等运算来构造一个随机数,由于上述信息本身就带有真随机数的特性,因此将该随机数作为密钥生成算法的输入,可以显著提升生成的密钥的安全性。Specifically, the communication key generated can be based on the first terminal status parameter of the current terminal and/or the second terminal status parameter of the target Beidou satellite to determine the communication key used for subsequent encrypted communication. For example, the first terminal status parameter that can be obtained may include but is not limited to: the signal strength of the network of the terminal at this time, the signal-to-noise ratio, the underlying hardware crystal oscillator frequency, the number of heartbeats of the operating system, and the terminal battery power; the second terminal status parameter that can be obtained may include but is not limited to: satellite orbit parameters, differential data and other information; when the above-mentioned first terminal status parameter or the second terminal status parameter is obtained, a random number can be constructed through operations such as shifting and XOR. Since the above-mentioned information itself has the characteristics of a true random number, using the random number as the input of the key generation algorithm can significantly improve the security of the generated key.
作为一种可选的实施方式,上述通过目标网络通信链路向目标终端发送目标密文数据之后,还包括:在当前终端与目标终端之间的通信会话结束的情况下,删除通信密钥。As an optional implementation, after sending the target ciphertext data to the target terminal through the target network communication link, the method further includes: deleting the communication key when the communication session between the current terminal and the target terminal ends.
可以理解的是,在本实施方式中,在保密通信完成之后,进行交互的两个终端销毁各自的公私钥对;且在每次通信都使用新生成的公私钥,保证一次一密,即每次通信所使用的密钥均不同,从而提升安全性能。It can be understood that in this embodiment, after the confidential communication is completed, the two interacting terminals destroy their respective public and private key pairs; and newly generated public and private keys are used in each communication to ensure one-time one-key, that is, the keys used for each communication are different, thereby improving security performance.
以下结合图7对本申请的一个完整实施方式进行说明。需要说明的是,本实施方式可以是一种基于北斗短报文传递密钥方式的双向加密保密通信的方法。具体步骤如下:A complete implementation of the present application is described below in conjunction with FIG7 . It should be noted that the present implementation may be a method for bidirectional encrypted confidential communication based on Beidou short message key transmission. The specific steps are as follows:
S702,用户A在移动终端拨号界面上发起VoLTE保密通信;S702, user A initiates VoLTE secure communication on the dialing interface of the mobile terminal;
具体地,主叫用户(简称用户A)在移动终端的拨号界面上选择发起基于北斗短报文的保密通话,界面上可以为该类型的保密通话设置一个单独的起呼按键,响应于对该起呼按键的触发操作,执行步骤S704。Specifically, the calling user (referred to as user A) chooses to initiate a confidential call based on Beidou short message on the dialing interface of the mobile terminal. A separate call initiation button can be set on the interface for this type of confidential call. In response to the triggering operation of the call initiation button, step S704 is executed.
S704,终端实时获取网络信号强度、信噪比、终端电池电量等信息构造随机数,作为密钥生成算法的输入;S704, the terminal obtains information such as network signal strength, signal-to-noise ratio, and terminal battery power in real time to construct a random number as an input to the key generation algorithm;
在上述步骤S704中,移动终端接收到用户的保密通话请求后立即获取此时网络的信号强度、信噪比、底层硬件晶振频率、操作系统心跳次数、终端电池电量;以及从北斗卫星接收到的卫星轨道参数、差分数据等信息通过类似移位、异或等运算来构造一个随机数。可以理解地,由于上述信息本身就带有真随机数的特性,进而基于上述信息构造的随机数具有更高的安全性;在构造得到上述随机数后,将该随机数作为公钥生成算法的输入;In the above step S704, after receiving the user's confidential call request, the mobile terminal immediately obtains the network's signal strength, signal-to-noise ratio, underlying hardware crystal frequency, operating system heartbeat count, and terminal battery power at this time; and satellite orbit parameters, differential data and other information received from the Beidou satellite are used to construct a random number through operations such as shift and XOR. It can be understood that since the above information itself has the characteristics of a true random number, the random number constructed based on the above information has higher security; after the above random number is constructed, the random number is used as the input of the public key generation algorithm;
S706,公钥生成算法生成用户A的公私钥对,简称APrivate,APublic;S706, the public key generation algorithm generates a public and private key pair of user A, referred to as APrivate, APublic;
S708,用户A使用北斗短报文携带APublic,发送给用户B;S708: User A uses a Beidou short message to carry APublic and sends it to user B.
