TW202301830A - Encryption system and encryption method for group instant massaging - Google Patents

Encryption system and encryption method for group instant massaging Download PDF

Info

Publication number
TW202301830A
TW202301830A TW110123849A TW110123849A TW202301830A TW 202301830 A TW202301830 A TW 202301830A TW 110123849 A TW110123849 A TW 110123849A TW 110123849 A TW110123849 A TW 110123849A TW 202301830 A TW202301830 A TW 202301830A
Authority
TW
Taiwan
Prior art keywords
key
terminal device
group
message
server
Prior art date
Application number
TW110123849A
Other languages
Chinese (zh)
Other versions
TWI761243B (en
Inventor
吳治東
鄭維元
蘇嚮權
梁俊安
Original Assignee
中華電信股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中華電信股份有限公司 filed Critical 中華電信股份有限公司
Priority to TW110123849A priority Critical patent/TWI761243B/en
Application granted granted Critical
Publication of TWI761243B publication Critical patent/TWI761243B/en
Publication of TW202301830A publication Critical patent/TW202301830A/en

Links

Images

Landscapes

  • Computer And Data Communications (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

An encryption system and an encryption method for group instant messaging are provided. The encryption method includes: a first terminal generates a second group key, an ephemeral public key, and an ephemeral private key corresponding to the ephemeral public key based on ECC algorithm if a first group key is invalid; The first terminal generates a group key ciphertext according to the second group key, the ephemeral private key, and a second public key corresponding to a second terminal; in response to receiving the group key ciphertext, a server transmits key information corresponding to the second group key to the first terminal; in response to receiving the key information from the server, the first terminal updates a first member key corresponding to the first terminal according to the second group key; and the first terminal communicates with the second terminal according to the first member key.

Description

群組即時通訊的加密系統和加密方法Encryption system and encryption method for group instant messaging

本發明是有關於一種通訊技術,且特別是有關於一種群組即時通訊的加密系統和加密方法。The present invention relates to a communication technology, and in particular to an encryption system and an encryption method for group instant messaging.

以下為現行常見的群組即時通訊服務的加密方法:在每次發訊時隨機產生一組訊息金鑰,並透過非對稱式加密方式將金鑰同步至接收端,接收端即可透過個人的私鑰解密出訊息金鑰,並使用訊息金鑰解密訊息。然而,上述的方法對於減緩成員數量對效能的影響又能兼具安全性與可用性尚無一個完美的解決方案,仍然有改善空間。The following is the encryption method of the current common group instant messaging service: a group of message keys is randomly generated each time a message is sent, and the key is synchronized to the receiving end through an asymmetric encryption method, and the receiving end can pass through the personal The private key decrypts the message key, and uses the message key to decrypt the message. However, the above-mentioned method does not have a perfect solution for alleviating the impact of the number of members on the performance and achieving both security and usability, and there is still room for improvement.

本發明提供一種群組即時通訊的加密系統和加密方法,可用於群組即時通訊服務。The invention provides an encryption system and encryption method for group instant messaging, which can be used for group instant messaging services.

本發明的一種群組即時通訊的加密系統,包含第一終端裝置、第二終端裝置以及伺服器。伺服器通訊連接至第一終端裝置以及第二終端裝置,其中伺服器傳送群組金鑰狀態至第一終端裝置;響應於群組金鑰狀態指示第一群組金鑰失效,第一終端裝置基於橢圓曲線密碼學演算法產生第二群組金鑰、臨時公鑰以及對應於臨時公鑰的臨時私鑰;第一終端裝置根據第二群組金鑰、臨時私鑰以及對應於第二終端裝置的第二公鑰產生群組金鑰密文;響應於自第一終端裝置接收群組金鑰密文,伺服器傳送對應於第二群組金鑰的金鑰資訊至第一終端裝置;響應於自伺服器接收金鑰資訊,第一終端裝置根據第二群組金鑰更新對應於第一終端裝置的第一成員金鑰;以及第一終端裝置根據第一成員金鑰與第二終端裝置進行通訊。An encryption system for group instant messaging of the present invention includes a first terminal device, a second terminal device and a server. The server is communicatively connected to the first terminal device and the second terminal device, wherein the server transmits the status of the group key to the first terminal device; in response to the status of the group key indicating that the first group key is invalid, the first terminal device Generate a second group key, a temporary public key, and a temporary private key corresponding to the temporary public key based on an elliptic curve cryptography algorithm; the first terminal device generates a second group key, a temporary private key, and a temporary private key corresponding to the The second public key of the device generates a group key ciphertext; in response to receiving the group key ciphertext from the first terminal device, the server transmits key information corresponding to the second group key to the first terminal device; In response to receiving the key information from the server, the first terminal device updates the first member key corresponding to the first terminal device according to the second group key; and the first terminal device communicates with the second terminal device according to the first member key The device communicates.

在本發明的一實施例中,上述的第一終端裝置根據第二群組金鑰更新儲存在第一終端裝置且對應於第二終端裝置的第二成員金鑰;以及第一終端裝置自第二終端裝置接收加密訊息,並且通過第二成員金鑰解密加密訊息。In an embodiment of the present invention, the above-mentioned first terminal device updates the second member key stored in the first terminal device and corresponding to the second terminal device according to the second group key; The two terminal devices receive the encrypted message and decrypt the encrypted message through the second member key.

在本發明的一實施例中,上述的第一終端裝置根據第一成員金鑰產生加密訊息,並且傳送加密訊息至第二終端裝置。In an embodiment of the present invention, the above-mentioned first terminal device generates an encrypted message according to the first member key, and sends the encrypted message to the second terminal device.

在本發明的一實施例中,上述的第一終端裝置基於橢圓曲線迪菲-赫爾曼密鑰交換演算法而根據臨時私鑰以及第二公鑰產生共享秘密;以及第一終端裝置基於對稱加密演算法而根據共享秘密以及第二群組金鑰產生群組金鑰密文。In an embodiment of the present invention, the above-mentioned first terminal device generates a shared secret based on the temporary private key and the second public key based on the elliptic curve Diffie-Hellman key exchange algorithm; and the first terminal device generates a shared secret based on the symmetric The encryption algorithm generates a group key ciphertext according to the shared secret and the second group key.

在本發明的一實施例中,在執行對稱加密演算法之前,第一終端裝置對共享秘密執行安全雜湊演算法。In an embodiment of the present invention, before performing the symmetric encryption algorithm, the first terminal device performs a secure hash algorithm on the shared secret.

在本發明的一實施例中,上述的第二終端裝置自伺服器接收群組金鑰密文、臨時公鑰以及對應於第一終端裝置的第一公鑰;第二終端裝置基於橢圓曲線迪菲-赫爾曼密鑰交換演算法而根據臨時公鑰以及對應於第二公鑰的第二私鑰取得共享秘密;以及第二終端裝置基於對應於對稱加密演算法的對稱解密演算法而根據共享秘密以及群組金鑰密文取得第二群組金鑰。In an embodiment of the present invention, the above-mentioned second terminal device receives the group key ciphertext, the temporary public key, and the first public key corresponding to the first terminal device from the server; obtaining the shared secret based on the ephemeral public key and the second private key corresponding to the second public key based on the Felix-Hellman key exchange algorithm; and the second terminal device based on the symmetric decryption algorithm corresponding to the symmetric encryption algorithm according to The shared secret and the group key ciphertext obtain the second group key.

在本發明的一實施例中,在執行對稱解密演算法之前,第二終端裝置對共享秘密執行安全雜湊演算法。In an embodiment of the present invention, before performing the symmetric decryption algorithm, the second terminal device performs a secure hash algorithm on the shared secret.

在本發明的一實施例中,上述的第二終端裝置根據第二群組金鑰更新儲存在第二終端裝置且對應於第一終端裝置的第一成員金鑰;以及第二終端裝置根據第二群組金鑰更新儲存在第二終端裝置且對應於第二終端裝置的第二成員金鑰。In an embodiment of the present invention, the above-mentioned second terminal device updates the first member key stored in the second terminal device and corresponding to the first terminal device according to the second group key; and the second terminal device updates the first member key according to the second group key; The second group key updates the second member key stored in the second terminal device and corresponding to the second terminal device.

在本發明的一實施例中,上述的伺服器響應於第二終端裝置登入群組即時通訊而傳送群組金鑰密文至第二終端裝置。In an embodiment of the present invention, the above server sends the group key ciphertext to the second terminal device in response to the second terminal device logging into the group instant messaging.

在本發明的一實施例中,上述的第一終端裝置對第一成員金鑰執行第一雜湊訊息鑑別碼運算以產生第一訊息金鑰;以及第一終端裝置對第一成員金鑰執行第二雜湊訊息鑑別碼運算以更新第一成員金鑰。In an embodiment of the present invention, the above-mentioned first terminal device performs a first hash message authentication code operation on the first member key to generate the first message key; and the first terminal device performs the first hash message authentication code operation on the first member key. The two-hash message authentication code operation is used to update the first member key.

在本發明的一實施例中,上述的第一終端裝置對根據第一訊息金鑰對訊息進行加密以產生加密訊息。In an embodiment of the present invention, the above-mentioned first terminal device encrypts the message according to the first message key to generate an encrypted message.

在本發明的一實施例中,上述的第二終端裝置自第一終端裝置接收加密訊息以及金鑰資訊;響應於接收金鑰資訊,第二終端裝置對第一成員金鑰執行第一雜湊訊息鑑別碼運算以取得第一訊息金鑰;以及響應於接收金鑰資訊,第二終端裝置對第一成員金鑰執行第二雜湊訊息鑑別碼運算以更新儲存在第二終端的第一成員金鑰。In an embodiment of the present invention, the above-mentioned second terminal device receives an encrypted message and key information from the first terminal device; in response to receiving the key information, the second terminal device executes the first hash message on the first member key an authentication code operation to obtain the first message key; and in response to receiving the key information, the second terminal device performs a second hash message authentication code operation on the first member key to update the first member key stored in the second terminal .

在本發明的一實施例中,上述的第二終端裝置對根據第一訊息金鑰對加密訊息進行解密以取得訊息。In an embodiment of the present invention, the above-mentioned second terminal device decrypts the encrypted message according to the first message key to obtain the message.

