阅读说明：本技术 一种前向安全实现方法及装置 (A kind of forward secrecy implementation method and device ) 是由 谢振华 于 2019-02-26 设计创作，主要内容包括：本文公开了一种前向安全实现方法及装置。应用于第一网络节点的方法包括：向终端发送第一内容信息；向第二网络节点发送第一密文密钥；第一密文密钥基于第二内容信息和第一密钥生成,第二内容信息基于所述第一内容信息和第二密钥生成。应用于第二网络节点的方法包括：接收来自第一网络节点的第一密文密钥；接收来自终端的第二内容信息；基于第二内容信息和第一密文密钥生成第一密钥。应用于第三网络节点的方法包括：基于第一内容信息和第二密钥生成第二内容信息；基于第二内容信息和第一密钥生成第一密文密钥；第二密钥与终端共享；向第一网络节点发送第一密文密钥和第一内容信息。本文的技术方案能够实现网络通信的前向安全性。(Disclosed herein is a kind of forward secrecy implementation method and devices.Method applied to first network node includes: to send first content information to terminal；The first ciphertext key is sent to the second network node；First ciphertext key is based on the second content information and first key generates, and the second content information is based on the first content information and the second key generates.Method applied to the second network node includes: to receive the first ciphertext key from first network node；Receive the second content information for carrying out self terminal；First key is generated based on the second content information and the first ciphertext key.Method applied to third network node includes: to generate the second content information based on first content information and the second key；The first ciphertext key is generated based on the second content information and first key；Second key and terminal are shared；The first ciphertext key and first content information are sent to first network node.The technical solution of this paper can be realized the forward security of network communication.)

1. a kind of forward secrecy implementation method is applied to first network node, comprising:

First content information is sent to terminal；

The first ciphertext key is sent to the second network node；

Wherein, the first ciphertext key is based on the second content information and first key generates, and second content information is based on The first content information and the second key generate.

2. the method as described in claim 1, which is characterized in that the method also includes: receive the first ciphertext key and first Content information.

3. the method as described in claim 1, it is characterised in that:

It is described to send the first ciphertext key to the second network node when the first ciphertext key includes one group of ciphertext key, It include: to send some or all of first ciphertext key to the second network node.

4. a kind of forward secrecy implementation method is applied to the second network node, comprising:

Receive the first ciphertext key from first network node；

Receive the second content information for carrying out self terminal；

First key is generated based on second content information and the first ciphertext key.

5. method as claimed in claim 4, it is characterised in that:

It is described that first key is generated based on second content information and the first ciphertext key, comprising:

Xor operation is carried out based on second content information and the first ciphertext key, obtains the first key；Alternatively,

Operation is decrypted based on second content information and the first ciphertext key, obtains the first key.

6. a kind of forward secrecy implementation method is applied to third network node, comprising:

The second content information is generated based on first content information and the second key；Wherein, second key and terminal are shared；

The first ciphertext key is generated based on second content information and first key；

The first ciphertext key and the first content information are sent to first network node.

7. method as claimed in claim 6, it is characterised in that:

It is described that first ciphertext key is generated based on second content information and first key, comprising:

Xor operation is carried out based on first key and second content information, obtains the first ciphertext key；Or

Cryptographic operation is carried out based on first key and second content information, obtains the first ciphertext key.

8. method as claimed in claim 6, it is characterised in that:

It is described that second content information is generated based on first content information and the second key, comprising:

Xor operation is carried out based on some or all of first content information and the second key, obtains the second content letter Breath；Or

Cryptographic operation is carried out based on some or all of first content information and the second key, obtains the second content letter Breath.

9. method as claimed in claim 6, it is characterised in that:

The first ciphertext key includes one group of ciphertext key.

10. a kind of forward secrecy realization device, comprising:

The forward secrecy that memory, processor and being stored in can be run on the memory and on the processor realizes journey Sequence, before the forward secrecy realization program is realized described in any one of the claims 1-9 when being executed by the processor The step of to safety implementation method.

11. a kind of computer readable storage medium, it is stored with forward secrecy on the computer readable storage medium and realizes program, The forward secrecy, which is realized, realizes that forward secrecy described in any one of the claims 1-9 is real when program is executed by processor The step of existing method.

Technical field

The present invention relates to field of communication technology more particularly to a kind of forward secrecy implementation method and devices.