具体地,用户A的移动终端将APublic通过北斗短报文的方式发送给被叫用户,简称用户B;在构造该短报文消息时,可以使用北斗短报文协议包头中的一个保留字节来标识该短报文用于保密通信。由于目前的北斗协议中已经预留了一个保留字节,该字节包括8个bit,进而可以通过该8个bit用于保密通信的标识。举例来说,可以使用类似‘0100 0001’进行标识,从右侧往左数,第7bit标识这是一个用于保密通信的北斗短报文,第1bit的1标识这是第一个密钥协商短报文,包含用户A的公钥APublic;Specifically, the mobile terminal of user A sends APublic to the called user, referred to as user B, via a Beidou short message; when constructing the short message, a reserved byte in the Beidou short message protocol header can be used to identify that the short message is used for confidential communication. Since a reserved byte has been reserved in the current Beidou protocol, the byte includes 8 bits, and the 8 bits can be used to identify confidential communication. For example, you can use something like '0100 0001' for identification. Counting from the right to the left, the 7th bit identifies that this is a Beidou short message for confidential communication, and the 1 in the 1st bit identifies that this is the first key negotiation short message, which contains user A's public key APublic;
S710,判断用户B是否支持基于北斗短报文的保密通信;具体地,用户B的移动终端在收到用户A的来电后,如果用户B支持本文所述的基于北斗短报文的保密通信,则可以通过自身的北斗短报文模块接收到包含用户A的APublic的北斗短报文,并根据步骤708中所述的标识字段确认该短报文包含了APublic;此时继续步骤S710-1;反之如果用户B使用的移动终端不支持本文所述的基于北斗短报文的保密通信,则无法成功接收到来自用户A的APublic;S710, determine whether user B supports confidential communication based on Beidou short message; specifically, after receiving the call from user A, if user B supports confidential communication based on Beidou short message as described in this article, the mobile terminal of user B can receive the Beidou short message containing user A's APublic through its own Beidou short message module, and confirm that the short message contains APublic according to the identification field described in step 708; then continue with step S710-1; on the contrary, if the mobile terminal used by user B does not support confidential communication based on Beidou short message as described in this article, APublic from user A cannot be successfully received;
在用户B不支持基于北斗短报文的保密通信的情况下,执行步骤S710-2和S710-2-1,用户B按普通来电进行响应;用户A在一定时间内未收到用户B反馈的公钥,则提示被叫方用户不支持基于北斗的保密通信,继续使用普通VoLTE语音通信;If user B does not support Beidou-based secure communication, execute steps S710-2 and S710-2-1, and user B responds as a normal incoming call; if user A does not receive the public key fed back by user B within a certain period of time, it prompts the called party that the user does not support Beidou-based secure communication and continues to use normal VoLTE voice communication;
具体地,用户A的移动终端在显示界面以及语音同时提示被叫用户不支持当前保密通信,用户可选择挂断电话或者使用非加密的普通VoLTE语音通信。Specifically, the mobile terminal of user A prompts the called user in the display interface and voice at the same time that the current confidential communication is not supported. The user can choose to hang up the call or use non-encrypted ordinary VoLTE voice communication.