在本發明的一實施例中,上述的第一終端裝置基於橢圓曲線密碼學演算法產生對應於第一終端裝置的第一公鑰以及對應於第一公鑰的第一私鑰,並且基於公開金鑰密碼學產生憑證以及對應於憑證的數位簽章。第一終端裝置傳送第一公鑰、憑證以及數位簽章至伺服器以註冊加入群組即時通訊。In an embodiment of the present invention, the above-mentioned first terminal device generates a first public key corresponding to the first terminal device and a first private key corresponding to the first public key based on an elliptic curve cryptography algorithm, and based on the public Key cryptography produces a certificate and a digital signature corresponding to the certificate. The first terminal device sends the first public key, the certificate and the digital signature to the server to register and join the group instant messaging.

在本發明的一實施例中,上述的第一終端裝置基於對應於橢圓曲線密碼學演算法的定義域產生第一公鑰、第一私鑰、第二群組金鑰、臨時公鑰以及臨時私鑰。In an embodiment of the present invention, the above-mentioned first terminal device generates the first public key, the first private key, the second group key, the temporary public key, and the temporary private key.

在本發明的一實施例中,上述的伺服器自群組即時通訊的成員接收異動資訊,並且根據異動資訊使第一群組金鑰失效。In an embodiment of the present invention, the above server receives change information from members of the group instant messaging, and invalidates the first group key according to the change information.

在本發明的一實施例中,上述的伺服器自第一終端裝置接收訊息,其中訊息包含數位簽章;以及伺服器根據憑證驗證數位簽章以判斷訊息的來源是否正確。In an embodiment of the present invention, the above-mentioned server receives a message from the first terminal device, wherein the message includes a digital signature; and the server verifies the digital signature according to the certificate to determine whether the source of the message is correct.

在本發明的一實施例中,上述的第二終端裝置自第一終端裝置接收訊息,其中訊息包含數位簽章;以及第二終端裝置根據憑證驗證數位簽章以判斷訊息的來源是否正確。In an embodiment of the present invention, the above-mentioned second terminal device receives a message from the first terminal device, wherein the message includes a digital signature; and the second terminal device verifies the digital signature according to the certificate to determine whether the source of the message is correct.

本發明的一種群組即時通訊的加密方法,包含:伺服器通訊連接至第一終端裝置以及第二終端裝置;伺服器傳送群組金鑰狀態至第一終端裝置;響應於群組金鑰狀態指示第一群組金鑰失效,第一終端裝置基於橢圓曲線密碼學演算法產生第二群組金鑰、臨時公鑰以及對應於臨時公鑰的臨時私鑰;第一終端裝置根據第二群組金鑰、臨時私鑰以及對應於第二終端裝置的第二公鑰產生群組金鑰密文;響應於自第一終端裝置接收群組金鑰密文,伺服器傳送對應於第二群組金鑰的金鑰資訊至第一終端裝置;響應於自伺服器接收金鑰資訊,第一終端裝置根據第二群組金鑰更新對應於第一終端裝置的第一成員金鑰;以及第一終端裝置根據第一成員金鑰與第二終端裝置進行通訊。An encryption method for group instant messaging of the present invention, comprising: a server communicating with a first terminal device and a second terminal device; the server sending the group key state to the first terminal device; responding to the group key state To indicate that the first group key is invalid, the first terminal device generates the second group key, the temporary public key, and the temporary private key corresponding to the temporary public key based on the elliptic curve cryptography algorithm; the first terminal device generates the second group key according to the second group The group key, the temporary private key, and the second public key corresponding to the second terminal device generate a group key ciphertext; in response to receiving the group key ciphertext from the first terminal device, the server transmits the corresponding key information of the group key to the first terminal device; in response to receiving the key information from the server, the first terminal device updates the first member key corresponding to the first terminal device according to the second group key; and A terminal device communicates with a second terminal device according to the first member key.

基於上述,在本發明中,使用服務的終端裝置可產生公鑰。使用公鑰與臨時私鑰進行ECDH運算與對稱式加密方式,達到端到端加密傳送群組金鑰至各成員。透過伺服器將成員異動與群組金鑰狀態進行統一控管,確保成員異動不影響安全性。於終端裝置內部展開群組金鑰至成員金鑰,並基於成員金鑰而利用棘輪方式產生訊息金鑰與下一輪的成員金鑰,藉已降低成員數量對效能之影響,並提供前向安全(forward secrecy,FS)。最後,所有需要終端裝置透過網路傳出的資料皆與數位簽章結合,接收端可在接受到資料後進行簽章驗證,確保資料的完整性並且驗證傳送端的身分。Based on the above, in the present invention, a terminal device using a service can generate a public key. Use public key and temporary private key to perform ECDH operation and symmetric encryption method to achieve end-to-end encrypted transmission of group key to each member. Through the server, member changes and group key status are uniformly controlled to ensure that member changes do not affect security. Expand the group key to the member key inside the terminal device, and use the ratchet method to generate the message key and the next round of member keys based on the member key, which has reduced the impact of the number of members on performance and provided forward security (forward secrecy, FS). Finally, all the data that needs to be sent by the terminal device through the network are combined with a digital signature, and the receiving end can perform signature verification after receiving the data to ensure the integrity of the data and verify the identity of the sending end.

本發明提供一種群組即時通訊的加密系統和加密方法,可基於非對稱式加密方法同步群組金鑰,並於終端裝置內運算展開後的成員金鑰,隨後利用成員金鑰衍生出訊息金鑰以進行訊息加密,藉以達到端點加密,並且有效降低成員數量對運算量與傳輸量的影響。本發明可由群組中的其中一人進行群組金鑰同步,伺服器可進行群組金鑰狀態管理,並於終端裝置內部由群組金鑰衍生成數把成員金鑰,再由成員金鑰衍生出加解密訊息的訊息金鑰,達到降低人數對運算量與傳輸量之影響,確保群組成員異動仍保有通訊安全性。The present invention provides an encryption system and encryption method for group instant messaging, which can synchronize group keys based on an asymmetric encryption method, calculate and expand member keys in a terminal device, and then use member keys to derive message gold The key is used to encrypt messages, so as to achieve end-point encryption, and effectively reduce the impact of the number of members on the amount of computation and transmission. In the present invention, one person in the group can perform group key synchronization, and the server can manage the state of the group key, and derive several member keys from the group key inside the terminal device, and then derive from the member key The message key for encrypting and decrypting messages is issued to reduce the impact of the number of people on the amount of calculation and transmission, and to ensure that the communication security is still maintained when the group members change.

圖1根據本發明的一實施例繪示一種群組即時通訊的加密系統10的示意圖,加密系統10可包含伺服器100以及執行群組即時通訊的群組200,其中群組200可包含終端裝置a或終端裝置b等多個終端裝置。伺服器100可與群組200中的每一個終端裝置通訊連接。FIG. 1 shows a schematic diagram of an encryption system 10 for group instant messaging according to an embodiment of the present invention. The encryption system 10 may include a server 100 and a group 200 performing group instant messaging, wherein the group 200 may include a terminal device. a or multiple terminal devices such as terminal device b. The server 100 can communicate with each terminal device in the group 200 .

伺服器100具有處理單元(例如:處理器但不限於此)、通訊單元(例如:各類通訊晶片、行動通訊晶片、藍芽晶片、WiFi晶片等但不限於此)及儲存單元(例如:可移動隨機存取記憶體、快閃記憶體、硬碟等但不限於此)等運行管理伺服器110的必要構件。The server 100 has a processing unit (such as a processor but not limited thereto), a communication unit (such as various communication chips, mobile communication chips, bluetooth chips, WiFi chips, etc. but not limited thereto) and a storage unit (such as: The necessary components for running the management server 110 such as mobile random access memory, flash memory, hard disk, etc. but not limited thereto).

終端裝置a(或終端裝置b)可以包含、伺服器、客戶端、桌上型電腦、筆記型電腦、網路型電腦、工作站、個人數位助理(personal digital assistant,PDA)、個人電腦(personal computer,PC)、平板電腦或電話裝置等。終端裝置a(或終端裝置b)可至少含有但不限於收發器電路、類比數位(A/D)/數位類比(D/A)轉換器、處理電路、任選的記憶體電路,以及一個或多個天線單元。Terminal device a (or terminal device b) may include, server, client, desktop computer, notebook computer, network computer, workstation, personal digital assistant (personal digital assistant, PDA), personal computer (personal computer) , PC), tablet or telephone device, etc. Terminal device a (or terminal device b) may contain at least but not limited to transceiver circuits, analog-to-digital (A/D)/digital-to-analog (D/A) converters, processing circuits, optional memory circuits, and one or Multiple antenna elements.

圖2根據本發明的一實施例繪示註冊程序的訊令圖。在步驟S201中,終端裝置a可基於橢圓曲線密碼學(elliptic curve cryptography,ECC)演算法產生對應於終端裝置a的公鑰

Figure 02_image001
以及對應於公鑰
Figure 02_image001
的私鑰
Figure 02_image003
。具體來說,終端裝置a可根據ECC演算法的定義域
Figure 02_image005
產生終端裝置a的公鑰
Figure 02_image001
以及私鑰
Figure 02_image007
。 FIG. 2 shows a signaling diagram of a registration procedure according to an embodiment of the present invention. In step S201, terminal device a may generate a public key corresponding to terminal device a based on an elliptic curve cryptography (ECC) algorithm
Figure 02_image001
and corresponding to the public key
Figure 02_image001
private key of
Figure 02_image003
. Specifically, the terminal device a can be based on the definition domain of the ECC algorithm
Figure 02_image005
Generate the public key of terminal device a
Figure 02_image001
and the private key
Figure 02_image007
.