Background technique

Third generation partner program (3rd Generation Partnership Project, abbreviation 3GPP) proposes A kind of next generation network framework realizes the backward security of user's key used in moving process, i.e. source network node base In key currently in use, new key is calculated using Hash scheduling algorithm, new key is then issued into target network node, simultaneously Terminal is notified to replace key, terminal is calculated also based on key currently in use is (identical as source network node key currently in use) New key out, calculation method is identical as source network node, then terminal and target network node can based on new key into Row communicates.It is logical to can protect history for the key that backward security makes target network node that can not know that source network node uses The safety of news.

The technology (source network node can not know the key that target network node uses) of current not forward secrecy, because This can not protect the following safety communicated.

Summary of the invention

Provided herein is a kind of forward secrecy implementation method and devices, can be realized the forward security of network communication.

According to a first aspect of the present application, the embodiment of the present invention provides a kind of forward secrecy implementation method, is applied to first Network node, comprising:

First content information is sent to terminal；

The first ciphertext key is sent to the second network node；

Wherein, the first ciphertext key is based on the second content information and first key generates, second content information It is generated based on the first content information and the second key.

According to a second aspect of the present application, the embodiment of the present invention provides a kind of forward secrecy implementation method, is applied to second Network node, comprising:

Receive the first ciphertext key from first network node；

Receive the second content information for carrying out self terminal；

First key is generated based on second content information and the first ciphertext key.

According to the third aspect of the application, the embodiment of the present invention provides a kind of forward secrecy implementation method, is applied to third Network node, comprising:

The second content information is generated based on first content information and the second key；Wherein, second key and terminal are total It enjoys；

The first ciphertext key is generated based on second content information and first key；

The first ciphertext key and the first content information are sent to first network node.

According to the fourth aspect of the application, the embodiment of the present invention provides a kind of forward secrecy realization device, comprising:

The forward secrecy that memory, processor and being stored in can be run on the memory and on the processor is realized Program, the forward secrecy realize the step of realizing above-mentioned forward secrecy implementation method when program is executed by the processor.

According to the 5th of the application the aspect, the embodiment of the present invention provides a kind of computer readable storage medium, the calculating It is stored with forward secrecy on machine readable storage medium storing program for executing and realizes program, the forward secrecy realizes realization when program is executed by processor The step of above-mentioned forward secrecy implementation method.

Compared with the relevant technologies, a kind of forward secrecy implementation method provided in an embodiment of the present invention and device, first network Node sends first content information to terminal, sends the first ciphertext key to the second network node；Wherein, first ciphertext is close Key is based on the second content information and first key generates, and second content information is close based on the first content information and second Key generates.Second network node receives the second content information from terminal, receives the first ciphertext key from first network node, is based on Second content information and the first ciphertext key generate first key.Terminal and the second network node can be based on first Key is communicated, since first network node is not aware that first key, so can be realized the forward secrecy of network communication Property.

Detailed description of the invention

Fig. 1 is a kind of forward secrecy implementation method flow chart (first network node) of the embodiment of the present invention 1；

Fig. 2 is a kind of forward secrecy implementation method flow chart (the second network node) of the embodiment of the present invention 2；

Fig. 3 is a kind of forward secrecy implementation method flow chart (third network node) of the embodiment of the present invention 3；

Fig. 4 is a kind of forward secrecy realization device schematic diagram (first network node) of the embodiment of the present invention 4；

Fig. 5 is a kind of forward secrecy realization device schematic diagram (the second network node) of the embodiment of the present invention 5；

Fig. 6 is a kind of forward secrecy realization device schematic diagram (third network node) of the embodiment of the present invention 6；

Fig. 7 is a kind of forward secrecy implementation method flow chart of example 1 of the present invention；

Fig. 8 is a kind of forward secrecy implementation method flow chart of example 2 of the present invention；

Fig. 9 is a kind of forward secrecy implementation method flow chart of example 3 of the present invention.

Specific embodiment

To make the objectives, technical solutions, and advantages of the present invention clearer, below in conjunction with attached drawing to the present invention Embodiment be described in detail.It should be noted that in the absence of conflict, in the embodiment and embodiment in the application Feature can mutual any combination.

Step shown in the flowchart of the accompanying drawings can be in a computer system such as a set of computer executable instructions It executes.Also, although logical order is shown in flow charts, and it in some cases, can be to be different from herein suitable Sequence executes shown or described step.