S710-1,用户B接收到用户A通过北斗短报文发送来的Apublic,并启动自身的公钥生成算法生成用户B的公私钥对,简称BPrivate,BPublic;S710-1, user B receives Apublic sent by user A via BeiDou short message, and starts its own public key generation algorithm to generate user B's public and private key pair, referred to as BPrivate, BPublic;
具体地,用户B支持本文所述的基于北斗短报文的保密通信,在收到用户A通过北斗短报文发送来的APublic后,用户B立即启动自身的密钥生成流程,该步骤与步骤704中用户A的公私钥对生成方法一致,生成用户B的公钥BPublic和私钥BPrivate;Specifically, user B supports the confidential communication based on Beidou short message described in this article. After receiving APublic sent by user A through Beidou short message, user B immediately starts its own key generation process. This step is consistent with the public-private key pair generation method of user A in step 704, and generates user B's public key BPublic and private key BPrivate;
S712,用户B将自身的BPublic同样使用北斗短报文系统发送给主叫用户A;S712, user B sends its own BPublic to calling user A using the Beidou short message system;
用户B将BPublic同样使用北斗短报文的方式发送给主叫方,即用户A;类似步骤708中所述,用户B在构建该条北斗短报文消息时,同样使用北斗短报文包头的保留字节进行标识。举例来说,可以使用类似‘0100 0010’进行标识,从右侧往左数,第7bit标识这是一个用于保密通信的北斗短报文,第2bit的1标识这是第二个密钥协商短报文,包含用户B的公钥BPublic;User B sends BPublic to the caller, i.e. user A, in the same way as in step 708. When constructing the Beidou short message, user B also uses the reserved bytes of the Beidou short message header for identification. For example, you can use something like '0100 0010' for identification. Counting from the right to the left, the 7th bit indicates that this is a Beidou short message for confidential communication, and the 1 in the 2nd bit indicates that this is the second key negotiation short message, which contains the public key BPublic of user B.
S714,主被叫双方开始进行保密通信;S714, the calling party and the called party start confidential communication;
用户A在收到BPublic之后,用户A和用户B之间的保密通信即可以开始;VoLTE的语音数据通过RTP数据包传输;用户A使用APrivate对原始语音数据包做第一次加密,即数字签名,然后再对生成的密文使用BPublic做第二次加密,再将第二次加密后的密文通过语音通信网络链路发送给用户B;用户B在收到通信密文获取到密文,先使用BPrivate做第一次解密,将得到的数据再使用APublic做第二次解密,验证用户A的数字签名;上述过程是对于用户A发送给用户B的语音数据的处理流程,对于用户B发送给用户A的语音数据也按照同样的流程处理;After user A receives BPublic, the confidential communication between user A and user B can begin; VoLTE voice data is transmitted through RTP data packets; user A uses APrivate to encrypt the original voice data packet for the first time, that is, digitally sign it, and then uses BPublic to encrypt the generated ciphertext for the second time, and then sends the second encrypted ciphertext to user B through the voice communication network link; user B receives the communication ciphertext and obtains it, first uses BPrivate to decrypt it for the first time, and then uses APublic to decrypt the obtained data for the second time to verify user A's digital signature; the above process is the processing flow for the voice data sent by user A to user B, and the voice data sent by user B to user A is also processed according to the same process;
S716,保密通信完成之后,用户A和用户B双方销毁各自的公私钥对;可以理解的,在保密通信完成之后,用户A和用户B销毁各自的公私钥对;每次通信都使用新生成的公私钥,保证一次一密,提升安全性能。S716, after the confidential communication is completed, user A and user B both destroy their respective public-private key pairs; it is understandable that after the confidential communication is completed, user A and user B destroy their respective public-private key pairs; each communication uses a newly generated public-private key to ensure one-time one-key, thereby improving security performance.
可以理解的是,上述实施方式可以应用于移动终端的保密通信中,具体的说,主要用于移动终端之间的加密通话中。两部移动终端将各自的语音数据包进行加密后在移动IMS网络上进行传输,并借助北斗卫星的短报文服务进行加解密密钥的传递。It is understandable that the above implementation can be applied to confidential communications of mobile terminals, specifically, mainly used in encrypted calls between mobile terminals. The two mobile terminals encrypt their respective voice data packets and transmit them on the mobile IMS network, and use the short message service of the Beidou satellite to transfer the encryption and decryption keys.