在一實施例中,終端裝置a可進一步產生終端裝置a的憑證

Figure 02_image009
、對應於憑證
Figure 02_image009
的簽章公鑰
Figure 02_image011
、對應於簽章公鑰
Figure 02_image011
的簽章私鑰
Figure 02_image013
以及使用簽章私鑰
Figure 02_image015
對公鑰
Figure 02_image001
簽章而產生的數位簽章
Figure 02_image017
。憑證
Figure 02_image009
可用以驗證數位簽章
Figure 02_image017
。舉例來說,假設終端裝置a想透過伺服器100傳送一個訊息給終端裝置b。終端裝置a可將數位簽章
Figure 02_image017
加入所述訊息中。在終端裝置b接收到所述訊息後,終端裝置b可根據終端裝置b內的數位憑證鏈驗證憑證
Figure 02_image009
為可信任之憑證,隨後再使用憑證
Figure 02_image009
驗證所述訊息中的數位簽章
Figure 02_image017
。若驗證的結果為成功且能正常地使用公鑰
Figure 02_image001
解密所述訊息,則終端裝置b可判斷訊息確實來自於終端裝置a。也就是說,訊息的來源是正確的。若驗證的結果為失敗或無法通過公鑰
Figure 02_image001
正常地解密所述訊息,則終端裝置b可判斷訊息並非來自於終端裝置a。也就是說,訊息的來源是錯誤的。 In one embodiment, the terminal device a can further generate a certificate of the terminal device a
Figure 02_image009
, corresponding to the certificate
Figure 02_image009
The signature public key of
Figure 02_image011
, corresponding to the signature public key
Figure 02_image011
private key for signing
Figure 02_image013
and using the signing private key
Figure 02_image015
pair public key
Figure 02_image001
digital signature
Figure 02_image017
. certificate
Figure 02_image009
Can be used to verify digital signatures
Figure 02_image017
. For example, assume that the terminal device a wants to send a message to the terminal device b through the server 100 . Terminal device a can digitally sign
Figure 02_image017
Included in said message. After terminal device b receives the message, terminal device b can verify the certificate according to the digital certificate chain in terminal device b
Figure 02_image009
as a trusted credential, and then use the credential
Figure 02_image009
Verify the digital signature in said message
Figure 02_image017
. If the verification result is successful and the public key can be used normally
Figure 02_image001
By decrypting the message, the terminal device b can determine that the message really comes from the terminal device a. That is, the source of the information is correct. If the verification result is failed or the public key cannot be passed
Figure 02_image001
If the message is normally decrypted, the terminal device b can determine that the message does not come from the terminal device a. That is, the source of the message is wrong.

在一實施例中,終端裝置a可根據公開金鑰密碼學(public-key cryptography)產生簽章公鑰

Figure 02_image011
與簽章私鑰
Figure 02_image013
。 In one embodiment, the terminal device a can generate a signature public key according to public key cryptography (public-key cryptography)
Figure 02_image011
with the signing private key
Figure 02_image013
.

在步驟S202中,終端裝置a可將對應於終端裝置a的公鑰

Figure 02_image001
、憑證
Figure 02_image009
以及數位簽章
Figure 02_image017
傳送至伺服器100,藉以註冊加入群組即時通訊。群組200中的每一個終端裝置(例如:終端裝置b)可存取伺服器100以自伺服器100取得公鑰
Figure 02_image001
、憑證
Figure 02_image009
或數位簽章
Figure 02_image017
等資訊。 In step S202, terminal device a may send the public key corresponding to terminal device a
Figure 02_image001
,certificate
Figure 02_image009
and digital signature
Figure 02_image017
sent to the server 100, so as to register and join the group instant messaging. Each terminal device in the group 200 (for example: terminal device b) can access the server 100 to obtain the public key from the server 100
Figure 02_image001
,certificate
Figure 02_image009
or digital signature
Figure 02_image017
and other information.

在步驟S203中,終端裝置b可基於橢圓曲線密碼學(elliptic curve cryptography,ECC)演算法產生對應於終端裝置b的公鑰

Figure 02_image019
以及對應於公鑰
Figure 02_image019
的私鑰
Figure 02_image021
。具體來說,終端裝置b可根據ECC演算法的定義域
Figure 02_image005
產生終端裝置b的公鑰
Figure 02_image019
以及私鑰
Figure 02_image021
。也就是說,公鑰
Figure 02_image001
、私鑰
Figure 02_image007
、公鑰
Figure 02_image019
以及私鑰
Figure 02_image021
是基於相同的定義域產生的。 In step S203, terminal device b can generate a public key corresponding to terminal device b based on an elliptic curve cryptography (ECC) algorithm
Figure 02_image019
and corresponding to the public key
Figure 02_image019
private key of
Figure 02_image021
. Specifically, the terminal device b can be based on the definition domain of the ECC algorithm
Figure 02_image005
Generate the public key of terminal device b
Figure 02_image019
and the private key
Figure 02_image021
. That is, the public key
Figure 02_image001
, private key
Figure 02_image007
, public key
Figure 02_image019
and the private key
Figure 02_image021
are generated based on the same domain of definition.

在一實施例中,終端裝置b可進一步產生終端裝置b的憑證

Figure 02_image023
、對應於憑證
Figure 02_image023
的簽章公鑰
Figure 02_image025
、對應於簽章公鑰
Figure 02_image025
的簽章私鑰
Figure 02_image027
以及使用簽章私鑰
Figure 02_image027
對公鑰
Figure 02_image019
簽章而產生的數位簽章
Figure 02_image029
。憑證
Figure 02_image023
可用以驗證數位簽章
Figure 02_image029
。舉例來說,假設終端裝置b想透過伺服器100傳送一個訊息給終端裝置a。終端裝置b可將數位簽章
Figure 02_image029
加入所述訊息中。在終端裝置a接收到所述訊息後,終端裝置a可根據終端裝置a內的數位憑證鏈驗證憑證
Figure 02_image023
為可信任之憑證,隨後再使用憑證
Figure 02_image023
驗證所述訊息中的數位簽章
Figure 02_image029
。若驗證的結果為成功且能正常地使用
Figure 02_image031
解密所述訊息,則終端裝置a可判斷訊息確實來自於終端裝置b。也就是說,訊息的來源是正確的。若驗證的結果為失敗或無法通過
Figure 02_image031
正常地解密所述訊息,則終端裝置a可判斷訊息並非來自於終端裝置b。也就是說,訊息的來源是錯誤的。 In one embodiment, the terminal device b can further generate the certificate of the terminal device b
Figure 02_image023
, corresponding to the certificate
Figure 02_image023
The signature public key of
Figure 02_image025
, corresponding to the signature public key
Figure 02_image025
private key for signing
Figure 02_image027
and using the signing private key
Figure 02_image027
pair public key
Figure 02_image019
digital signature
Figure 02_image029
. certificate
Figure 02_image023
Can be used to verify digital signatures
Figure 02_image029
. For example, assume that the terminal device b wants to send a message to the terminal device a through the server 100 . Terminal device b can digitally sign
Figure 02_image029
Included in said message. After the terminal device a receives the message, the terminal device a can verify the certificate according to the digital certificate chain in the terminal device a
Figure 02_image023
as a trusted credential, and then use the credential
Figure 02_image023
Verify the digital signature in said message
Figure 02_image029
. If the verification result is successful and can be used normally
Figure 02_image031
By decrypting the message, the terminal device a can determine that the message really comes from the terminal device b. That is, the source of the information is correct. If the verification result is failed or failed
Figure 02_image031
If the message is normally decrypted, the terminal device a can determine that the message does not come from the terminal device b. That is, the source of the message is wrong.

在一實施例中,終端裝置b可根據公開金鑰密碼學產生簽章公鑰

Figure 02_image025
與簽章私鑰
Figure 02_image027
。 In one embodiment, terminal device b can generate signature public key according to public key cryptography
Figure 02_image025
with the signing private key
Figure 02_image027
.

在步驟S204中,終端裝置b可將對應於終端裝置b的公鑰

Figure 02_image019
、憑證
Figure 02_image023
以及數位簽章
Figure 02_image029
傳送至伺服器100,藉以註冊加入群組即時通訊。群組200中的每一個終端裝置(例如:終端裝置a)可存取伺服器100以自伺服器100取得公鑰
Figure 02_image019
、憑證
Figure 02_image023
以及數位簽章
Figure 02_image029
等資訊。 In step S204, terminal device b may send the public key corresponding to terminal device b
Figure 02_image019
,certificate
Figure 02_image023
and digital signature
Figure 02_image029
sent to the server 100, so as to register and join the group instant messaging. Each terminal device in the group 200 (for example: terminal device a) can access the server 100 to obtain the public key from the server 100
Figure 02_image019
,certificate
Figure 02_image023
and digital signature
Figure 02_image029
and other information.

圖3根據本發明的一實施例繪示成員異動程序的訊令圖。在步驟S301中,伺服器100可自群組即時通訊的成員(即:群組200的成員,例如終端裝置a或終端裝置b)接收異動資訊。異動資訊可指示群組200中的某一個終端裝置執行了下列步驟的至少其中之一:自行退出群組200、將其他成員退出群組200或將新成員加入群組200中。FIG. 3 shows a signaling diagram of a member transaction procedure according to an embodiment of the present invention. In step S301 , the server 100 may receive event information from members of group instant messaging (ie: members of the group 200 , such as terminal device a or terminal device b). The transaction information may indicate that a certain terminal device in the group 200 has performed at least one of the following steps: leaving the group 200 by itself, withdrawing other members from the group 200 or adding a new member to the group 200 .

在步驟S302中,伺服器100可根據異動資訊使群組200的群組金鑰失效。舉例來說,假設群組即時通訊(或群組200)的初始群組金鑰為群組金鑰

Figure 02_image033
。伺服器100可根據異動資訊而使群組金鑰
Figure 02_image033
失效。值得注意的是,群組金鑰
Figure 02_image033
例如是依據定義域
Figure 02_image005
而產生的。也就是說,群組金鑰
Figure 02_image033
、公鑰
Figure 02_image001
、私鑰
Figure 02_image007
、公鑰
Figure 02_image019
以及私鑰
Figure 02_image021
是基於相同的定義域產生的。 In step S302, the server 100 may invalidate the group key of the group 200 according to the transaction information. For example, suppose the initial group key for group instant messaging (or group 200) is group key
Figure 02_image033
. The server 100 can make the group key according to the transaction information
Figure 02_image033
invalidated. It is worth noting that the group key
Figure 02_image033
e.g. by domain
Figure 02_image005
And produced. That is, the group key
Figure 02_image033
, public key
Figure 02_image001
, private key
Figure 02_image007
, public key
Figure 02_image019
and the private key
Figure 02_image021
are generated based on the same domain of definition.

在步驟S303中,伺服器100可傳送群組金鑰狀態至終端裝置a,其中所述群組金鑰狀態可指示群組金鑰

Figure 02_image033
已經失效。在步驟S304中,伺服器100可在終端裝置b登入群組即時通訊時傳送群組金鑰狀態至終端裝置b,其中所述群組金鑰狀態可指示群組金鑰
Figure 02_image033
已經失效。也就是說,在群組金鑰
Figure 02_image033
失效後,伺服器100可將指示群組金鑰
Figure 02_image033
失效的群組金鑰狀態廣播給群組200中的成員。 In step S303, the server 100 may transmit the group key state to the terminal device a, wherein the group key state may indicate the group key
Figure 02_image033
Has expired. In step S304, the server 100 may send the group key status to the terminal device b when the terminal device b logs into the group instant messaging, wherein the group key status may indicate the group key
Figure 02_image033
Has expired. That is, in the group key
Figure 02_image033
After invalidation, the server 100 may indicate the group key
Figure 02_image033
The expired group key status is broadcast to members in the group 200 .