上述实施方式中的保密通信的安全性可以通过两个方面进行实现,第一是通过北斗短报文系统来传递密钥,使得加解密密钥以及数字签名和公钥算法的密钥通过北斗卫星来传递;而具体的加密过后的语音数据通过移动IMS网络来传递;在接入网和核心网整个体系中将二者隔离开;第二可以通过非对称加密过程的安全性提升通信过程的安全性。从而在支持北斗系统的移动终端中,以较小的修改极大地增强了保密通信系统的安全性,并且不通过第三方,仅靠移动终端自身就可以完成。The security of confidential communication in the above implementation can be achieved in two aspects. First, the key is transmitted through the Beidou short message system, so that the encryption and decryption keys, digital signatures and public key algorithm keys are transmitted through Beidou satellites; and the specific encrypted voice data is transmitted through the mobile IMS network; the two are isolated in the entire system of the access network and the core network; second, the security of the communication process can be improved through the security of the asymmetric encryption process. Therefore, in mobile terminals that support the Beidou system, the security of the confidential communication system is greatly enhanced with minor modifications, and it can be completed by the mobile terminal itself without a third party.
通过以上的实施方式的描述,本领域的技术人员可以清楚地了解到根据上述实施例的方法可借助软件加必需的通用硬件平台的方式来实现,当然也可以通过硬件,但很多情况下前者是更佳的实施方式。基于这样的理解,本公开的技术方案本质上或者说对现有技术做出贡献的部分可以以软件产品的形式体现出来,该计算机软件产品存储在一个存储介质(如ROM/RAM、磁碟、光盘)中,包括若干指令用以使得一台终端设备(可以是手机,计算机,服务器,或者网络设备等)执行本公开各个实施例所述的方法。Through the description of the above implementation methods, those skilled in the art can clearly understand that the method according to the above embodiment can be implemented by means of software plus a necessary general hardware platform, and of course can also be implemented by hardware, but in many cases the former is a better implementation method. Based on such an understanding, the technical solution of the present disclosure, or the part that contributes to the prior art, can be embodied in the form of a software product, which is stored in a storage medium (such as ROM/RAM, a disk, or an optical disk), and includes a number of instructions for a terminal device (which can be a mobile phone, a computer, a server, or a network device, etc.) to execute the methods described in each embodiment of the present disclosure.
实施例2Example 2
在本实施例中还提供了一种数据发送装置,该装置用于实现上述实施例及优选实施方式,已经进行过说明的不再赘述。如以下所使用的,术语“模块”可以实现预定功能的软件和/或硬件的组合。尽管以下实施例所描述的装置较佳地以软件来实现,但是硬件,或者软件和硬件的组合的实现也是可能并被构想的。In the present embodiment, a data transmission device is also provided, which is used to implement the above-mentioned embodiments and preferred implementation modes, and the descriptions thereof will not be repeated. As used below, the term "module" can implement a combination of software and/or hardware of a predetermined function. Although the devices described in the following embodiments are preferably implemented in software, the implementation of hardware, or a combination of software and hardware, is also possible and contemplated.
图8是根据本公开实施例的数据发送装置的结构框图,如图8所示,该装置包括:FIG8 is a structural block diagram of a data sending device according to an embodiment of the present disclosure. As shown in FIG8 , the device includes:
生成单元82,用于生成与目标卫星通信链路匹配的通信密钥;A generating unit 82, for generating a communication key matching a target satellite communication link;
第一发送单元84,用于通过目标卫星通信链路向目标终端发送通信密钥;A first sending unit 84, used to send a communication key to a target terminal via a target satellite communication link;
加密单元86,用于在确定目标终端接收到通信密钥的情况下,根据通信密钥对待发送的通信数据进行加密,得到目标密文数据;An encryption unit 86 is used to encrypt the communication data to be sent according to the communication key to obtain target ciphertext data when it is determined that the target terminal has received the communication key;
第二发送单元88,用于通过目标网络通信链路向目标终端发送目标密文数据。The second sending unit 88 is used to send the target ciphertext data to the target terminal through the target network communication link.
可选地,上述生成单元包括:第一生成模块,用于在目标网络通信链路为第一类型的通信链路的情况下,生成与目标卫星通信链路匹配的对称通信密钥;第二生成模块,用于在目标网络通信链路为第二类型的通信链路的情况下,生成与目标卫星通信链路匹配的非对称通信密钥对;其中,第一类型的通信链路的链路带宽大于或等于目标带宽阈值,第二类型的通信链路的链路带宽小于目标带宽阈值。Optionally, the above-mentioned generation unit includes: a first generation module, used to generate a symmetric communication key matching the target satellite communication link when the target network communication link is a first type of communication link; a second generation module, used to generate an asymmetric communication key pair matching the target satellite communication link when the target network communication link is a second type of communication link; wherein the link bandwidth of the first type of communication link is greater than or equal to the target bandwidth threshold, and the link bandwidth of the second type of communication link is less than the target bandwidth threshold.
可选地,上述第一生成模块包括:获取子模块,用于获取参考非对称通信密钥对;加密子模块,用于利用参考非对称通信密钥对加密对称通信密钥,得到目标密钥密文;发送子模块,用于通过目标卫星通信链路向目标终端发送目标密钥密文。Optionally, the above-mentioned first generation module includes: an acquisition submodule, used to obtain a reference asymmetric communication key pair; an encryption submodule, used to encrypt the symmetric communication key using the reference asymmetric communication key pair to obtain a target key ciphertext; and a sending submodule, used to send the target key ciphertext to the target terminal via the target satellite communication link.
可选地,上述第二生成模块包括:发送子模块,用于通过目标卫星通信链路向目标终端发送非对称通信密钥对中包括的第一公钥,其中,非对称通信密钥对中包括第一公钥和第一私钥,第一私钥用于在当前终端中对通信数据进行加密,以得到参考密文数据,第一公钥用于在目标终端中对参考密文数据进行解密;接收子模块,用于在目标终端接收到第一公钥的情况下,通过目标卫星通信链路接收目标终端发送的非对称通信密钥对中包括的第二公钥,其中,目标终端发送的非对称通信密钥对中包括第二公钥和第二私钥,第二公钥用于在当前终端中对参考密文数据进行加密,得到目标密文数据,第二私钥用于在目标终端中对目标密文数据进行解密。Optionally, the above-mentioned second generation module includes: a sending submodule, used to send a first public key included in an asymmetric communication key pair to a target terminal through a target satellite communication link, wherein the asymmetric communication key pair includes a first public key and a first private key, the first private key is used to encrypt communication data in a current terminal to obtain reference ciphertext data, and the first public key is used to decrypt the reference ciphertext data in the target terminal; a receiving submodule, used to receive a second public key included in an asymmetric communication key pair sent by the target terminal through a target satellite communication link when the target terminal receives the first public key, wherein the asymmetric communication key pair sent by the target terminal includes a second public key and a second private key, the second public key is used to encrypt reference ciphertext data in the current terminal to obtain target ciphertext data, and the second private key is used to decrypt the target ciphertext data in the target terminal.
可选地,上述加密单元包括:第一加密模块,用于利用第一私钥对通信数据进行第一加密操作,得到参考密文数据;第二加密模块,用于利用第二公钥对参考密文数据进行第二加密操作,得到目标密文数据。Optionally, the encryption unit includes: a first encryption module, used to perform a first encryption operation on the communication data using a first private key to obtain reference ciphertext data; a second encryption module, used to perform a second encryption operation on the reference ciphertext data using a second public key to obtain target ciphertext data.
可选地,上述数据发送装置还包括:第一解密模块,用于在通过目标网络通信链路接收到目标终端发送的响应密文数据的情况下,根据第一私钥对响应密文数据进行第一解密操作,得到参考响应密文数据;第二解密模块,用于根据第二公钥对参考响应密文数据进行第二解密操作,得到响应通信数据。Optionally, the above-mentioned data sending device also includes: a first decryption module, which is used to perform a first decryption operation on the response ciphertext data according to a first private key to obtain reference response ciphertext data when response ciphertext data sent by the target terminal is received through the target network communication link; a second decryption module, which is used to perform a second decryption operation on the reference response ciphertext data according to a second public key to obtain response communication data.