圖4根據本發明的一實施例繪示金鑰同步程序的訊令圖。在步驟S401中,響應於群組金鑰狀態指示群組金鑰

Figure 02_image033
失效,終端裝置a可基於ECC演算法產生群組金鑰
Figure 02_image035
、臨時公鑰
Figure 02_image037
以及對應於臨時公鑰
Figure 02_image037
的臨時私鑰
Figure 02_image039
。群組金鑰
Figure 02_image035
、臨時公鑰
Figure 02_image037
以及臨時私鑰
Figure 02_image039
例如是依據定義域
Figure 02_image005
而產生的。也就是說,群組金鑰
Figure 02_image035
、臨時公鑰
Figure 02_image037
以及臨時私鑰
Figure 02_image039
是基於與群組金鑰
Figure 02_image033
相同的定義域產生的。 FIG. 4 shows a signaling diagram of a key synchronization procedure according to an embodiment of the present invention. In step S401, in response to the group key status indication group key
Figure 02_image033
Invalid, terminal device a can generate group key based on ECC algorithm
Figure 02_image035
, temporary public key
Figure 02_image037
and corresponding to the ephemeral public key
Figure 02_image037
ephemeral private key for
Figure 02_image039
. group key
Figure 02_image035
, temporary public key
Figure 02_image037
and the temporary private key
Figure 02_image039
e.g. by domain
Figure 02_image005
And produced. That is, the group key
Figure 02_image035
, temporary public key
Figure 02_image037
and the temporary private key
Figure 02_image039
is based on the group key
Figure 02_image033
generated by the same domain.

在步驟S402中,終端裝置a可根據群組金鑰

Figure 02_image035
、臨時私鑰
Figure 02_image039
、以及對應於群組200中的成員的公鑰產生將發送給所述成員的群組金鑰密文。以終端裝置b為例,終端裝置a可根據群組金鑰
Figure 02_image035
、臨時私鑰
Figure 02_image039
以及終端裝置b的公鑰
Figure 02_image019
產生將被發送給終端裝置b的群組金鑰密文
Figure 02_image041
。 In step S402, terminal device a can
Figure 02_image035
, temporary private key
Figure 02_image039
, and the public keys corresponding to the members in the group 200 generate group key ciphertexts to be sent to the members. Taking terminal device b as an example, terminal device a can
Figure 02_image035
, temporary private key
Figure 02_image039
and the public key of terminal device b
Figure 02_image019
Generate a group key ciphertext to be sent to terminal device b
Figure 02_image041
.

具體來說,終端裝置a可基於橢圓曲線迪菲-赫爾曼密鑰交換(elliptic curve Diffie–Hellman key exchange,EDCH)演算法而根據臨時私鑰

Figure 02_image039
以及公鑰
Figure 02_image019
產生對應於終端裝置a和終端裝置b的共享秘密(或密鑰加密鑰(key-encryption key))
Figure 02_image043
,如方程式(1)所示,其中
Figure 02_image045
代表對公鑰P和私鑰R執行ECDH運算。
Figure 02_image047
…(1) Specifically, the terminal device a can use the temporary private key based on the elliptic curve Diffie–Hellman key exchange (EDCH) algorithm.
Figure 02_image039
and the public key
Figure 02_image019
A shared secret (or key-encryption key) corresponding to terminal device a and terminal device b is generated
Figure 02_image043
, as shown in equation (1), where
Figure 02_image045
Represents the execution of ECDH operations on the public key P and private key R.
Figure 02_image047
…(1)

接著,終端裝置a可對共享秘密

Figure 02_image043
執行安全雜湊演算法(secure hash algorithm,SHA),藉以調整共享秘密
Figure 02_image043
的尺寸以使共享秘密
Figure 02_image043
適應於即將使用的對稱加密演算法。舉例來說,在對共享秘密
Figure 02_image043
執行AES-256對稱加密演算法之前,終端裝置a可先對共享秘密
Figure 02_image043
執行SHA-256安全雜湊演算法,藉以將共享秘密
Figure 02_image043
的尺寸調整為適用於AES-256的256位元。 Then, terminal device a can share secret
Figure 02_image043
Executes a secure hash algorithm (SHA) to adjust the shared secret
Figure 02_image043
Dimensions such that the shared secret
Figure 02_image043
Adapt to the symmetric encryption algorithm to be used. For example, in the shared secret
Figure 02_image043
Before executing the AES-256 symmetric encryption algorithm, the terminal device a can first share the secret
Figure 02_image043
Implement the SHA-256 secure hash algorithm, whereby the shared secret
Figure 02_image043
is resized to 256 bits for AES-256.

而後,終端裝置a可基於對稱加密演算法而根據共享秘密

Figure 02_image043
以及群組金鑰
Figure 02_image035
產生群組金鑰密文
Figure 02_image041
,如方程式(2)所示,其中
Figure 02_image049
代表基於AES演算法使用金鑰k對明文p(plaintext)進行加密。
Figure 02_image051
…(2) Then, the terminal device a can use the shared secret based on the symmetric encryption algorithm
Figure 02_image043
and the group key
Figure 02_image035
Generate group key ciphertext
Figure 02_image041
, as shown in equation (2), where
Figure 02_image049
It means to encrypt the plaintext p (plaintext) with the key k based on the AES algorithm.
Figure 02_image051
…(2)

在步驟S403中,終端裝置a可傳送至少包含群組金鑰密文

Figure 02_image041
以及臨時公鑰
Figure 02_image037
的金鑰訊息至伺服器100。在步驟S404中,伺服器100可驗證金鑰訊息的合法性。 In step S403, the terminal device a can transmit at least the group key ciphertext
Figure 02_image041
and the ephemeral public key
Figure 02_image037
The key message of the key is sent to the server 100. In step S404, the server 100 can verify the legitimacy of the key message.

在一實施例中,伺服器100可根據群組200的當前群組金鑰狀態判斷金鑰訊息是否合法。若群組金鑰狀態指示群組200的當前群組金鑰是失效(或不存在),則伺服器100可判斷金鑰訊息是合法的。若群組金鑰狀態指示群組200的當前群組金鑰是有效的,則伺服器100可判斷金鑰訊息是非法的。舉例來說,若群組金鑰狀態指示群組200的當前群組金鑰

Figure 02_image033
是失效的,則伺服器100可判斷金鑰訊息是合法的。 In one embodiment, the server 100 can determine whether the key message is valid according to the current group key status of the group 200 . If the group key status indicates that the current group key of the group 200 is invalid (or does not exist), the server 100 can determine that the key message is valid. If the group key status indicates that the current group key of the group 200 is valid, the server 100 may determine that the key message is invalid. For example, if the group key status indicates that the current group key for group 200
Figure 02_image033
is invalid, then the server 100 can determine that the key message is legal.

在一實施例中,伺服器100可基於群組200中的成員以及金鑰訊息中群組金鑰密文匹配而判斷金鑰訊息是合法的,並可基於群組200中的成員以及金鑰訊息中群組金鑰密文不匹配而判斷金鑰訊息是非法的。舉例來說,假設群組200包含多個成員,其中所述多個成員包含終端裝置a和終端裝置b。如此,伺服器100自終端裝置a所接收的金鑰訊息需包含分別對應於除了終端裝置a的多個其他成員的多個群組金鑰密文,其中所述多個群組金鑰密文包含對應於終端裝置b的群組金鑰密文

Figure 02_image041
。若金鑰訊息中缺少了某一位成員的群組金鑰密文,則伺服器100可判斷金鑰訊息是非法的。 In one embodiment, the server 100 can determine that the key message is legitimate based on the group members in the group 200 and the group key ciphertext matching in the key message, and can determine that the key message is valid based on the members in the group 200 and the key The group key ciphertext in the message does not match and the key message is judged to be illegal. For example, assume that the group 200 includes a plurality of members, wherein the plurality of members include a terminal device a and a terminal device b. In this way, the key message received by the server 100 from the terminal device a needs to include a plurality of group key ciphertexts respectively corresponding to a plurality of other members except the terminal device a, wherein the plurality of group key ciphertexts Contains the group key ciphertext corresponding to terminal device b
Figure 02_image041
. If the group key ciphertext of a certain member is missing in the key message, the server 100 can determine that the key message is illegal.

在一實施例中,伺服器100可根據憑證

Figure 02_image053
判斷來自終端裝置a的金鑰訊息是否是合法的。若金鑰訊息包含與憑證
Figure 02_image055
匹配的數位簽章
Figure 02_image017
,則伺服器100可判斷金鑰訊息是合法的。若金鑰訊息不包含與憑證
Figure 02_image055
匹配的數位簽章
Figure 02_image017
,則伺服器100可判斷金鑰訊息是非法的。 In one embodiment, the server 100 can
Figure 02_image053
It is judged whether the key message from the terminal device a is legal. If the key message contains the certificate
Figure 02_image055
matching digital signature
Figure 02_image017
, then the server 100 can determine that the key message is legal. If the key message does not contain the certificate
Figure 02_image055
matching digital signature
Figure 02_image017
, then the server 100 can determine that the key information is illegal.

在步驟S405中,若金鑰訊息是合法的,伺服器100可傳送對應於群組金鑰

Figure 02_image035
的金鑰資訊至終端裝置a,其中金鑰資訊可包含對應於群組金鑰
Figure 02_image035
的群組金鑰識別碼
Figure 02_image057
。值得注意的是,伺服器100並不需要也無法解密群組金鑰密文
Figure 02_image041
以取得群組金鑰
Figure 02_image035
,而僅需要將與群組金鑰密文
Figure 02_image041
相對應的群組金鑰識別碼
Figure 02_image057
傳送給終端裝置a即可。終端裝置a可響應於接收到群組金鑰識別碼
Figure 02_image057
而判斷伺服器100已經同意使用群組金鑰
Figure 02_image035
。因此,終端裝置a將可使用群組金鑰
Figure 02_image035
來執行群組即時通訊。 In step S405, if the key message is legal, the server 100 can send the key corresponding to the group
Figure 02_image035
The key information of the terminal device a, where the key information may include the key corresponding to the group
Figure 02_image035
group key identifier for
Figure 02_image057
. It is worth noting that the server 100 does not need and cannot decrypt the group key ciphertext
Figure 02_image041
to get the group key
Figure 02_image035
, and only need to combine with the group key ciphertext
Figure 02_image041
Corresponding group key identifier
Figure 02_image057
Just send it to the terminal device a. Terminal device a may respond to receiving the group key identification code
Figure 02_image057
And judging that the server 100 has agreed to use the group key
Figure 02_image035
. Therefore, terminal device a will be able to use the group key
Figure 02_image035
to perform group instant messaging.