可选地,上述第一发送单元包括:添加模块,用于将通信密钥加入目标北斗短报文;发送模块,用于将目标北斗短报文发送至目标北斗卫星终端,其中,目标北斗卫星终端用于将目标北斗短报文转发至目标终端。Optionally, the above-mentioned first sending unit includes: an adding module, used to add a communication key to a target Beidou short message; a sending module, used to send the target Beidou short message to a target Beidou satellite terminal, wherein the target Beidou satellite terminal is used to forward the target Beidou short message to a target terminal.
可选地,上述生成单元包括:确定模块,用于根据当前终端的第一终端状态参数和/或目标北斗卫星终端的第二终端状态参数确定密钥生成参数;生成模块,用于根据密钥生成参数通过密钥生成算法生成与目标卫星通信链路匹配的通信密钥。Optionally, the above-mentioned generation unit includes: a determination module, used to determine the key generation parameters according to the first terminal state parameters of the current terminal and/or the second terminal state parameters of the target Beidou satellite terminal; a generation module, used to generate a communication key matching the target satellite communication link through a key generation algorithm according to the key generation parameters.
可选地,上述数据发送装置还包括:删除单元,用于在当前终端与目标终端之间的通信会话结束的情况下,删除通信密钥。Optionally, the above-mentioned data sending device further includes: a deleting unit, configured to delete the communication key when the communication session between the current terminal and the target terminal ends.
实施例3Example 3
本公开的实施例还提供了一种计算机可读存储介质,该计算机可读存储介质中存储有计算机程序,其中,该计算机程序被设置为运行时执行上述任一项方法实施例中的步骤。An embodiment of the present disclosure further provides a computer-readable storage medium, in which a computer program is stored, wherein the computer program is configured to execute the steps of any of the above method embodiments when running.
在一个示例性实施例中,上述计算机可读存储介质可以包括但不限于:U盘、只读存储器(Read-Only Memory,简称为ROM)、随机存取存储器(Random Access Memory,简称为RAM)、移动硬盘、磁碟或者光盘等各种可以存储计算机程序的介质。In an exemplary embodiment, the computer-readable storage medium may include, but is not limited to, various media that can store computer programs, such as a USB flash drive, a read-only memory (ROM), a random access memory (RAM), a mobile hard disk, a magnetic disk or an optical disk.
实施例4Example 4
本公开的实施例还提供了一种电子装置,包括存储器和处理器,该存储器中存储有计算机程序,该处理器被设置为运行计算机程序以执行上述任一项方法实施例中的步骤。An embodiment of the present disclosure further provides an electronic device, including a memory and a processor, wherein a computer program is stored in the memory, and the processor is configured to run the computer program to execute the steps in any one of the above method embodiments.
在一个示例性实施例中,上述电子装置还可以包括传输设备以及输入输出设备,其中,该传输设备和上述处理器连接,该输入输出设备和上述处理器连接。In an exemplary embodiment, the electronic device may further include a transmission device and an input/output device, wherein the transmission device is connected to the processor, and the input/output device is connected to the processor.
本实施例中的具体示例可以参考上述实施例及示例性实施方式中所描述的示例,本实施例在此不再赘述。For specific examples in this embodiment, reference may be made to the examples described in the above embodiments and exemplary implementation modes, and this embodiment will not be described in detail herein.