在步驟S406中,響應於接收到金鑰資訊,終端裝置a可根據群組金鑰

Figure 02_image035
更新儲存在終端裝置a的多個成員金鑰,其中所述多個成員金鑰分別對應於群組200中的多個成員。舉例來說,終端裝置a可根據群組金鑰
Figure 02_image035
更新儲存在終端裝置a且對應於終端裝置a的成員金鑰
Figure 02_image059
。此外,終端裝置a可根據群組金鑰
Figure 02_image035
更新儲存在終端裝置a且對應於終端裝置b的成員金鑰
Figure 02_image061
。更新成員金鑰的詳細步驟可參考如圖5所示的步驟S504。終端裝置a可通過成員金鑰
Figure 02_image059
以與群組200中的成員(例如:終端裝置b)進行通訊。舉例來說,終端裝置a可利用成員金鑰
Figure 02_image059
對訊息進行加密以產生加密訊息,並可將加密訊息傳送給終端裝置b。終端裝置b可利用成員金鑰
Figure 02_image059
解密所述加密訊息以取得所述訊息。 In step S406, in response to receiving key information, terminal device a can
Figure 02_image035
Updating a plurality of member keys stored in the terminal device a, wherein the plurality of member keys respectively correspond to a plurality of members in the group 200 . For example, terminal device a can use the group key
Figure 02_image035
Update the member key stored in terminal device a and corresponding to terminal device a
Figure 02_image059
. In addition, terminal device a can use the group key
Figure 02_image035
Update the member key stored in terminal device a and corresponding to terminal device b
Figure 02_image061
. For detailed steps of updating the member key, refer to step S504 shown in FIG. 5 . Terminal device a can pass member key
Figure 02_image059
To communicate with the members of the group 200 (for example: terminal device b). For example, terminal device a can use member key
Figure 02_image059
The message is encrypted to generate an encrypted message, and the encrypted message may be transmitted to the terminal device b. Terminal device b can use member key
Figure 02_image059
The encrypted message is decrypted to obtain the message.

在一實施例中,終端裝置a可根據基於橢圓曲線迪菲-赫爾曼密鑰交換演算法而根據公鑰

Figure 02_image063
以及群組金鑰
Figure 02_image035
產生對應於終端裝置a的成員金鑰
Figure 02_image059
,如方程式(3)所示。
Figure 02_image065
…(3) In one embodiment, the terminal device a can use the elliptic curve based Diffie-Hellman key exchange algorithm to
Figure 02_image063
and the group key
Figure 02_image035
Generate a membership key corresponding to terminal device a
Figure 02_image059
, as shown in equation (3).
Figure 02_image065
...(3)

在一實施例中,終端裝置a可根據基於橢圓曲線迪菲-赫爾曼密鑰交換演算法而根據公鑰

Figure 02_image067
以及群組金鑰
Figure 02_image035
產生對應於終端裝置b的成員金鑰
Figure 02_image061
,如方程式(4)所示。
Figure 02_image069
…(4) In one embodiment, the terminal device a can use the elliptic curve based Diffie-Hellman key exchange algorithm to
Figure 02_image067
and the group key
Figure 02_image035
Generate a membership key corresponding to terminal device b
Figure 02_image061
, as shown in equation (4).
Figure 02_image069
…(4)

在步驟S407中,若金鑰訊息是合法的,伺服器100可傳送群組金鑰密文

Figure 02_image041
至終端裝置b。舉例來說,伺服器100可響應於偵測到終端裝置b登入群組200的群組即通訊而傳送群組金鑰密文
Figure 02_image041
至終端裝置b。 In step S407, if the key message is legal, the server 100 can send the group key ciphertext
Figure 02_image041
to terminal device b. For example, the server 100 may transmit the group key ciphertext in response to detecting that the terminal device b has logged into the group communication of the group 200
Figure 02_image041
to terminal device b.

在步驟S408中,終端裝置b可解密群組金鑰密文

Figure 02_image041
以取得群組金鑰
Figure 02_image035
。具體來說,終端裝置b可自伺服器100取得群組金鑰密文
Figure 02_image041
、臨時公鑰
Figure 02_image037
以及終端裝置a的公鑰
Figure 02_image001
。終端裝置b可基於橢圓曲線迪菲-赫爾曼密鑰交換演算法而根據臨時公鑰
Figure 02_image071
以及終端裝置b的私鑰
Figure 02_image073
產生對應於終端裝置a和終端裝置b的共享秘密
Figure 02_image043
,如方程式(5)所示,其中
Figure 02_image045
代表對公鑰P和私鑰R執行ECDH運算。
Figure 02_image075
…(5) In step S408, terminal device b can decrypt the group key ciphertext
Figure 02_image041
to get the group key
Figure 02_image035
. Specifically, the terminal device b can obtain the group key ciphertext from the server 100
Figure 02_image041
, temporary public key
Figure 02_image037
and the public key of terminal device a
Figure 02_image001
. The terminal device b can use the ephemeral public key based on the elliptic curve Diffie-Hellman key exchange algorithm
Figure 02_image071
and the private key of terminal device b
Figure 02_image073
generate a shared secret corresponding to terminal device a and terminal device b
Figure 02_image043
, as shown in equation (5), where
Figure 02_image045
Represents the execution of ECDH operations on the public key P and private key R.
Figure 02_image075
...(5)

接著,終端裝置b可對共享秘密

Figure 02_image043
執行安全雜湊演算法,藉以調整共享秘密
Figure 02_image043
的尺寸以使共享秘密
Figure 02_image043
適應於即將使用的對稱解密演算法。舉例來說,在對共享秘密
Figure 02_image043
執行AES-256對稱解密演算法之前,終端裝置b可先對共享秘密
Figure 02_image043
執行SHA-256安全雜湊演算法,藉以將共享秘密
Figure 02_image043
的尺寸調整為適用於AES-256的256位元。 Then, terminal device b can share secret
Figure 02_image043
Executes a secure hash algorithm to adjust the shared secret
Figure 02_image043
Dimensions such that the shared secret
Figure 02_image043
Adapt to the symmetric decryption algorithm to be used. For example, in the shared secret
Figure 02_image043
Before executing the AES-256 symmetric decryption algorithm, the terminal device b can first share the secret
Figure 02_image043
Implement the SHA-256 secure hash algorithm, whereby the shared secret
Figure 02_image043
is resized to 256 bits for AES-256.

而後,終端裝置b可基於對稱解密演算法而根據共享秘密

Figure 02_image043
解密群組金鑰密文
Figure 02_image041
以取得群組金鑰
Figure 02_image035
,如方程式(6)所示,其中
Figure 02_image077
代表基於AES演算法使用共享秘密k對密文c(ciphertext)進行解密。
Figure 02_image079
…(6) Then, terminal device b can use the shared secret based on the symmetric decryption algorithm
Figure 02_image043
Decrypt the group key ciphertext
Figure 02_image041
to get the group key
Figure 02_image035
, as shown in equation (6), where
Figure 02_image077
The representative uses the shared secret k to decrypt the ciphertext c (ciphertext) based on the AES algorithm.
Figure 02_image079
...(6)

在步驟S409中,響應於取得群組金鑰

Figure 02_image035
,終端裝置b可根據群組金鑰
Figure 02_image035
更新儲存在終端裝置b的多個成員金鑰,其中所述多個成員金鑰分別對應於群組200中的多個成員。舉例來說,終端裝置b可根據群組金鑰
Figure 02_image035
更新儲存在終端裝置b且對應於終端裝置a的成員金鑰
Figure 02_image059
。此外,終端裝置b可根據群組金鑰
Figure 02_image035
更新儲存在終端裝置b且對應於終端裝置b的成員金鑰
Figure 02_image061
。更新成員金鑰的詳細步驟可參考如圖5所示的步驟S507。終端裝置b可通過成員金鑰
Figure 02_image061
以與群組200中的成員(例如:終端裝置a)進行通訊。舉例來說,終端裝置b可利用成員金鑰
Figure 02_image061
對訊息進行加密以產生加密訊息,並可將加密訊息傳送給終端裝置a。終端裝置a可利用成員金鑰
Figure 02_image061
解密所述加密訊息以取得所述訊息。 In step S409, in response to obtaining the group key
Figure 02_image035
, the terminal device b can use the group key
Figure 02_image035
Updating a plurality of member keys stored in the terminal device b, wherein the plurality of member keys respectively correspond to a plurality of members in the group 200 . For example, terminal device b can use the group key
Figure 02_image035
Update the membership key stored in terminal device b and corresponding to terminal device a
Figure 02_image059
. In addition, terminal device b can
Figure 02_image035
update the membership key stored in terminal device b and corresponding to terminal device b
Figure 02_image061
. For detailed steps of updating the member key, refer to step S507 shown in FIG. 5 . Terminal device b can pass member key
Figure 02_image061
To communicate with the members of the group 200 (for example: terminal device a). For example, terminal device b can use member key
Figure 02_image061
The message is encrypted to generate an encrypted message, and the encrypted message may be transmitted to the terminal device a. Terminal device a can use member key
Figure 02_image061
The encrypted message is decrypted to obtain the message.

在一實施例中,終端裝置b可根據基於橢圓曲線迪菲-赫爾曼密鑰交換演算法而根據公鑰

Figure 02_image063
以及群組金鑰
Figure 02_image035
產生對應於終端裝置a的成員金鑰
Figure 02_image059
,如方程式(7)所示。
Figure 02_image065
…(7) In one embodiment, the terminal device b can use the elliptic curve based Diffie-Hellman key exchange algorithm to
Figure 02_image063
and the group key
Figure 02_image035
Generate a membership key corresponding to terminal device a
Figure 02_image059
, as shown in equation (7).
Figure 02_image065
...(7)

在一實施例中,終端裝置b可根據基於橢圓曲線迪菲-赫爾曼密鑰交換演算法而根據公鑰

Figure 02_image067
以及群組金鑰
Figure 02_image035
產生對應於終端裝置b的成員金鑰
Figure 02_image061
,如方程式(8)所示。
Figure 02_image069
…(8) In one embodiment, the terminal device b can use the elliptic curve based Diffie-Hellman key exchange algorithm to
Figure 02_image067
and the group key
Figure 02_image035
Generate a membership key corresponding to terminal device b
Figure 02_image061
, as shown in equation (8).
Figure 02_image069
…(8)

圖5根據本發明的一實施例繪示群組即時通訊程序的訊令圖。在步驟S501中,終端裝置a可對成員金鑰

Figure 02_image059
執行如方程式(9)所示的雜湊訊息鑑別碼(hashed message authentication code,HMAC)運算以產生訊息金鑰
Figure 02_image081
,其中
Figure 02_image083
代表對金鑰k以及常數A執行雜湊訊息鑑別碼運算。
Figure 02_image085
…(9) FIG. 5 shows a signaling diagram of a group instant messaging program according to an embodiment of the present invention. In step S501, the terminal device a can key the member key
Figure 02_image059
Perform the hashed message authentication code (HMAC) operation shown in equation (9) to generate the message key
Figure 02_image081
,in
Figure 02_image083
Represents performing a hash message authentication code operation on the key k and the constant A.
Figure 02_image085
…(9)

在步驟S502中,終端裝置a可根據訊息金鑰

Figure 02_image081
對訊息進行加密以產生加密訊息。具體來說,終端裝置a可對訊息M進行如方程式(10)所示的對稱加密演算法以產生加密訊息CT,其中
Figure 02_image049
代表基於AES演算法使用金鑰k對明文p進行加密。
Figure 02_image087
…(10) In step S502, terminal device a can
Figure 02_image081
The message is encrypted to produce an encrypted message. Specifically, the terminal device a can perform the symmetric encryption algorithm shown in equation (10) on the message M to generate the encrypted message CT, where
Figure 02_image049
It means to encrypt plaintext p with key k based on AES algorithm.
Figure 02_image087
...(10)

在步驟S503中,終端裝置a可傳送加密訊息CT以及金鑰資訊至終端裝置b,其中金鑰資訊可包含例如群組金鑰識別碼

Figure 02_image057
以及成員金鑰世代資訊,其中成員金鑰世代資訊指示當前終端裝置a之成員金鑰
Figure 02_image059
的世代。假設成員金鑰
Figure 02_image059
為終端裝置a的第一世代的成員金鑰,則成員金鑰世代資訊可向終端裝置b指示加密訊息CT是基於終端裝置a的第一世代的成員金鑰
Figure 02_image059
來加密的。因此,終端裝置b應該使用第一世代的成員金鑰
Figure 02_image059
來解密加密訊息CT。 In step S503, terminal device a may send the encrypted message CT and key information to terminal device b, wherein the key information may include, for example, a group key identification code
Figure 02_image057
and member key generation information, wherein the member key generation information indicates the member key of the current terminal device a
Figure 02_image059
generations. hypothetical member key
Figure 02_image059
is the first generation member key of terminal device a, then the member key generation information can indicate to terminal device b that the encrypted message CT is based on the first generation member key of terminal device a
Figure 02_image059
to encrypt. Therefore, end-device b should use the first-generation membership key
Figure 02_image059
to decrypt the encrypted message CT.

在步驟S504中,終端裝置a可對成員金鑰

Figure 02_image059
執行如方程式(11)所示的雜湊訊息鑑別碼運算以更新儲存在終端裝置a中的終端裝置a的成員金鑰的世代,其中
Figure 02_image089
代表對金鑰k以及常數B執行雜湊訊息鑑別碼運算,其中常數B與常數A相異。假設成員金鑰
Figure 02_image059
為終端裝置a的第一世代的成員金鑰,則終端裝置a可更新成員金鑰
Figure 02_image059
以產生終端裝置a的第二世代的成員金鑰
Figure 02_image091
Figure 02_image093
…(11) In step S504, the terminal device a can key the member key
Figure 02_image059
performing the hash message authentication code operation shown in equation (11) to update the generation of the membership key of terminal device a stored in terminal device a, where
Figure 02_image089
It represents performing a hash message authentication code operation on the key k and the constant B, where the constant B is different from the constant A. hypothetical member key
Figure 02_image059
is the member key of the first generation of terminal device a, then terminal device a can update the member key
Figure 02_image059
To generate the second generation member key of terminal device a
Figure 02_image091
.
Figure 02_image093
...(11)

此外,終端裝置a可對成員金鑰

Figure 02_image061
執行如方程式(12)所示的雜湊訊息鑑別碼運算以更新儲存在終端裝置a中的終端裝置b的成員金鑰的世代,其中
Figure 02_image089
代表對金鑰k以及常數B執行雜湊訊息鑑別碼運算,其中常數B與常數A相異。假設成員金鑰
Figure 02_image061
為終端裝置b的第一世代的成員金鑰,則終端裝置a可更新成員金鑰
Figure 02_image061
以產生終端裝置b的第二世代的成員金鑰
Figure 02_image095
Figure 02_image097
…(12) In addition, the terminal device a can key the member key
Figure 02_image061
performing the hash message authentication code operation shown in equation (12) to update the generation of the membership key of terminal device b stored in terminal device a, where
Figure 02_image089
It represents performing a hash message authentication code operation on the key k and the constant B, where the constant B is different from the constant A. hypothetical member key
Figure 02_image061
is the first generation member key of terminal device b, then terminal device a can update the member key
Figure 02_image061
to generate the second generation member key of terminal device b
Figure 02_image095
.
Figure 02_image097
...(12)

在步驟S505中,響應於接收加密訊息CT以及金鑰資訊,終端裝置b可對儲存在終端裝置b中的終端裝置a的成員金鑰

Figure 02_image059
執行如方程式(13)所示的雜湊訊息鑑別碼運算以產生訊息金鑰
Figure 02_image081
,其中
Figure 02_image083
代表對金鑰k以及常數A執行雜湊訊息鑑別碼運算。
Figure 02_image085
…(13) In step S505, in response to receiving the encrypted message CT and the key information, terminal device b may store the member key of terminal device a in terminal device b
Figure 02_image059
Perform the hash message authentication code operation shown in equation (13) to generate the message key
Figure 02_image081
,in
Figure 02_image083
Represents performing a hash message authentication code operation on the key k and the constant A.
Figure 02_image085
...(13)

在步驟S506中,終端裝置b可根據訊息金鑰

Figure 02_image081
對加密訊息CT進行解密以 取得訊息M。具體來說,終端裝置a可對加密訊息CT進行如方程式(14)所示的對稱解密演算法以產生訊息M,其中
Figure 02_image077
代表基於AES演算法使用金鑰k對密文c進行加密。
Figure 02_image099
…(14) In step S506, terminal device b can
Figure 02_image081
The encrypted message CT is decrypted to obtain the message M. Specifically, the terminal device a can perform the symmetric decryption algorithm shown in equation (14) on the encrypted message CT to generate a message M, where
Figure 02_image077
It means to encrypt the ciphertext c with the key k based on the AES algorithm.
Figure 02_image099
...(14)

在步驟S507中,終端裝置b可對成員金鑰

Figure 02_image059
執行如方程式(15)所示的雜湊訊息鑑別碼運算以更新儲存在終端裝置b中的終端裝置a的成員金鑰的世代,其中
Figure 02_image089
代表對金鑰k以及常數B執行雜湊訊息鑑別碼運算。假設成員金鑰
Figure 02_image059
為終端裝置a的第一世代的成員金鑰,則終端裝置b可更新成員金鑰
Figure 02_image059
以產生終端裝置a的第二世代的成員金鑰
Figure 02_image091
Figure 02_image093
…(15) In step S507, the terminal device b can key the member
Figure 02_image059
performing the hash message authentication code operation shown in equation (15) to update the generation of the membership key of terminal device a stored in terminal device b, where
Figure 02_image089
Represents performing a hash message authentication code operation on the key k and the constant B. hypothetical member key
Figure 02_image059
is the member key of the first generation of terminal device a, then terminal device b can update the member key
Figure 02_image059
To generate the second generation member key of terminal device a
Figure 02_image091
.
Figure 02_image093
...(15)

此外,終端裝置b可對成員金鑰

Figure 02_image061
執行如方程式(16)所示的雜湊訊息鑑別碼運算以更新儲存在終端裝置b中的終端裝置b的成員金鑰的世代,其中
Figure 02_image089
代表對金鑰k以及常數B執行雜湊訊息鑑別碼運算。假設成員金鑰
Figure 02_image061
為終端裝置b的第一世代的成員金鑰,則終端裝置b可更新成員金鑰
Figure 02_image061
以產生終端裝置b的第二世代的成員金鑰
Figure 02_image095
Figure 02_image097
…(16) In addition, the terminal device b can key the member key
Figure 02_image061
performing the hash message authentication code operation shown in equation (16) to update the generation of the membership key of terminal device b stored in terminal device b, where
Figure 02_image089
Represents performing a hash message authentication code operation on the key k and the constant B. hypothetical member key
Figure 02_image061
is the member key of the first generation of terminal device b, then terminal device b can update the member key
Figure 02_image061
to generate the second generation member key of terminal device b
Figure 02_image095
.
Figure 02_image097
...(16)

圖6根據本發明的一實施例繪示一種群組即時通訊的加密方法的流程圖,其中所述加密方法可由如圖1所示的加密系統實施。在步驟S601中,伺服器通訊連接至第一終端裝置以及第二終端裝置。在步驟S602中,伺服器傳送群組金鑰狀態至第一終端裝置。在步驟S603中,響應於群組金鑰狀態指示第一群組金鑰失效,第一終端裝置基於橢圓曲線密碼學演算法產生第二群組金鑰、臨時公鑰以及對應於臨時公鑰的臨時私鑰。在步驟S604中,第一終端裝置根據第二群組金鑰、臨時私鑰以及對應於第二終端裝置的第二公鑰產生群組金鑰密文。在步驟S605中,響應於自第一終端裝置接收群組金鑰密文,伺服器傳送對應於第二群組金鑰的金鑰資訊至第一終端裝置。在步驟S606中,響應於自伺服器接收金鑰資訊,第一終端裝置根據第二群組金鑰更新對應於第一終端裝置的第一成員金鑰。在步驟S607中,第一終端裝置根據第一成員金鑰與第二終端裝置進行通訊。FIG. 6 shows a flowchart of an encryption method for group instant messaging according to an embodiment of the present invention, wherein the encryption method can be implemented by the encryption system shown in FIG. 1 . In step S601, the server is communicatively connected to the first terminal device and the second terminal device. In step S602, the server sends the group key status to the first terminal device. In step S603, in response to the status of the group key indicating that the first group key is invalid, the first terminal device generates the second group key, the temporary public key and the key corresponding to the temporary public key based on the elliptic curve cryptography algorithm. Temporary private key. In step S604, the first terminal device generates a group key ciphertext according to the second group key, the temporary private key, and the second public key corresponding to the second terminal device. In step S605, in response to receiving the group key ciphertext from the first terminal device, the server transmits key information corresponding to the second group key to the first terminal device. In step S606, in response to receiving the key information from the server, the first terminal device updates the first member key corresponding to the first terminal device according to the second group key. In step S607, the first terminal device communicates with the second terminal device according to the first member key.

綜上所述,本發明之特點及功效可包含:伺服器無直接參與金鑰協商,達到端點加密效果;群組成員異動後仍然具有端點加密保護;降低群組成員數量對效能與安全性的影響(例如:增加群組成員並不會使即時通訊的效能降低);每則訊息金鑰都利用棘輪方式產生確保前向安全;金鑰同步時僅需由一名成員進行,降低金鑰同步複雜度;以及結合數位簽章,確保訊息的完整性與身分認證。To sum up, the features and functions of the present invention can include: the server does not directly participate in the key negotiation to achieve endpoint encryption; group members still have endpoint encryption protection after a change; reducing the number of group members has an impact on performance and security Sexual impact (for example: adding group members will not reduce the performance of instant messaging); each message key is generated using a ratchet method to ensure forward security; key synchronization only needs to be performed by one member, reducing gold Key synchronization complexity; and combined with digital signatures to ensure message integrity and identity authentication.

本發明可提供下列的安全性:(1)對於成員金鑰與訊息金鑰具有前向安全:金鑰衍生採單向性的雜湊函數,假設第三者能取得到某代之訊息金鑰的情況下,也無法有效逆推回過往的訊息金鑰,同樣的成員金鑰也無法有效逆推回前一世代之金鑰。(2)可確保訊息的完整性與身分認證:本方法中的任何從終端發出的訊息皆針對內容使用數位簽章,同樣的終端接收到的訊息皆先檢查數位簽章後再進行後續動作,達到訊息的完整性與身分認證,有效降低中間人攻擊可能性,並且可減少使用者手動進行確認彼此身分之操作(如:雙方透過面對面確認彼此公鑰指紋),提高可用性與可靠性。(3)成員異動仍保持安全的端點加密通訊:本方法透過伺服器管理群組金鑰狀態,確保任何異動能即時有效的將群組金鑰狀態設為無效,迫使終端於下則訊息使用新的群組金鑰來進行金鑰同步與加密訊息,確保舊成員無法解密接續的新訊息,新成員也無法解密過往的舊訊息。The present invention can provide the following security: (1) It has forward security for member keys and message keys: key derivation adopts a one-way hash function, assuming that a third party can obtain the information key of a certain generation In this case, the previous message key cannot be effectively reversed, and the same member key cannot be effectively reversed to the key of the previous generation. (2) It can ensure the integrity and identity authentication of the message: any message sent from the terminal in this method uses a digital signature for the content, and the message received by the same terminal first checks the digital signature before proceeding to follow-up actions. Achieve message integrity and identity authentication, effectively reduce the possibility of man-in-the-middle attacks, and reduce the need for users to manually confirm each other's identities (such as: both parties confirm each other's public key fingerprints face-to-face), improving usability and reliability. (3) Endpoint encrypted communication is still maintained when the member changes: This method manages the group key status through the server to ensure that any transaction can immediately and effectively set the group key status to invalid, forcing the terminal to use the following message The new group key is used for key synchronization and encrypted messages to ensure that old members cannot decrypt new messages that follow, and new members cannot decrypt old messages in the past.

10:加密系統 100:伺服器 200:群組 a、b:終端裝置 S201、S202、S203、S204、S301、S302、S303、S304、S401、S402、S403、S404、S405、S406、S407、S408、S409、S501、S502、S503、S504、S505、S506、S507、S601、S602、S603、S604、S605、S606、S607:步驟 10: Encryption system 100: server 200: group a, b: terminal device S201, S202, S203, S204, S301, S302, S303, S304, S401, S402, S403, S404, S405, S406, S407, S408, S409, S501, S502, S503, S504, S505, S506, S507, S601, S602, S603, S604, S605, S606, S607: steps

圖1根據本發明的一實施例繪示一種群組即時通訊的加密系統的示意圖。 圖2根據本發明的一實施例繪示註冊程序的訊令圖。 圖3根據本發明的一實施例繪示成員異動程序的訊令圖。 圖4根據本發明的一實施例繪示金鑰同步程序的訊令圖。 圖5根據本發明的一實施例繪示群組即時通訊程序的訊令圖。 圖6根據本發明的一實施例繪示一種群組即時通訊的加密方法的流程圖。 FIG. 1 shows a schematic diagram of an encryption system for group instant messaging according to an embodiment of the present invention. FIG. 2 shows a signaling diagram of a registration procedure according to an embodiment of the present invention. FIG. 3 shows a signaling diagram of a member transaction procedure according to an embodiment of the present invention. FIG. 4 shows a signaling diagram of a key synchronization procedure according to an embodiment of the present invention. FIG. 5 shows a signaling diagram of a group instant messaging program according to an embodiment of the present invention. FIG. 6 shows a flow chart of an encryption method for group instant messaging according to an embodiment of the present invention.

S601、S602、S603、S604、S605、S606、S607:步驟 S601, S602, S603, S604, S605, S606, S607: steps

Claims (19)

一種群組即時通訊的加密系統,包括: 第一終端裝置; 第二終端裝置;以及 伺服器,通訊連接至所述第一終端裝置以及所述第二終端裝置,其中 所述伺服器傳送群組金鑰狀態至所述第一終端裝置; 響應於所述群組金鑰狀態指示第一群組金鑰失效,所述第一終端裝置基於橢圓曲線密碼學演算法產生第二群組金鑰、臨時公鑰以及對應於所述臨時公鑰的臨時私鑰; 所述第一終端裝置根據所述第二群組金鑰、所述臨時私鑰以及對應於所述第二終端裝置的第二公鑰產生群組金鑰密文; 響應於自所述第一終端裝置接收所述群組金鑰密文,所述伺服器傳送對應於所述第二群組金鑰的金鑰資訊至所述第一終端裝置; 響應於自所述伺服器接收所述金鑰資訊,所述第一終端裝置根據所述第二群組金鑰更新對應於所述第一終端裝置的第一成員金鑰;以及 所述第一終端裝置根據所述第一成員金鑰與所述第二終端裝置進行通訊。 An encryption system for group instant messaging, including: a first terminal device; a second terminal device; and a server, communicatively connected to the first terminal device and the second terminal device, wherein The server sends a group key status to the first terminal device; In response to the state of the group key indicating that the first group key is invalid, the first terminal device generates a second group key, a temporary public key, and a key corresponding to the temporary public key based on elliptic curve cryptography. temporary private key; The first terminal device generates a group key ciphertext according to the second group key, the temporary private key, and a second public key corresponding to the second terminal device; In response to receiving the group key ciphertext from the first terminal device, the server transmits key information corresponding to the second group key to the first terminal device; In response to receiving the key information from the server, the first terminal device updates a first member key corresponding to the first terminal device according to the second group key; and The first terminal device communicates with the second terminal device according to the first member key. 如請求項1所述的加密系統,其中 所述第一終端裝置根據所述第二群組金鑰更新儲存在所述第一終端裝置且對應於所述第二終端裝置的所述第二成員金鑰;以及 所述第一終端裝置自所述第二終端裝置接收加密訊息,並且通過所述第二成員金鑰解密所述加密訊息。 The encryption system as claimed in claim 1, wherein updating, by the first terminal device, the second member key stored in the first terminal device and corresponding to the second terminal device according to the second group key; and The first terminal device receives an encrypted message from the second terminal device, and decrypts the encrypted message by the second member key. 如請求項1所述的加密系統,其中 所述第一終端裝置根據所述第一成員金鑰產生加密訊息,並且傳送所述加密訊息至所述第二終端裝置。 The encryption system as claimed in claim 1, wherein The first terminal device generates an encrypted message according to the first member key, and sends the encrypted message to the second terminal device. 如請求項1所述的加密系統,其中 所述第一終端裝置基於橢圓曲線迪菲-赫爾曼密鑰交換演算法而根據所述臨時私鑰以及所述第二公鑰產生共享秘密;以及 所述第一終端裝置基於對稱加密演算法而根據所述共享秘密以及所述第二群組金鑰產生所述群組金鑰密文。 The encryption system as claimed in claim 1, wherein the first terminal device generates a shared secret based on the ephemeral private key and the second public key based on an elliptic curve Diffie-Hellman key exchange algorithm; and The first terminal device generates the group key ciphertext according to the shared secret and the second group key based on a symmetric encryption algorithm. 如請求項4所述的加密系統,其中 在執行所述對稱加密演算法之前,所述第一終端裝置對所述共享秘密執行安全雜湊演算法。 The encryption system as claimed in claim 4, wherein Before performing the symmetric encryption algorithm, the first terminal device performs a secure hash algorithm on the shared secret. 如請求項4所述的加密系統,其中 所述第二終端裝置自所述伺服器接收所述群組金鑰密文、所述臨時公鑰以及對應於所述第一終端裝置的第一公鑰; 所述第二終端裝置基於所述橢圓曲線迪菲-赫爾曼密鑰交換演算法而根據所述臨時公鑰以及對應於所述第二公鑰的第二私鑰取得所述共享秘密;以及 所述第二終端裝置基於對應於所述對稱加密演算法的對稱解密演算法而根據所述共享秘密以及所述群組金鑰密文取得所述第二群組金鑰。 The encryption system as claimed in claim 4, wherein The second terminal device receives the group key ciphertext, the temporary public key, and a first public key corresponding to the first terminal device from the server; the second terminal device obtains the shared secret based on the ephemeral public key and a second private key corresponding to the second public key based on the elliptic curve Diffie-Hellman key exchange algorithm; and The second terminal device obtains the second group key according to the shared secret and the group key ciphertext based on a symmetric decryption algorithm corresponding to the symmetric encryption algorithm. 如請求項6所述的加密系統,其中 在執行所述對稱解密演算法之前,所述第二終端裝置對所述共享秘密執行安全雜湊演算法。 The encryption system as claimed in claim 6, wherein Before performing the symmetric decryption algorithm, the second terminal device performs a secure hash algorithm on the shared secret. 如請求項6所述的加密系統,其中 所述第二終端裝置根據所述第二群組金鑰更新儲存在所述第二終端裝置且對應於所述第一終端裝置的所述第一成員金鑰;以及 所述第二終端裝置根據所述第二群組金鑰更新儲存在所述第二終端裝置且對應於所述第二終端裝置的第二成員金鑰。 The encryption system as claimed in claim 6, wherein updating, by the second terminal device, the first member key stored in the second terminal device and corresponding to the first terminal device according to the second group key; and The second terminal device updates a second member key stored in the second terminal device and corresponding to the second terminal device according to the second group key. 如請求項6所述的加密系統,其中 所述伺服器響應於所述第二終端裝置登入所述群組即時通訊而傳送所述群組金鑰密文至所述第二終端裝置。 The encryption system as claimed in claim 6, wherein The server sends the group key ciphertext to the second terminal device in response to the second terminal device logging into the group instant messaging. 如請求項3所述的加密系統,其中 所述第一終端裝置對所述第一成員金鑰執行第一雜湊訊息鑑別碼運算以產生第一訊息金鑰;以及 所述第一終端裝置對所述第一成員金鑰執行第二雜湊訊息鑑別碼運算以更新所述第一成員金鑰。 The encryption system as claimed in claim 3, wherein performing a first hash message authentication code operation on the first member key by the first terminal device to generate a first message key; and The first terminal device performs a second hash message authentication code operation on the first member key to update the first member key. 如請求項10所述的加密系統,其中 所述第一終端裝置對根據所述第一訊息金鑰對訊息進行加密以產生所述加密訊息。 The encryption system as claimed in claim 10, wherein The first terminal device encrypts a message according to the first message key to generate the encrypted message. 如請求項10所述的加密系統,其中 所述第二終端裝置自所述第一終端裝置接收所述加密訊息以及金鑰資訊; 響應於接收所述金鑰資訊,所述第二終端裝置對所述第一成員金鑰執行所述第一雜湊訊息鑑別碼運算以取得所述第一訊息金鑰;以及 響應於接收所述金鑰資訊,所述第二終端裝置對所述第一成員金鑰執行所述第二雜湊訊息鑑別碼運算以更新儲存在所述第二終端的所述第一成員金鑰。 The encryption system as claimed in claim 10, wherein The second terminal device receives the encrypted message and key information from the first terminal device; In response to receiving the key information, the second terminal device performs the first hash message authentication code operation on the first member key to obtain the first message key; and In response to receiving the key information, the second terminal device performs the second hash message authentication code operation on the first member key to update the first member key stored in the second terminal device . 如請求項12所述的加密系統,其中 所述第二終端裝置對根據所述第一訊息金鑰對所述加密訊息進行解密以取得所述訊息。 The encryption system of claim 12, wherein The second terminal device decrypts the encrypted message according to the first message key to obtain the message. 如請求項1所述的加密系統,其中 所述第一終端裝置基於所述橢圓曲線密碼學演算法產生對應於所述第一終端裝置的第一公鑰以及對應於所述第一公鑰的第一私鑰,並且基於公開金鑰密碼學產生憑證以及對應於所述憑證的數位簽章;以及 所述第一終端裝置傳送所述第一公鑰、所述憑證以及所述數位簽章至所述伺服器以註冊加入所述群組即時通訊。 The encryption system as claimed in claim 1, wherein The first terminal device generates a first public key corresponding to the first terminal device and a first private key corresponding to the first public key based on the elliptic curve cryptography algorithm, and based on public key cryptography a student-generated credential and a digital signature corresponding to said credential; and The first terminal device sends the first public key, the certificate, and the digital signature to the server to register to join the group instant messaging. 如請求項14所述的加密系統,其中 所述第一終端裝置基於對應於所述橢圓曲線密碼學演算法的定義域產生所述第一公鑰、所述第一私鑰、所述第二群組金鑰、所述臨時公鑰以及所述臨時私鑰。 The encryption system of claim 14, wherein The first terminal device generates the first public key, the first private key, the second group key, the temporary public key, and the temporary private key. 如請求項1所述的加密系統,其中 所述伺服器自所述群組即時通訊的成員接收異動資訊,並且根據所述異動資訊使所述第一群組金鑰失效。 The encryption system as claimed in claim 1, wherein The server receives change information from members of the group instant messaging, and invalidates the first group key according to the change information. 如請求項14所述的加密系統,其中 所述伺服器自所述第一終端裝置接收訊息,其中所述訊息包括所述數位簽章;以及 所述伺服器根據所述憑證驗證所述數位簽章以判斷所述訊息的來源是否正確。 The encryption system of claim 14, wherein the server receives a message from the first terminal device, wherein the message includes the digital signature; and The server verifies the digital signature according to the certificate to determine whether the source of the message is correct. 如請求項14所述的加密系統,其中 所述第二終端裝置自所述第一終端裝置接收訊息,其中所述訊息包括所述數位簽章;以及 所述第二終端裝置根據所述憑證驗證所述數位簽章以判斷所述訊息的來源是否正確。 The encryption system of claim 14, wherein the second terminal device receives a message from the first terminal device, wherein the message includes the digital signature; and The second terminal device verifies the digital signature according to the certificate to determine whether the source of the message is correct. 一種群組即時通訊的加密方法,包括: 伺服器通訊連接至第一終端裝置以及第二終端裝置; 所述伺服器傳送群組金鑰狀態至所述第一終端裝置; 響應於所述群組金鑰狀態指示第一群組金鑰失效,所述第一終端裝置基於橢圓曲線密碼學演算法產生第二群組金鑰、臨時公鑰以及對應於所述臨時公鑰的臨時私鑰; 所述第一終端裝置根據所述第二群組金鑰、所述臨時私鑰以及對應於所述第二終端裝置的第二公鑰產生群組金鑰密文; 響應於自所述第一終端裝置接收所述群組金鑰密文,所述伺服器傳送對應於所述第二群組金鑰的金鑰資訊至所述第一終端裝置; 響應於自所述伺服器接收所述金鑰資訊,所述第一終端裝置根據所述第二群組金鑰更新對應於所述第一終端裝置的第一成員金鑰;以及 所述第一終端裝置根據所述第一成員金鑰與所述第二終端裝置進行通訊。 An encryption method for group instant messaging, comprising: The server is communicatively connected to the first terminal device and the second terminal device; The server sends a group key status to the first terminal device; In response to the state of the group key indicating that the first group key is invalid, the first terminal device generates a second group key, a temporary public key, and a key corresponding to the temporary public key based on elliptic curve cryptography. temporary private key; The first terminal device generates a group key ciphertext according to the second group key, the temporary private key, and a second public key corresponding to the second terminal device; In response to receiving the group key ciphertext from the first terminal device, the server transmits key information corresponding to the second group key to the first terminal device; In response to receiving the key information from the server, the first terminal device updates a first member key corresponding to the first terminal device according to the second group key; and The first terminal device communicates with the second terminal device according to the first member key.
TW110123849A 2021-06-29 2021-06-29 Encryption system and encryption method for group instant massaging TWI761243B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW110123849A TWI761243B (en) 2021-06-29 2021-06-29 Encryption system and encryption method for group instant massaging

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW110123849A TWI761243B (en) 2021-06-29 2021-06-29 Encryption system and encryption method for group instant massaging

Publications (2)

Publication Number Publication Date
TWI761243B TWI761243B (en) 2022-04-11
TW202301830A true TW202301830A (en) 2023-01-01

Family

ID=82199236

Family Applications (1)

Application Number Title Priority Date Filing Date
TW110123849A TWI761243B (en) 2021-06-29 2021-06-29 Encryption system and encryption method for group instant massaging

Country Status (1)

Country Link
TW (1) TWI761243B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI835580B (en) * 2023-03-09 2024-03-11 中華電信股份有限公司 Multiple terminal end-to-end encryption communication method and computer readable medium

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB201705621D0 (en) * 2017-04-07 2017-05-24 Nchain Holdings Ltd Computer-implemented system and method
TWI760546B (en) * 2017-08-23 2022-04-11 安地卡及巴布達商區塊鏈控股有限公司 Computer-implemented system and method for highly secure, high speed encryption and transmission of data
TWI717071B (en) * 2019-10-25 2021-01-21 中華電信股份有限公司 Certificate management system and method thereof

Also Published As

Publication number Publication date
TWI761243B (en) 2022-04-11

Similar Documents

Publication Publication Date Title
TWI748853B (en) Secure multiparty loss resistant storage and transfer of cryptographic keys for blockchain based systems in conjunction with a wallet management system
CN107948189B (en) Asymmetric password identity authentication method and device, computer equipment and storage medium
US7814320B2 (en) Cryptographic authentication, and/or establishment of shared cryptographic keys, using a signing key encrypted with a non-one-time-pad encryption, including (but not limited to) techniques with improved security against malleability attacks
Borisov et al. Off-the-record communication, or, why not to use PGP
US9106410B2 (en) Identity based authenticated key agreement protocol
CN108199835B (en) Multi-party combined private key decryption method
US20170244687A1 (en) Techniques for confidential delivery of random data over a network
US11870891B2 (en) Certificateless public key encryption using pairings
CN110048849B (en) Multi-layer protection session key negotiation method
JP2012019511A (en) System and method of safety transaction between wireless communication apparatus and server
US9130744B1 (en) Sending an encrypted key pair and a secret shared by two devices to a trusted intermediary
CN110087240B (en) Wireless network security data transmission method and system based on WPA2-PSK mode
Chen et al. A round-and computation-efficient three-party authenticated key exchange protocol
KR20100050846A (en) System and method for interchanging key
US10630466B1 (en) Apparatus and method for exchanging cryptographic information with reduced overhead and latency
JP2004364303A (en) Method and system for establishing link key for encrypting and decrypting messages
JP2017163612A (en) Terminal authentication system, server device, and terminal authentication method
KR101014849B1 (en) Method for mutual authenticating and key exchanging to Public Key without trusted third party and apparatus thereof
WO2020042023A1 (en) Instant messaging data encryption method and apparatus
TWI761243B (en) Encryption system and encryption method for group instant massaging
CN111526131B (en) Anti-quantum-computation electronic official document transmission method and system based on secret sharing and quantum communication service station
JP4924943B2 (en) Authenticated key exchange system, authenticated key exchange method and program
CN116455561A (en) Embedded TLS protocol for lightweight devices
WO2022135394A1 (en) Identity authentication method and apparatus, storage medium, program, and program product
CN112019553B (en) Data sharing method based on IBE/IBBE