显然,本领域的技术人员应该明白,上述的本公开的各模块或各步骤可以用通用的计算装置来实现,它们可以集中在单个的计算装置上,或者分布在多个计算装置所组成的网络上,它们可以用计算装置可执行的程序代码来实现,从而,可以将它们存储在存储装置中由计算装置来执行,并且在某些情况下,可以以不同于此处的顺序执行所示出或描述的步骤,或者将它们分别制作成各个集成电路模块,或者将它们中的多个模块或步骤制作成单个集成电路模块来实现。这样,本公开不限制于任何特定的硬件和软件结合。Obviously, those skilled in the art should understand that the above modules or steps of the present disclosure can be implemented by a general computing device, they can be concentrated on a single computing device, or distributed on a network composed of multiple computing devices, they can be implemented by a program code executable by a computing device, so that they can be stored in a storage device and executed by the computing device, and in some cases, the steps shown or described can be executed in a different order than here, or they can be made into individual integrated circuit modules, or multiple modules or steps therein can be made into a single integrated circuit module for implementation. Thus, the present disclosure is not limited to any specific combination of hardware and software.
以上所述仅为本公开的优选实施例而已,并不用于限制本公开,对于本领域的技术人员来说,本公开可以有各种更改和变化。凡在本公开的原则之内,所作的任何修改、等同替换、改进等,均应包含在本公开的保护范围之内。The above description is only a preferred embodiment of the present disclosure and is not intended to limit the present disclosure. For those skilled in the art, the present disclosure may have various modifications and variations. Any modification, equivalent replacement, improvement, etc. made within the principles of the present disclosure shall be included in the protection scope of the present disclosure.
Claims (17)
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310604453.4A CN119030693A (en) | 2023-05-24 | 2023-05-24 | Data transmission method and device, storage medium and electronic device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310604453.4A CN119030693A (en) | 2023-05-24 | 2023-05-24 | Data transmission method and device, storage medium and electronic device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN119030693A true CN119030693A (en) | 2024-11-26 |
Family
ID=93532734
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310604453.4A Pending CN119030693A (en) | 2023-05-24 | 2023-05-24 | Data transmission method and device, storage medium and electronic device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN119030693A (en) |
-
2023
- 2023-05-24 CN CN202310604453.4A patent/CN119030693A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11777716B2 (en) | Key exchange method and apparatus | |
| US8898455B2 (en) | System and method for authentication of a communication device | |
| US20150089220A1 (en) | Technique For Bypassing an IP PBX | |
| US11496319B2 (en) | Method of identity authentication for voice over internet protocol call and related device | |
| WO2017114123A1 (en) | Key configuration method and key management center, and network element | |
| US9143324B2 (en) | Secure messaging | |
| CN103974241A (en) | Voice end-to-end encryption method aiming at mobile terminal with Android system | |
| Wang et al. | A dependable privacy protection for end-to-end VoIP via Elliptic-Curve Diffie-Hellman and dynamic key changes | |
| CN105792193A (en) | End-to-end encryption method for mobile terminal voice based on iOS operating system | |
| CN104320329B (en) | Security instant communication method and system under open, insincere internet environment | |
| CN107566397A (en) | Video conference information transferring method, terminal device, server and storage medium | |
| CN105429753A (en) | Voice data method for improving security of VoLTE communication, system and mobile terminal | |
| KR20180130203A (en) | APPARATUS FOR AUTHENTICATING IoT DEVICE AND METHOD FOR USING THE SAME | |
| WO2016082401A1 (en) | Conversation method and apparatus, user terminal and computer storage medium | |
| CN107395552A (en) | A kind of data transmission method and device | |
| CN114726520B (en) | A method and device for determining a key | |
| CN114630290A (en) | Key agreement method, device, equipment and storage medium for voice encryption communication | |
| CN117098123B (en) | A Beidou short message encryption communication system based on quantum keys | |
| CN114900500B (en) | Call control method, application server, communication system and storage medium | |
| WO2024041498A1 (en) | Secret communication processing method, first terminal, and storage medium | |
| CN119030693A (en) | Data transmission method and device, storage medium and electronic device | |
| CN106534044A (en) | Method and device for encrypting voice call | |
| US20190281033A1 (en) | Communication apparatus, communication method, and program | |
| CN115086951A (en) | A message transmission system, method and device | |
| Nakarmi | Evaluation of VoIP Security for Mobile Devices |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication |