WO2023160375A1

WO2023160375A1 - Session key generation method, control device, and device clustering system

Info

Publication number: WO2023160375A1
Application number: PCT/CN2023/074753
Authority: WO
Inventors: 马建忠; 张颖; 汤华君
Original assignee: Huawei Technologies Co Ltd
Current assignee: Huawei Technologies Co Ltd
Priority date: 2022-02-24
Filing date: 2023-02-07
Publication date: 2023-08-31
Anticipated expiration: 2024-08-24
Also published as: CN116707837A

Abstract

The present application discloses a session key generation method, a control device, and a device clustering system. KDEs are deployed in all service components in control devices, and authentication and session establishment can be performed between two service components in different control devices by means of the KDEs deployed inside the service components. During the establishment of a session, two KDEs negotiate to generate a session key, and perform authentication on the basis of the determined session key, without the need for performing authentication by means of a digital certificate, so that authentication efficiency can be improved, and system performance is improved. Moreover, when two KDEs negotiate to generate a session key without the need for establishing a session between the two KDEs, one of the KDEs applies to a KDC for a session key of this session, i.e., there is no need for the KDE to access the KDC before each session is established, so that the number of accesses to the KDC can be greatly reduced, performance bottlenecks caused by blockings resulting from a large number of accesses to the KDC are avoided, and the performance and reliability of the KDC are improved.

Description

Session secret key generation method, control device and device cluster system

technical field

本申请涉及通信技术领域，尤其涉及一种会话秘钥生成方法、控制设备和设备集群系统。The present application relates to the technical field of communication, and in particular to a method for generating a session key, a control device and a device cluster system.

Background technique

在分布式存储系统、微服务系统或云计算系统等设备集群系统中，通常包括多个控制设备，该控制设备可以理解为计算机、服务器、虚拟计算机或控制器等可以运行软件程序的设备。In a device cluster system such as a distributed storage system, a microservice system, or a cloud computing system, it usually includes multiple control devices, which can be understood as devices that can run software programs, such as computers, servers, virtual computers, or controllers.

每个控制设备上可以部署一个或多个服务组件，服务组件可以理解为软件程序，服务组件可以为用户终端或其他服务组件提供服务。例如，部署在控制设备B上的第二服务组件可以为部署在控制设备A上的第一服务组件提供服务，如数据存取服务等。为了保证数据传输的安全性，第二服务组件在为第一服务组件提供服务时，即第二服务组件在与第一服务组件建立会话时，要对第一服务组件进行身份认证。One or more service components can be deployed on each control device. The service components can be understood as software programs, and the service components can provide services for user terminals or other service components. For example, the second service component deployed on the control device B may provide services for the first service component deployed on the control device A, such as data access services and the like. In order to ensure the security of data transmission, when the second service component provides services for the first service component, that is, when the second service component establishes a session with the first service component, it needs to authenticate the identity of the first service component.

目前，每个服务组件具有唯一对应的数字证书，服务组件之间可以通过数字证书进行认证。然而，数字证书的认证速度较低，无法满足大规模高效能的业务需求。Currently, each service component has a unique corresponding digital certificate, and service components can be authenticated through digital certificates. However, the certification speed of digital certificates is low, which cannot meet the needs of large-scale and high-efficiency business.

发明内容Contents of the invention

本申请实施例提供一种会话秘钥生成方法、控制设备和设备集群系统，可以提高认证效率，提高系统性能。Embodiments of the present application provide a method for generating a session key, a control device, and a device cluster system, which can improve authentication efficiency and system performance.

第一方面，本申请实施例提供一种控制设备，为方便理解，下文中将该控制设备称为第一控制设备，第一控制设备应用于设备集群系统中。设备集群系统中可以包括多个控制设备，其中，第一控制设备可以包括秘钥分发中心KDC和第一服务组件，第一服务组件中部署有第一秘钥分发实体KDE。In a first aspect, an embodiment of the present application provides a control device. For the convenience of understanding, the control device is referred to as a first control device hereinafter, and the first control device is applied in a device cluster system. The device cluster system may include multiple control devices, wherein the first control device may include a key distribution center KDC and a first service component, and the first service component is deployed with a first key distribution entity KDE.

KDC可以用于：响应于第一KDE的秘钥申请请求，为第一KDE提供秘钥生成信息。第一KDE用于根据KDC提供的秘钥生成信息生成第一实体秘钥。The KDC may be configured to: provide key generation information for the first KDE in response to the key application request of the first KDE. The first KDE is used to generate the first entity key according to the key generation information provided by the KDC.

第一KDE可以用于在与另一控制设备的服务组件的第二KDE建立会话的过程中，向第二KDE发送第一KDE的标识信息和KDC的标识信息，以使第二KDE根据第二KDE的实体秘钥、第一KDE的标识信息和KDC的标识信息，生成用于第一KDE和第二KDE之间进行认证的会话密钥；第一KDE接收第二KDE发送的第二KDE的标识信息和KDC的标识信息，根据第一实体秘钥、第二KDE的标识信息和KDC的标识信息，生成用于第一KDE和第二KDE之间进行认证的会话密钥。The first KDE can be used to send the identification information of the first KDE and the identification information of the KDC to the second KDE during the process of establishing a session with the second KDE of the service component of another control device, so that the second KDE can send the identification information of the first KDE to the second KDE according to the second KDE The entity key of KDE, the identification information of the first KDE and the identification information of KDC generate a session key for authentication between the first KDE and the second KDE; the first KDE receives the second KDE's The identification information and the identification information of the KDC generate a session key for authentication between the first KDE and the second KDE according to the first entity key, the identification information of the second KDE, and the identification information of the KDC.

本申请实施例中，控制设备内的服务组件中均部署有KDE，不同控制设备中的两个服务组件之间可以通过服务组件内部署的KDE进行认证和建立会话。在会话建立过程中，两个KDE协商生成会话秘钥，并基于确定的会话秘钥进行认证，而无需通过数字证书进行认证，降低了管理复杂度；同时，也无需使用复杂的数字证书认证算法，可以提高认证效率，提高系统性能。In the embodiment of the present application, KDE is deployed in the service components in the control device, and two service components in different control devices can be authenticated and establish a session through the KDE deployed in the service components. During the session establishment process, the two KDEs negotiate to generate a session key and perform authentication based on the determined session key without the need for digital certificate authentication, which reduces management complexity; at the same time, there is no need to use complex digital certificate authentication algorithms , can improve authentication efficiency and improve system performance.

并且，由两个KDE协商生成会话秘钥，而无需在两个KDE建立会话时，由其中一个KDE 向KDC申请此次会话的会话秘钥，即无需KDE在每次建立会话之前均访问KDC，从而可以大量减少KDE与KDC的通信次数，减少KDC被访问的次数，避免因大量访问KDC造成阻塞带来的性能瓶颈，且可以降低KDC的数据处理压力，提高KDC的性能和可靠性。同时，可以避免由KDC保存所有会话的会话秘钥，导致KDC被入侵带来整个系统失去安全性的问题。Moreover, the session key is generated through negotiation between the two KDEs, without the need for one of the KDEs to establish a session when the two KDEs establish a session Apply to the KDC for the session key of this session, that is, it is not necessary for KDE to visit the KDC before each session is established, so that the number of communications between KDE and KDC can be greatly reduced, the number of times KDC is visited, and the congestion caused by a large number of visits to KDC can be avoided. It can reduce the data processing pressure of KDC and improve the performance and reliability of KDC. At the same time, it can avoid the problem that the KDC saves the session keys of all sessions, which leads to the loss of security of the entire system due to the KDC being invaded.

本申请实施例中，第一KDE和第二KDE在协商生成会话秘钥的过程中，所使用的第一KDE的标识信息、第二KDE的标识信息均是唯一的，因此协商生成的会话秘钥也具有唯一性，可以防止外部的恶意攻击，提高会话安全性。In the embodiment of this application, during the process of negotiating and generating a session key between the first KDE and the second KDE, the identification information of the first KDE and the identification information of the second KDE used are unique, so the session key generated through negotiation The key is also unique, which can prevent external malicious attacks and improve session security.

在一种可能的实现方式中，第一控制设备中可以包括多个服务组件，每个服务组件中均部署有KDE，第一KDE可以是多个服务组件的KDE中的任意一个，或者说，第一KDE可以是第一控制设备的任意一个服务组件中的KDE。第二控制设备中也可以包括多个服务组件，每个服务组件中均部署有KDE，第二KDE也可以是多个服务组件的KDE中的任意一个，或者说，第二KDE可以是第二控制设备的任意一个服务组件中的KDE。第一控制设备和第二控制设备均为上述设备集群系统中的设备。In a possible implementation manner, the first control device may include multiple service components, each of which is deployed with KDE, and the first KDE may be any one of the KDEs of the multiple service components, or in other words, The first KDE may be KDE in any service component of the first control device. The second control device may also include a plurality of service components, each of which is equipped with KDE, and the second KDE may also be any one of the KDEs of the plurality of service components, or in other words, the second KDE may be the second Control KDE in any of the service components of the device. Both the first control device and the second control device are devices in the above-mentioned device cluster system.

在一种可能的实现方式中，第一控制设备中还可以包括秘钥分发代理KDA，KDA用于保存第一控制设备内的各个服务组件中包括的KDE的实体秘钥，其中包括第一实体秘钥；相对应地，第一KDE还用于在生成第一实体秘钥之后，可以将第一实体秘钥保存在第一控制设备的KDA中，并在每次启动时，从第一控制设备的KDA中获取第一实体秘钥。In a possible implementation, the first control device may further include a key distribution agent KDA, which is used to save the entity key of KDE included in each service component in the first control device, including the first entity Correspondingly, the first KDE is also used to save the first entity key in the KDA of the first control device after generating the first entity key, and at each startup, from the first control device Obtain the first entity key from the KDA of the device.

上述实施例中，第一控制设备中部署有KDA，用于保存第一控制设备内的各个服务组件中包括的KDE的实体秘钥。各个KDE可以仅在首次启动或实体秘钥丢失时，才获取主KDC提供的秘钥生成信息，并生成实体秘钥，保存在KDA中。在每次启动时，可以从KDA中获取实体秘钥，而无需再从KDC获取秘钥生成信息，可以进一步降低KDC的数据处理压力。同时，KDE无需每次启动时生成实体秘钥，也可以减少KDE所占用的计算资源。另外，由KDA保存第一控制设备内的各个KDE的实体秘钥，避免了多个KDE分别保存自身的实体秘钥，无法在每个KDE中分别部署安全存储机制带来的秘钥安全存储难题，可以提高实体秘钥的安全性，减少秘钥泄漏的风险。In the above embodiment, KDA is deployed in the first control device, which is used to save the entity key of KDE included in each service component in the first control device. Each KDE can obtain the key generation information provided by the main KDC only when it is started for the first time or when the entity key is lost, and generate the entity key, which is stored in KDA. At each startup, the entity key can be obtained from the KDA, without obtaining the key generation information from the KDC, which can further reduce the data processing pressure of the KDC. At the same time, KDE does not need to generate an entity key every time it is started, which can also reduce the computing resources occupied by KDE. In addition, KDA saves the physical keys of each KDE in the first control device, avoiding the problem of safe storage of secret keys caused by multiple KDEs separately storing their own physical keys and unable to deploy a secure storage mechanism in each KDE , which can improve the security of the entity key and reduce the risk of key leakage.

在一种可能的实现方式中，第一控制设备的KDA还可以用于：接收第一KDE发送的秘钥申请请求，并向KDC转发第一KDE的秘钥申请请求；以及接收KDC发送的秘钥生成信息，并向第一KDE转发该秘钥生成信息。In a possible implementation, the KDA of the first control device can also be used to: receive the key application request sent by the first KDE, and forward the first KDE's key application request to the KDC; and receive the key application request sent by the KDC; key generation information, and forward the key generation information to the first KDE.

上述设备集群系统中，与KDA部署在同一控制设备内的各个KDE均可以通过该KDA进行数据通信与KDC进行数据通信。由于一个控制设备内具有多个服务组件，每个服务组件中均部署有一个KDE，多个服务组件中的KDE通过一个KDA与KDC连接，与KDC连接的KDA的数量远小于KDE的数量，因此可以减少所占用的KDC对外通信接口的数量，减轻KDC的对外通信压力。In the above device cluster system, each KDE deployed in the same control device as the KDA can perform data communication with the KDC through the KDA. Since there are multiple service components in one control device, each service component is deployed with a KDE, the KDE in multiple service components is connected to the KDC through a KDA, and the number of KDAs connected to the KDC is much smaller than the number of KDEs, so It can reduce the number of occupied KDC external communication interfaces, and reduce the external communication pressure of KDC.

在一种可能的实现方式中，KDC还可以用于：接收并保存设备集群系统中包含的各个KDE的注册信息；以及在接收到第一KDE的秘钥申请请求时，将秘钥申请请求中携带的秘钥申请信息与保存的第一KDE的注册信息进行一致性验证，且在验证通过后为第一KDE提供秘钥生成信息。In a possible implementation, the KDC can also be used to: receive and save the registration information of each KDE included in the device cluster system; and when receiving the key application request of the first KDE, include the Verify the consistency between the carried key application information and the saved registration information of the first KDE, and provide key generation information for the first KDE after the verification is passed.

上述实施例中，KDC无论作为主KDC或备KDC时，均可以保存各个KDE的注册信息，以备在作为主KDC时，对KDE发送的秘钥申请请求中携带的秘钥申请信息进行验证，因此，在进行主备倒换时，无需各KDC之间进行数据同步，避免出现主备倒换时KDC之间数据同步的难题。 In the above-mentioned embodiment, no matter when the KDC is used as the main KDC or the standby KDC, the registration information of each KDE can be saved, so that when it is used as the main KDC, the key application information carried in the key application request sent by the KDE is verified. Therefore, during active/standby switchover, there is no need to perform data synchronization between KDCs, avoiding the problem of data synchronization between KDCs during active/standby switchover.

在一种可能的实现方式中，第一KDE还可以用于：获取并保存所述KDC的标识信息和中心秘钥，在与第二KDE协商生成会话秘钥时，第一KDE可以根据KDC的标识信息，获取KDC的中心秘钥，并根据第一实体秘钥、第二KDE的标识信息和KDC的中心秘钥生成会话秘钥。In a possible implementation manner, the first KDE may also be used to: obtain and save the identification information and central key of the KDC, and when negotiating with the second KDE to generate a session key, the first KDE may Identification information, obtain the central key of the KDC, and generate a session key according to the first entity key, the identification information of the second KDE and the central key of the KDC.

示例性地，设备集群系统中可以部署多个KDC，不同的KDC部署于设备集群系统中的不同控制设备内；多个KDC中可以包括主KDC和备KDC。第一KDE可以用于：获取并保存设备集群系统中包含的各个KDC的标识信息和中心秘钥。主KDC可以用于响应于第一KDE的秘钥申请请求，为第一KDE提供秘钥生成信息。例如，KDA接收第一KDE发送的秘钥申请请求后，可以向主KDC转发第一KDE的秘钥申请请求；以及接收主KDC发送的秘钥生成信息，并向第一KDE转发秘钥生成信息，第一KDE根据主KDC提供的秘钥生成信息生成第一实体秘钥。在与第二KDE协商生成会话秘钥时，第一KDE可以根据主KDC的标识信息，获取主KDC的中心秘钥，并根据第一实体秘钥、第二KDE的标识信息和主KDC的中心秘钥生成会话秘钥。Exemplarily, multiple KDCs may be deployed in the device cluster system, and different KDCs may be deployed in different control devices in the device cluster system; the multiple KDCs may include an active KDC and a standby KDC. The first KDE may be used to: obtain and save the identification information and central key of each KDC included in the device cluster system. The master KDC may be used to provide key generation information for the first KDE in response to the key application request of the first KDE. For example, after receiving the key application request sent by the first KDE, the KDA can forward the key application request of the first KDE to the main KDC; and receive the key generation information sent by the main KDC, and forward the key generation information to the first KDE , the first KDE generates the first entity key according to the key generation information provided by the master KDC. When negotiating with the second KDE to generate a session key, the first KDE can obtain the central key of the primary KDC according to the identification information of the primary KDC, and obtain the central key of the primary KDC according to the first entity key, the identification information of the second KDE, and the central The secret key generates a session key.

上述实施例中，每个KDE中均保存有各个KDC的标识信息和中心秘钥，两个KDE协商生成会话秘钥时，相互发送主KDC的标识信息，即协商确定主KDC，从而可以使第一KDE和第二KDE基于相同的主KDC的中心秘钥生成会话秘钥，避免由于使用的主KDC的中心秘钥不一致而导致的会话秘钥不一致的情况。并且，每个KDE中存储有各个KDC的中心秘钥，两个KDE以协商的方式确定共同使用的KDC，可以避免在KDC主备倒换时，数据不同步的问题，以解决主备倒换时如何实现两个KDE秘钥同步的难题。In the above embodiment, each KDE stores the identification information of each KDC and the central key. When the two KDEs negotiate to generate a session key, they send the identification information of the master KDC to each other, that is, negotiate to determine the master KDC, so that the second KDC can The first KDE and the second KDE generate the session key based on the same central key of the main KDC, so as to avoid the inconsistency of the session key caused by the inconsistency of the central key of the used main KDC. In addition, each KDE stores the central secret key of each KDC, and the two KDEs determine the KDC to be used in a negotiated manner, which can avoid the problem of data synchronization during the KDC master-standby switchover, so as to solve the problem of master-standby switchover. The problem of synchronizing two KDE keys.

在一种可能的实现方式中，KDC还可以用于：接收管理节点发送的秘钥吊销指令，对秘钥吊销指令中携带的吊销列表进行签名并分发至KDC的备KDC；吊销列表中包括被泄漏的实体秘钥对应的KDE的标识信息和/或被泄漏的中心秘钥对应的KDC的标识信息。In a possible implementation, the KDC can also be used to: receive the key revocation command sent by the management node, sign the revocation list carried in the key revocation command and distribute it to the standby KDC of the KDC; the revocation list includes the The KDE identification information corresponding to the leaked entity key and/or the KDC identification information corresponding to the leaked central key.

上述实施例中，通过秘钥吊销指令将泄漏的秘钥及时吊销，可以防止外部利用泄露的秘钥进行攻击，进一步提高系统的安全性。In the above embodiment, the leaked secret key is revoked in time through the secret key revocation instruction, which can prevent external attacks by using the leaked secret key, and further improve the security of the system.

示例性地，设备集群系统中的主KDC用于接收管理节点发送的秘钥吊销指令，对秘钥吊销指令中携带的吊销列表进行签名并分发至设备集群系统中的各个备KDC。Exemplarily, the master KDC in the device cluster system is used to receive the key revocation command sent by the management node, sign the revocation list carried in the key revocation command and distribute it to each standby KDC in the device cluster system.

第二方面，本申请实施例提供一种会话秘钥生成方法，包括：In a second aspect, the embodiment of the present application provides a method for generating a session key, including:

第一秘钥分发实体KDE获取秘钥分发中心KDC为第一KDE提供的秘钥生成信息，并根据秘钥生成信息生成第一实体秘钥；第一KDE部署在设备集群系统中的第一控制设备的服务组件内；The first key distribution entity KDE obtains the key generation information provided by the key distribution center KDC for the first KDE, and generates the first entity key according to the key generation information; the first control device deployed by the first KDE in the device cluster system within the service component of the device;

在与第二KDE建立会话的过程中，第一KDE向第二KDE发送第一KDE的标识信息和KDC的标识信息；第二KDE部署在设备集群系统中的第二控制设备的服务组件内；In the process of establishing a session with the second KDE, the first KDE sends the identification information of the first KDE and the identification information of the KDC to the second KDE; the second KDE is deployed in the service component of the second control device in the device cluster system;

第一KDE接收第二KDE发送的第二KDE的标识信息和KDC的标识信息；The first KDE receives the identification information of the second KDE and the identification information of the KDC sent by the second KDE;

第一KDE根据第一实体秘钥、第二KDE的标识信息和KDC的标识信息，生成用于第一KDE和第二KDE之间进行认证的会话秘钥。The first KDE generates a session key for authentication between the first KDE and the second KDE according to the first entity key, the identification information of the second KDE, and the identification information of the KDC.

在一种可能的实现方式中，第一KDE在生成第一实体秘钥之后，可以将第一实体秘钥保存至第一控制设备内部署的秘钥分发代理KDA中，并在每次启动时，从KDA中获取第一实体秘钥。In a possible implementation, after the first KDE generates the first entity key, it can save the first entity key to the key distribution agent KDA deployed in the first control device, and , to obtain the first entity key from KDA.

在一种可能的实现方式中，第一KDE可以通过KDA向KDC发送秘钥申请请求，并接收KDA转发的从KDC获取的秘钥生成信息。In a possible implementation manner, the first KDE may send a key application request to the KDC through the KDA, and receive the key generation information obtained from the KDC forwarded by the KDA.

在一种可能的实现方式中，第一KDE从KDC获取秘钥生成信息之前，第一KDE还可以生成注册信息，并将第一KDE的注册信息发送至KDC，以使KDC保存第一KDE的注册信息。In a possible implementation, before the first KDE obtains the key generation information from the KDC, the first KDE may also generate registration information and send the registration information of the first KDE to the KDC, so that the KDC saves the key generation information of the first KDE. registration message.

在一种可能的实现方式中，第一KDE的秘钥生成信息是KDC在接收到第一KDE的秘钥申请请求时，将秘钥申请请求中携带有的秘钥申请信息与保存的第一KDE的注册信息进行一致性验证，且在验证通过后为第一KDE提供的。In a possible implementation, the key generation information of the first KDE is that the KDC receives the key generation information of the first KDE When requesting, verify the consistency between the key application information carried in the key application request and the stored registration information of the first KDE, and provide it to the first KDE after the verification is passed.

在一种可能的实现方式中，第一KDE从KDC获取秘钥生成信息之前，第一KDE还可以接收并保存KDC的标识信息和中心秘钥。In a possible implementation manner, before the first KDE obtains the key generation information from the KDC, the first KDE may also receive and save the identification information of the KDC and the central key.

在一种可能的实现方式中，第一KDE可以根据KDC的标识信息，获取KDC的中心秘钥，并根据第一实体秘钥、第二KDE的标识信息和KDC的中心秘钥生成会话秘钥。In a possible implementation, the first KDE can obtain the central key of the KDC according to the identification information of the KDC, and generate a session key according to the first entity key, the identification information of the second KDE, and the central key of the KDC .

第三方面，本申请实施例提供一种设备集群系统，该设备集群系统中包括多个控制设备；多个控制设备中包括第一方面提供的任一种控制设备。In a third aspect, an embodiment of the present application provides a device cluster system, where the device cluster system includes a plurality of control devices; the plurality of control devices include any control device provided in the first aspect.

第四方面，本申请实施例提供一种计算机可读存储介质，该计算机可读存储介质内存储有计算机可执行指令，该计算机可执行指令用于使计算机执行上述第二方面提供的任一种方法。In a fourth aspect, an embodiment of the present application provides a computer-readable storage medium, where computer-executable instructions are stored in the computer-readable storage medium, and the computer-executable instructions are used to make a computer perform any one of the above-mentioned second aspects. method.

第五方面，本申请实施例提供一种计算机程序产品，包含有计算机可执行指令，该计算机可执行指令用于使计算机执行上述第二方面提供的任一种方法。In a fifth aspect, an embodiment of the present application provides a computer program product, including computer executable instructions, where the computer executable instructions are used to cause a computer to execute any one of the methods provided in the second aspect above.

上述第二方面至第五方面中任一方面可以达到的技术效果可以参照上述第一方面中有益效果的描述，此处不再重复赘述。For the technical effects that can be achieved by any one of the above-mentioned second to fifth aspects, reference can be made to the description of the beneficial effects in the above-mentioned first aspect, which will not be repeated here.

Description of drawings

图1为本申请实施例的一种应用场景的示意图；FIG. 1 is a schematic diagram of an application scenario of an embodiment of the present application;

图2为本申请实施例提供的一种设备集群系统的结构示意图；FIG. 2 is a schematic structural diagram of a device cluster system provided by an embodiment of the present application;

图3为本申请实施例提供的一种注册过程中KDE与KDC之间的交互图；Fig. 3 is an interactive diagram between KDE and KDC in a kind of registration process that the embodiment of the present application provides;

图4为本申请实施例提供的一种秘钥申请过程中KDE与主KDC之间的交互图；Fig. 4 is an interaction diagram between KDE and the main KDC in a kind of secret key application process provided by the embodiment of the present application;

图5为本申请实施例提供的一种会话建立过程中KDE1与KDE2之间的交互图；FIG. 5 is an interaction diagram between KDE1 and KDE2 in a session establishment process provided by an embodiment of the present application;

图6为本申请实施例提供的另一种会话建立过程中KDE1与KDE2之间的交互图；FIG. 6 is an interaction diagram between KDE1 and KDE2 in another session establishment process provided by the embodiment of the present application;

图7为本申请实施例提供的另一种设备集群系统的结构示意图；FIG. 7 is a schematic structural diagram of another device cluster system provided by an embodiment of the present application;

图8为本申请实施例提供的一种注册过程中KDE、KDA与KDC之间的交互图；FIG. 8 is an interaction diagram between KDE, KDA and KDC in a registration process provided by an embodiment of the present application;

图9为本申请实施例提供的一种秘钥申请过程中KDE、KDA与主KDC之间的交互图；Fig. 9 is an interaction diagram between KDE, KDA and master KDC in a kind of secret key application process provided by the embodiment of the present application;

图10为本申请实施例提供的一种秘钥更新过程中KDE、KDA与KDC之间的交互图；FIG. 10 is an interaction diagram between KDE, KDA and KDC in a secret key update process provided by the embodiment of the present application;

图11为本申请实施例提供的一种秘钥更新过程中KDE、KDA与主KDC之间的交互图；Figure 11 is an interaction diagram between KDE, KDA and the master KDC in a secret key update process provided by the embodiment of the present application;

图12为本申请实施例提供的一种秘钥吊销过程中管理节点、KDA与KDC之间的交互图；FIG. 12 is an interaction diagram between the management node, KDA and KDC in the key revocation process provided by the embodiment of the present application;

图13为本申请实施例提供的一种控制设备的结构示意图；FIG. 13 is a schematic structural diagram of a control device provided by an embodiment of the present application;

图14为本申请实施例提供的另一种控制设备的结构示意图；FIG. 14 is a schematic structural diagram of another control device provided in the embodiment of the present application;

图15为本申请实施例提供的一种会话秘钥生成方法的流程图。FIG. 15 is a flow chart of a method for generating a session key provided by an embodiment of the present application.

Detailed ways

为了使本申请实施例的目的、技术方案和优点更加清楚，下面将结合附图，对本申请实施例进行详细描述。本申请的实施方式部分使用的术语仅用于对本申请的具体实施例进行解释，而非旨在限定本申请。显然，所描述的实施例仅仅是本申请一部分实施例，并不是全部的实施例。基于本申请中的实施例，本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例，都属于本申请保护的范围。In order to make the purpose, technical solutions, and advantages of the embodiments of the present application clearer, the embodiments of the present application will be described in detail below in conjunction with the accompanying drawings. The terms used in the embodiments of the present application are only used to explain specific embodiments of the present application, and are not intended to limit the present application. Apparently, the described embodiments are only some of the embodiments of this application, not all of them. Based on the embodiments in this application, all other embodiments obtained by persons of ordinary skill in the art without making creative efforts belong to the scope of protection of this application.

本申请实施例中“多个”是指两个或两个以上，鉴于此，本申请实施例中也可以将“多个”理解为“至少两个”。“至少一个”，可理解为一个或多个，例如理解为一个、两个或更多个。例如，包括至少一个，是指包括一个、两个或更多个，而且不限制包括的是哪几个，例如，包括A、B和C中的至少一个，那么包括的可以是A、B、C、A和B、A和C、B和C、或A和B和C。“和/或”，描述关联对象的关联关系，表示可以存在三种关系，例如，A和/或B，可以表示：单独存在A，同时存在A和B，单独存在B这三种情况。另外，字符“/”，如无特殊说明，一般表示前后关联对象是一种“或”的关系。"Multiple" in the embodiment of the present application refers to two or more, in view of this, "multiple" can also be understood as "at least two" in the embodiment of the present application. "At least one" can be understood as one or more, such as one, two or more indivual. For example, including at least one means including one, two or more, and does not limit which ones are included, for example, including at least one of A, B and C, then what is included can be A, B, C, A and B, A and C, B and C, or A and B and C. "And/or" describes the association relationship of associated objects, indicating that there may be three types of relationships, for example, A and/or B may indicate: A exists alone, A and B exist simultaneously, and B exists independently. In addition, the character "/", unless otherwise specified, generally indicates that the associated objects before and after are in an "or" relationship.

除非有相反的说明，本申请实施例提及“第一”、“第二”等序数词用于对多个对象进行区分，不用于限定多个对象的顺序、时序、优先级或者重要程度。Unless otherwise specified, ordinal numerals such as "first" and "second" mentioned in the embodiments of the present application are used to distinguish multiple objects, and are not used to limit the sequence, timing, priority or importance of multiple objects.

图1示出了本申请实施例的一个典型应用场景的示意图，该应用场景以分布式存储系统为例，其中，控制设备A、控制设备A1和控制设备B、控制设备B1可以是分布式存储系统中的计算机、服务器、虚拟计算机或控制器等，本申请实施例对此不作限定。示例性地，分布式存储系统可以包括一个或多个机柜，每个机柜内设置有多个刀片服务器，每个刀片服务器内可以有多个控制器，如上述的控制设备A、控制设备A1和控制设备B、控制设备B1，每个控制器可以相当于一个虚拟计算机。Figure 1 shows a schematic diagram of a typical application scenario of the embodiment of the present application. The application scenario takes a distributed storage system as an example, wherein the control device A, control device A1, control device B, and control device B1 can be distributed storage The computers, servers, virtual computers, or controllers in the system are not limited in this embodiment of the present application. Exemplarily, the distributed storage system may include one or more cabinets, each cabinet is provided with multiple blade servers, and each blade server may have multiple controllers, such as the above-mentioned control device A, control device A1 and Control device B, control device B1, each controller can be equivalent to a virtual computer.

如图1所示，每个控制设备中部署有一个或多个服务组件。例如，第一服务组件部署在控制设备A上，第二服务组件部署在控制设备B上，第三服务组件部署在控制设备A1上，第四服务组件部署在控制设备B1上。其中，第一服务组件可以理解为控制设备A中的任意一个服务组件，第二服务组件可以理解为控制设备B中的任意一个服务组件，第三服务组件可以理解为控制设备A1中的任意一个服务组件，第四服务组件可以理解为控制设备B1中的任意一个服务组件。部署在控制设备B上的第二服务组件可以为部署在控制设备A上的第一服务组件和部署在控制设备A1上的第三服务组件提供服务，如数据存取服务等。部署在控制设备B1上的第四服务组件可以为部署在控制设备A上的第一服务组件和部署在控制设备A1上的第三服务组件提供服务。As shown in Figure 1, one or more service components are deployed in each control device. For example, the first service component is deployed on the control device A, the second service component is deployed on the control device B, the third service component is deployed on the control device A1, and the fourth service component is deployed on the control device B1. Among them, the first service component can be understood as any service component in the control device A, the second service component can be understood as any service component in the control device B, and the third service component can be understood as any one in the control device A1 The service component, the fourth service component can be understood as any service component in the control device B1. The second service component deployed on the control device B may provide services for the first service component deployed on the control device A and the third service component deployed on the control device A1, such as data access services and the like. The fourth service component deployed on the control device B1 can provide services for the first service component deployed on the control device A and the third service component deployed on the control device A1.

在服务组件之间进行数据传输时，为了保证数据传输的安全性，需要进行身份认证。例如，第一服务组件在请求第二服务组件为其提供服务时，第二服务组件与第一服务组件之间需要相互进行身份认证。When data is transmitted between service components, in order to ensure the security of data transmission, identity authentication is required. For example, when the first service component requests the second service component to provide services, the second service component and the first service component need to authenticate each other.

目前，每个服务组件具有唯一对应的数字证书，服务组件之间可以通过数字证书进行认证。例如，服务组件之间的访问链路，可以使用x.509数字证书认证的传输层安全性(Transport Layer Security，TLS)协议或数据包传输层安全性(Datagram Transport Layer Security，DTLS)协议进行数字证书的认证和链路保护。然而，数字证书的管理复杂度较高，并且使用TLS协议或DTLS协议认证的速度较低，无法满足大规模高效能的业务需求。为了提高认证效率，提升系统性能，本申请实施例提供一种会话秘钥生成方法、控制设备和设备集群系统。本申请实施例提供的会话秘钥生成方法，除可以应用于分布式存储应用场景之外，还可以应用于云场景，微服务场景，以及其它跨控制器认证、跨操作系统认证或跨主机认证的场景中。应用场景中包含的服务组件越多，本申请实施例提供的会话秘钥生成方法提升系统性能的效果越突出。Currently, each service component has a unique corresponding digital certificate, and service components can be authenticated through digital certificates. For example, the access links between service components can be digitally authenticated using the Transport Layer Security (TLS) protocol or Datagram Transport Layer Security (DTLS) protocol authenticated by x.509 digital certificates. Certificate authentication and link protection. However, the management complexity of digital certificates is relatively high, and the speed of authentication using the TLS protocol or DTLS protocol is low, which cannot meet large-scale and high-performance business needs. In order to improve authentication efficiency and improve system performance, the embodiments of the present application provide a method for generating a session key, a control device, and a device cluster system. The session key generation method provided by the embodiment of this application can be applied not only to distributed storage application scenarios, but also to cloud scenarios, microservice scenarios, and other cross-controller authentication, cross-operating system authentication or cross-host authentication in the scene. The more service components are included in the application scenario, the more prominent the effect of the session key generation method provided by the embodiment of the present application in improving system performance.

图2示出了本申请实施例提供的一种设备集群系统的结构示意图。在一些实施例中，如图2所示，设备集群系统可以包括多个控制设备，一些控制设备中可以部署秘钥分发中心(key distribution center，KDC)，另一些控制设备中可以不部署KDC；如控制设备A和控制设备A1中部署有KDC，控制设备B和控制设备B1中没有部署KDC。每个控制设备中包括至少一个服务组件，每个服务组件中均部署有秘钥分发实体(key distribution entity，KDE)，该设备集群系统可以应用于图1所示的应用场景中。也可以理解为，本申请实施例提供的设备集群系统包括多个KDC和分别部署在各个服务组件中的多个KDE。FIG. 2 shows a schematic structural diagram of a device cluster system provided by an embodiment of the present application. In some embodiments, as shown in FIG. 2, the device cluster system may include multiple control devices, some control devices may deploy a key distribution center (key distribution center, KDC), and some other control devices may not deploy KDC; For example, KDC is deployed on control device A and control device A1, but no KDC is deployed on control device B and control device B1. Each control device includes at least one service component, and each service component is deployed with a key distribution entity (key distribution entity, KDE). The standby cluster system can be applied to the application scenario shown in Figure 1. It can also be understood that the device cluster system provided by the embodiment of the present application includes multiple KDCs and multiple KDEs respectively deployed in each service component.

多个KDC可以部署在不同的控制设备中，每个KDC中生成一对非对称算法的秘钥Akey作为根秘钥，根秘钥包括KDC的公钥Akey_pub和KDC的私钥Akey_sec，不同的KDC内，根秘钥不相同。其中，在同一时刻，多个KDC中，一个KDC作为主KDC，其余KDC作为备KDC。主KDC用于为各个KDE分发秘钥生成信息，以使各个KDE根据秘钥生成信息生成自身的实体秘钥Key_e。当主KDC故障或其他原因不能再作为主KDC时，将进行主备倒换，备KDC中的任意一个KDC可能作为新的主KDC。Multiple KDCs can be deployed in different control devices. Each KDC generates a pair of asymmetric algorithm keys Akey as the root key. The root key includes the KDC’s public key Akey_pub and the KDC’s private key Akey_sec. Different KDCs Inside, the root keys are different. Wherein, at the same time, among multiple KDCs, one KDC serves as the active KDC, and the other KDCs serve as standby KDCs. The master KDC is used to distribute key generation information to each KDE, so that each KDE generates its own entity key Key_e according to the key generation information. When the active KDC fails or can no longer serve as the active KDC due to other reasons, an active-standby switchover will be performed, and any KDC in the standby KDC may serve as the new active KDC.

多个KDE分别部署在多个服务组件中，每个服务组件中部署有一个KDE，也可以理解为，每个KDE与其对应的服务组件部署在同一个进程内。KDE用于服务组件之间的访问控制，包括服务组件之间的认证和访问通道的建立等。每个KDE均具有唯一的标识信息(identifier，ID)，KDE可以将所属的服务组件的ID作为自身的标识信息，KDE基于标识信息进行访问控制。Multiple KDEs are deployed in multiple service components, and each service component has one KDE deployed. It can also be understood that each KDE and its corresponding service components are deployed in the same process. KDE is used for access control between service components, including authentication between service components and establishment of access channels. Each KDE has unique identification information (identifier, ID). KDE can use the ID of the service component it belongs to as its own identification information, and KDE performs access control based on the identification information.

每个KDE中均保存有所有KDC的标识信息和中心秘钥，其中，KDC的中心秘钥指KDC的根秘钥中的公钥Akey_pub。对于任意一个KDE，其可以在注册过程中获取并保存每个KDC的标识信息和中心秘钥。每个KDC可以保存所有已注册的KDE的注册信息。Each KDE stores the identification information and central key of all KDCs, where the central key of the KDC refers to the public key Akey_pub in the root key of the KDC. For any KDE, it can obtain and save the identification information and central key of each KDC during the registration process. Each KDC can save the registration information of all registered KDEs.

下文结合图3介绍KDE的注册过程，图3中所示的KDE可以理解为任意一个服务组件中的KDE，每个KDE在启动时，若确定尚未申请实体秘钥，如首次启动或实体秘钥丢失时，则KDE向所有在线的KDC发起注册过程。由于在注册过程中，KDE与每个KDC之间的交互步骤相同，图3仅以KDE与一个KDC的交互过程为例进行说明，图3中所示的KDC可以理解为任意一个在线的KDC，可以是主KDC，也可以是备KDC。如图3所示，该注册过程可以包括如下步骤：The following describes the registration process of KDE in conjunction with Figure 3. The KDE shown in Figure 3 can be understood as the KDE in any service component. When each KDE is started, if it is determined that the entity key has not been applied for, such as the first startup or the entity key When missing, KDE initiates the registration process to all online KDCs. Since the interaction steps between KDE and each KDC are the same during the registration process, Figure 3 only illustrates the interaction process between KDE and a KDC as an example. The KDC shown in Figure 3 can be understood as any online KDC, It can be the active KDC or the standby KDC. As shown in Figure 3, the registration process may include the following steps:

S301，KDE向KDC发送KDC秘钥信息请求。S301. KDE sends a KDC key information request to the KDC.

在注册过程中，KDE与KDC之间可以通过预先建立的安全通道进行信息交互，该安全通道可以是部署时的专用通道、管理通道、或者是基于证书建立的TLS安全通道，本申请对此不作限定。During the registration process, KDE and KDC can exchange information through a pre-established secure channel. The secure channel can be a dedicated channel during deployment, a management channel, or a TLS secure channel established based on certificates. This application does not make any comment on this limited.

KDE向KDC发送的KDC秘钥信息请求中携带有KDE生成的随机数C1和KDE的标识信息。The KDC key information request sent by KDE to KDC carries the random number C1 generated by KDE and the identification information of KDE.

S302，KDC向KDE发送该KDC的秘钥信息。S302. The KDC sends the key information of the KDC to the KDE.

KDC接收到KDE发送的KDC秘钥信息请求后，KDC根据KDE的标识消息，向该KDE发送KDC的秘钥信息，秘钥信息中包括KDC的标识消息和KDC的中心秘钥，其中，KDC的中心秘钥可以理解为KDC的公钥AKey_pub，KDC的公钥AKey_pub包含在KDC的公钥信息C2中，KDC的公钥AKey_pub可以由PK1和PK2两部分组成。因此，KDC的公钥信息C2可以表示为：C2＝PK1||PK2||CipherSuite，其中，||表示数据之间的拼接，CipherSuite表示加密算法套件，加密算法套件可以理解为加密过程中所使用到的所有加密算法的集合，其中包括不同过程使用到的加密算法的组合。After the KDC receives the KDC key information request sent by the KDE, the KDC sends the KDC’s key information to the KDE according to the KDE’s identification message. The key information includes the KDC’s identification message and the KDC’s central key. Among them, the KDC’s The central secret key can be understood as the KDC’s public key AKey_pub, which is contained in the KDC’s public key information C2, and the KDC’s public key AKey_pub can be composed of two parts, PK1 and PK2. Therefore, the KDC’s public key information C2 can be expressed as: C2=PK1||PK2||CipherSuite, where || represents the concatenation between data, and CipherSuite represents the encryption algorithm suite, which can be understood as the encryption algorithm used in the encryption process A collection of all encryption algorithms used, including combinations of encryption algorithms used by different processes.

S303，KDE从KDC的秘钥信息中提取出KDC的标识消息和KDC的中心秘钥并保存。S303, KDE extracts the identification message of the KDC and the central key of the KDC from the key information of the KDC and saves them.

KDE可以从KDC的秘钥信息中分别提取出KDC的标识消息和KDC的中心秘钥中的PK1和PK2，并保存。KDE can extract the identification message of KDC and PK1 and PK2 in the central key of KDC from the key information of KDC respectively, and save them.

S304，KDE生成注册信息。S304. KDE generates registration information.

KDE生成随机数K和随机数Nonce，将该KDE的标识信息ID_i和随机数Nonce进行拼接，根据随机数K和拼接后的数据生成R_i，然后根据随机数K和R_i生成n_i；根据n_i，以及ID_i、R_i和字符“MAC”进行拼接后的数据，生成注册信息AuthValue_i。上述KDE生成注册信息AuthValue_i的过程可以表示为：KDE generates a random number K and a random number Nonce, splices the KDE identification information ID_i and the random number Nonce, generates R_i according to the random number K and the spliced data, and then generates n_i according to the random number K and R_i; according to n_i, and The spliced data of ID_i, R_i and the character "MAC" generates the registration information AuthValue_i. The above KDE build note The process of registering information AuthValue_i can be expressed as:

K＝Random()K=Random()

Nonce＝Random()Nonce=Random()

R_i＝PRF(K,ID_i||Nonce)R_i=PRF(K,ID_i||Nonce)

n_i＝PRF(K,R_i)n_i=PRF(K,R_i)

AuthValue_i＝AES-CMAC(n_i,ID_i||R_i||”MAC”)AuthValue_i=AES-CMAC(n_i, ID_i||R_i||"MAC")

其中，Random()表示生成随机数，PRF()是一种伪随机生成算法，AES-CMAC()是一种对称加密算法。Among them, Random() means to generate random numbers, PRF() is a pseudo-random generation algorithm, and AES-CMAC() is a symmetric encryption algorithm.

S305，KDE向KDC发送注册信息。S305. KDE sends registration information to KDC.

KDE在向KDC发送注册信息时，可以将KDE的标识信息ID_i和KDE的注册信息AuthValue_i一起发送至KDC。示例性地，KDE可以采用KDC的中心秘钥中的PK1对KDE的标识信息ID_i和KDE的注册信息AuthValue_i拼接后的数据进行加密，得到数据报文C3，并将数据报文C3发送至KDC。其中，数据报文C3可以表示为：C3＝Enc(PK1,ID_i||AuthValue_i)，Enc()表示非对称加密算法。When KDE sends registration information to KDC, it can send KDE identification information ID_i and KDE registration information AuthValue_i to KDC together. Exemplarily, KDE may use PK1 in the KDC's central key to encrypt the data after the concatenation of KDE's identification information ID_i and KDE's registration information AuthValue_i to obtain a data packet C3, and send the data packet C3 to the KDC. Wherein, the data packet C3 can be expressed as: C3=Enc(PK1, ID_i||AuthValue_i), Enc() represents an asymmetric encryption algorithm.

KDE向KDC发送注册信息之后，保存生成注册信息过程中使用的ID_i、K和R_i，该过程可以表示为：Store(ID_i,K,R_i)。After KDE sends registration information to KDC, it saves ID_i, K and R_i used in the process of generating registration information. This process can be expressed as: Store(ID_i, K, R_i).

S306，KDC保存KDE的注册信息。S306. The KDC saves the registration information of KDE.

KDC可以采用KDC的私钥中的SK1对KDE发送的数据报文C3进行解密，得到KDE的标识信息ID_i和KDE的注册信息AuthValue_i，并保存。该过程可以表示为：The KDC can use SK1 in the private key of the KDC to decrypt the data packet C3 sent by the KDE, obtain the identification information ID_i of the KDE and the registration information AuthValue_i of the KDE, and store them. The process can be expressed as:

ID_i||AuthValue_i＝Dec(SK1,C3)ID_i||AuthValue_i=Dec(SK1,C3)

Store(ID_i,AuthValue_i)Store(ID_i, AuthValue_i)

其中，Dec()表示解密算法。Among them, Dec() represents the decryption algorithm.

S307，KDC向KDE发送注册完成通知。S307. The KDC sends a registration completion notification to the KDE.

KDE可以与每个在线的KDC执行上述注册过程，通过上述注册过程，KDE中可以保存每个在线的KDC的标识信息和中心秘钥。KDE can perform the above registration process with each online KDC, through the above registration process, KDE can store the identification information and central key of each online KDC.

上述注册过程适用于每一个KDE，即任意一个KDE均可以按照上述注册过程进行注册，注册后，每个KDE中可以保存所有在线的KDC的标识信息和中心秘钥。每个KDC均可以保存所有已注册的KDE的标识信息ID_i和注册信息AuthValue_i。因此，在进行主备倒换时，无需各KDC之间，KDC与KDE之间进行数据同步，避免出现主备倒换时数据同步的难题。The above registration process is applicable to every KDE, that is, any KDE can be registered according to the above registration process. After registration, each KDE can save the identification information and central secret key of all online KDCs. Each KDC can save the identification information ID_i and registration information AuthValue_i of all registered KDEs. Therefore, during active/standby switchover, data synchronization between KDCs and between KDC and KDE is not required to avoid the problem of data synchronization during active/standby switchover.

KDE在完成上述注册过程后，可以向主KDC发起秘钥申请过程，其中，KDE可以理解为任意一个KDE。图4示出了秘钥申请过程中KDE与主KDC之间的交互流程，如图4所示，KDE的秘钥申请过程可以包括如下步骤：After KDE completes the above registration process, it can initiate a key application process to the main KDC, where KDE can be understood as any KDE. Figure 4 shows the interaction process between KDE and the master KDC during the key application process. As shown in Figure 4, the KDE key application process may include the following steps:

S401，KDE生成秘钥申请信息。S401. KDE generates key application information.

KDE生成随机数a_i，并使用注册过程中生成的R_i和随机数K，生成n_i。KDE基于a_i与g的点乘，得到A_i，其中，g为预设参数。KDE采用主KDC的中心秘钥中的PK1，对KDE的标识信息ID_i、上述的R_i、n_i和A_i拼接得到的数据进行加密，得到秘钥申请信息C4。KDE生成秘钥申请信息C4的过程可以表示为：KDE generates random number a_i, and uses R_i and random number K generated during the registration process to generate n_i. KDE obtains A_i based on the dot product of a_i and g, where g is a preset parameter. KDE uses PK1 in the central key of the main KDC to encrypt the data obtained by concatenating KDE's identification information ID_i, the above-mentioned R_i, n_i, and A_i, and obtain the key application information C4. The process of KDE generating the key request information C4 can be expressed as:

a_i＝Random()a_i=Random()

n_i＝PRF(K,R_i)n_i=PRF(K,R_i)

A_i＝a_i·gA_i=a_i·g

C4＝Enc(PK1,ID_i||R_i||n_i||A_i) C4＝Enc(PK1,ID_i||R_i||n_i||A_i)

其中，“·”表示点乘。Among them, "·" means dot product.

S402，KDE向主KDC发送秘钥申请请求，秘钥申请请求中携带有秘钥申请信息C4。S402, KDE sends a key application request to the main KDC, and the key application request carries key application information C4.

S403，主KDC对秘钥申请请求中的秘钥申请信息进行验证。S403. The master KDC verifies the key application information in the key application request.

主KDC接收到KDE发送的秘钥申请请求，采用主KDC的私钥中的SK1对秘钥申请请求中的秘钥申请信息C4进行解密，得到KDE的标识信息ID_i、R_i、n_i和A_i。主KDC根据ID_i、R_i、n_i和字符“MAC”，计算得到秘钥申请信息对应的授权值AuthValue_I。上述过程可以表示为：The master KDC receives the key application request sent by KDE, uses SK1 in the private key of the master KDC to decrypt the key application information C4 in the key application request, and obtains the identification information ID_i, R_i, n_i and A_i of KDE. The master KDC calculates the authorization value AuthValue_I corresponding to the key application information based on ID_i, R_i, n_i and the character "MAC". The above process can be expressed as:

ID_i||R_i||n_i||A_i＝Dec(SK1,C4)ID_i||R_i||n_i||A_i=Dec(SK1,C4)

主KDC根据KDE的标识信息ID_i，查找已保存的该KDE的注册信息AuthValue_i，将秘钥申请信息对应的授权值AuthValue_I与该KDE的注册信息AuthValue_i进行比对，以对秘钥申请信息进行验证。若秘钥申请信息对应的授权值AuthValue_I与该KDE的注册信息AuthValue_i一致，则验证通过。The master KDC searches the saved registration information AuthValue_i of the KDE according to the identification information ID_i of the KDE, and compares the authorization value AuthValue_I corresponding to the key application information with the registration information AuthValue_i of the KDE to verify the key application information. If the authorization value AuthValue_I corresponding to the key application information is consistent with the KDE registration information AuthValue_i, the verification is passed.

S404，主KDC确定秘钥生成信息。S404. The master KDC determines key generation information.

如果验证通过，则主KDC为该KDE确定秘钥生成信息。示例性地，主KDC生成随机数b_i，并根据b_i与g的点乘，以及对秘钥申请信息C4解密得到的A_i，生成B_i。主KDC采用主KDC的私钥中的SK2，通过哈希运算对KDE的标识信息ID_i、主KDC的标识信息ID_KDC和B_i拼接得到的数据进行加密，并根据加密后的数据和随机数b_i生成S_i。主KDC根据n_i，以及KDE的标识信息ID_i、主KDC的标识信息ID_KDC、A_i、B_i和S_i拼接后的数据，确定该KDE的秘钥生成信息C5。主KDC确定秘钥生成信息C5的过程可以表示为：If the verification is passed, the master KDC determines the key generation information for the KDE. Exemplarily, the master KDC generates a random number b_i, and generates B_i according to the dot product of b_i and g, and A_i obtained by decrypting the key application information C4. The master KDC uses SK2 in the private key of the master KDC to encrypt the data obtained by splicing the identification information ID_i of KDE, the identification information ID_KDC of the master KDC and B_i through hash operation, and generates S_i according to the encrypted data and the random number b_i . The master KDC determines the key generation information C5 of the KDE according to n_i, the KDE identification information ID_i, the master KDC identification information ID_KDC, A_i, B_i, and S_i concatenated data. The process for the master KDC to determine the key generation information C5 can be expressed as:

b_i＝Random()b_i=Random()

B_i＝b_i·g+A_iB_i=b_i·g+A_i

S_i＝b_i+Hash(ID_i||ID_KDC||B_i)SK2S_i=b_i+Hash(ID_i||ID_KDC||B_i)SK2

C5＝AES-GCM(n_i,ID_i||ID_KDC||A_i||B_i||S_i)C5＝AES-GCM(n_i, ID_i||ID_KDC||A_i||B_i||S_i)

其中，AES-GCM()表示一种对称加密算法。Among them, AES-GCM () represents a symmetric encryption algorithm.

S405，主KDC向KDE发送秘钥生成信息。S405. The master KDC sends key generation information to KDE.

S406，KDE根据秘钥生成信息生成KDE的实体秘钥并保存。S406, KDE generates and saves an entity key of KDE according to the key generation information.

其中，KDE的实体秘钥Key_e可以包括KDE的私钥sk_i和KDE的公钥pk_i。KDE接收到主KDC发送的秘钥生成信息C5，从秘钥生成信息C5中提取出KDE的标识信息ID_i、主KDC的标识信息ID_KDC、A_i、B_i和S_i，根据a_i和S_i生成KDE的私钥sk_i，将KDE的标识信息ID_i、主KDC的标识信息ID_KDC和B_i拼接后的数据与保存的主KDC的中心秘钥中的PK2进行点乘，根据点乘结果的哈希值和B_i，生成KDE的公钥pk_i。KDE保存B_i，以及KDE的私钥sk_i和KDE的公钥pk_i。上述过程可以表示为：Wherein, KDE entity key Key_e may include KDE private key sk_i and KDE public key pk_i. KDE receives the secret key generation information C5 sent by the master KDC, extracts the identification information ID_i of KDE, the identification information ID_KDC, A_i, B_i and S_i of the master KDC from the secret key generation information C5, and generates the private key of KDE according to a_i and S_i sk_i, dot multiplication of KDE’s identification information ID_i, primary KDC’s identification information ID_KDC, and B_i concatenated data with PK2 in the saved central key of the primary KDC, and generate KDE based on the hash value of the point multiplication result and B_i The public key pk_i. KDE saves B_i, as well as KDE's private key sk_i and KDE's public key pk_i. The above process can be expressed as:

ID_i||ID_KDC||A_i||B_i||S_i＝AES-GCM(n_i,C5)ID_i||ID_KDC||A_i||B_i||S_i＝AES-GCM(n_i,C5)

sk_i＝a_i+S_isk_i=a_i+S_i

pk_i＝B_i+Hash(ID_i||ID_KDC||B_i)·PK2pk_i=B_i+Hash(ID_i||ID_KDC||B_i)·PK2

Store(B_i,sk_i,pk_i)Store(B_i,sk_i,pk_i)

KDE生成的实体秘钥Key_e，可以用于与另一KDE在会话建立过程中进行认证。例如，第一服务组件在请求第二服务组件为其提供服务时，第一服务组件中部署的KDE1和第二服务组件中部署的KDE2用于为第一服务组件与第二服务组件建立数据链接或访问通道，该过程可以称为会话建立过程。其中，第一服务组件和第二服务组件均可以指分布式存储系统中的任意一个服务组件。在会话建立过程中，KDE1和KDE2基于各自的实体秘钥协商确定会话秘钥，并基于确定的会话秘钥进行认证和信息交互。示例性地，KDE1和KDE2在建立会话的过程中，基于KDE1的标识信息和实体秘钥、KDE2的标识信息和实体秘钥、主KDC的标识信息和中心秘钥，协商确定会话秘钥，并基于确定的会话秘钥进行认证和信息交互。The entity key Key_e generated by KDE can be used for authentication with another KDE during session establishment. For example, when the first service component requests the second service component to provide services, KDE1 deployed in the first service component and KDE2 deployed in the second service component are used to establish a data link between the first service component and the second service component or access channel, the process can Called the session establishment process. Wherein, both the first service component and the second service component may refer to any service component in the distributed storage system. During the session establishment process, KDE1 and KDE2 negotiate and determine the session key based on their respective entity keys, and perform authentication and information exchange based on the determined session key. Exemplarily, during the process of establishing a session, KDE1 and KDE2 negotiate and determine the session key based on the identification information and entity key of KDE1, the identification information and entity key of KDE2, the identification information of the master KDC and the central key, and Authentication and information exchange are performed based on the determined session key.

在一种实施例中，在会话建立过程中，KDE1和KDE2可以协商确定会话秘钥。在确定会话秘钥后，KDE1和KDE2可以基于确定的会话秘钥，采用隐式确认方式进行认证。图5示出了KDE1与KDE2之间的一种会话建立过程的交互流程图，如图5所示，KDE1与KDE2之间的会话建立过程，可以包括如下步骤：In an embodiment, during the session establishment process, KDE1 and KDE2 may negotiate to determine the session key. After determining the session key, KDE1 and KDE2 can use the implicit confirmation method for authentication based on the determined session key. Fig. 5 shows an interactive flowchart of a session establishment process between KDE1 and KDE2. As shown in Fig. 5, the session establishment process between KDE1 and KDE2 may include the following steps:

S501，KDE1生成第一会话秘钥协商信息。S501. KDE1 generates first session key negotiation information.

KDE1生成随机数x，并根据随机数x与预设参数g的点乘，得到第一随机因子X。KDE1根据第一随机因子X、KDE1的标识信息ID_1和主KDC的标识信息ID_KDC，生成第一会话秘钥协商信息。示例性地，KDE1将KDE1的标识信息ID_1、B_1、第一随机因子X和主KDC的标识信息ID_KDC进行拼接，得到第一会话秘钥协商信息C6。其中，B_1为KDE1在秘钥申请过程中生成的B_i。KDE1生成第一会话秘钥协商信息C6的过程，可以表示为：KDE1 generates a random number x, and obtains the first random factor X according to the point multiplication of the random number x and the preset parameter g. KDE1 generates the first session key negotiation information according to the first random factor X, the identification information ID_1 of KDE1 and the identification information ID_KDC of the master KDC. Exemplarily, KDE1 concatenates the identification information ID_1 and B_1 of KDE1, the first random factor X and the identification information ID_KDC of the master KDC to obtain the first session key negotiation information C6. Among them, B_1 is B_i generated by KDE1 during the key application process. The process of KDE1 generating the first session key negotiation information C6 can be expressed as:

x＝Random()x=Random()

X＝x·gX=x·g

C6＝ID_1||B_1||X||ID_KDCC6＝ID_1||B_1||X||ID_KDC

S502，KDE1向KDE2发送第一会话秘钥协商信息。S502. KDE1 sends first session key negotiation information to KDE2.

KDE1与KDE2之间建立数据链接，或称为访问通道，该访问通道可以理解为第一服务组件与第二服务组件之间的访问通道。KDE1通过该访问通道向KDE2发送第一会话秘钥协商信息C6。A data link is established between KDE1 and KDE2, or called an access channel, which can be understood as an access channel between the first service component and the second service component. KDE1 sends the first session key negotiation information C6 to KDE2 through the access channel.

S503，KDE2确认KDE1的访问权限。S503, KDE2 confirms the access authority of KDE1.

KDE2接收到KDE1发送的第一会话秘钥协商信息C6，从第一会话秘钥协商信息C6中获取KDE1的标识信息ID_1。KDE2根据KDE1的标识信息ID_1，以及保存的白名单或访问控制列表(access control list，ACL)，检查KDE1是否具有访问权限，其中，白名单中保存有所有具有访问权限的KDE的标识信息；ACL中保存有各个KDE的标识信息与访问权限的对应关系。若KDE1具有访问权限，则继续执行步骤S504，若KDE1不具有访问权限，则断开与KDE1的连接。KDE2 receives the first session key negotiation information C6 sent by KDE1, and obtains the identification information ID_1 of KDE1 from the first session key negotiation information C6. KDE2 checks whether KDE1 has access rights according to the identification information ID_1 of KDE1 and the saved white list or access control list (access control list, ACL), wherein, the identification information of all KDEs with access rights are stored in the white list; ACL The corresponding relationship between the identification information of each KDE and the access authority is stored in . If KDE1 has the access authority, continue to execute step S504, and if KDE1 does not have the access authority, disconnect the connection with KDE1.

S504，KDE2根据第一会话秘钥协商信息生成第一会话秘钥。S504, KDE2 generates a first session key according to the first session key negotiation information.

KDE2生成随机数y，并根据随机数y与预设参数g的点乘，得到第二随机因子Y。KDE2从第一会话秘钥协商信息中获取第一随机因子X和主KDC的标识信息ID_KDC，根据主KDC的标识信息ID_KDC确定该主KDC的中心秘钥中的PK2，并获取KDE2的实体秘钥中的私钥sk_2。KDE2根据第一随机因子X、KDE1的标识信息ID_1、主KDC的中心秘钥中的PK2，KDE2的私钥sk_2和第二随机因子Y，生成第一会话秘钥masterKey1。示例性地，KDE2可以将KDE1的标识信息ID_1与主KDC的标识信息ID_KDC拼接后的数据和B_1进行哈希运算，根据哈希运算的结果与主KDC的中心秘钥中的PK2的点乘，以及B_1，确定pkID1。KDE2根据随机数y与第一随机因子X加pkID1的和的点乘，以及KDE2的私钥sk_2与pkID1加第一随机因子X的和的点乘，生成第一会话秘钥masterKey1。KDE2生成第一会话秘钥masterKey1的过程，可以表示为：KDE2 generates a random number y, and obtains the second random factor Y according to the point multiplication of the random number y and the preset parameter g. KDE2 obtains the first random factor X and the identification information ID_KDC of the primary KDC from the first session key negotiation information, determines PK2 in the central key of the primary KDC according to the identification information ID_KDC of the primary KDC, and obtains the entity key of KDE2 The private key sk_2 in . KDE2 generates the first session key masterKey1 according to the first random factor X, the identification information ID_1 of KDE1, PK2 in the central key of the master KDC, the private key sk_2 of KDE2 and the second random factor Y. Exemplarily, KDE2 can perform a hash operation on the spliced data of KDE1's identification information ID_1 and master KDC's identification information ID_KDC and B_1, and according to the dot product of the result of the hash operation and PK2 in the master KDC's central key, And B_1, determine pkID1. KDE2 generates the first session key masterKey1 according to the dot product of the random number y and the sum of the first random factor X plus pkID1, and the dot product of KDE2’s private key sk_2 and the sum of pkID1 plus the first random factor X. The process of KDE2 generating the first session key masterKey1 can be expressed as:

y＝Random() y=Random()

Y＝y·gY=y·g

pkID1＝B_1+Hash(ID_1||ID_KDC,B_1)·PK2pkID1=B_1+Hash(ID_1||ID_KDC,B_1)·PK2

masterKey1＝y·(X+pkID1)+sk_2·(pkID1+X)masterKey1=y·(X+pkID1)+sk_2·(pkID1+X)

可选地，KDE2生成第一会话秘钥masterKey1之后，可以根据第一会话秘钥masterKey1生成第一认证秘钥Kauth1和第一加密秘钥KEnc1。第一认证秘钥Kauth1和第一加密秘钥KEnc1也可以理解为第一会话秘钥masterKey1的部分。示例性地，KDE2可以将B_1、B_2、KDE1的标识信息ID_1、KDE2的标识信息ID_2、第一随机因子X和第二随机因子Y进行拼接，得到W，根据第一会话秘钥masterKey1、W和字符“workKey”，生成第一认证秘钥Kauth1和第一加密秘钥KEnc1。第一认证秘钥Kauth1和第一加密秘钥KEnc1可以用于在后续传输业务数据时对业务数据进行加密。上述过程可以表示为：Optionally, after KDE2 generates the first session key masterKey1, it can generate the first authentication key Kauth1 and the first encryption key KEnc1 according to the first session key masterKey1. The first authentication key Kauth1 and the first encryption key KEnc1 can also be understood as part of the first session key masterKey1. Exemplarily, KDE2 can concatenate B_1, B_2, identification information ID_1 of KDE1, identification information ID_2 of KDE2, first random factor X and second random factor Y to obtain W. According to the first session key masterKey1, W and The character "workKey" generates the first authentication key Kauth1 and the first encryption key KEnc1. The first authentication key Kauth1 and the first encryption key KEnc1 can be used to encrypt service data during subsequent transmission of service data. The above process can be expressed as:

W＝B_1||B_2||ID_1||ID_2||X||YW＝B_1||B_2||ID_1||ID_2||X||Y

Kauth1||KEnc1＝PRF(masterKey1,W||"workKey")。Kauth1||KEnc1=PRF(masterKey1,W||"workKey").

S505，KDE2生成第二会话秘钥协商信息。S505. KDE2 generates second session key negotiation information.

KDE2根据第二随机因子Y、KDE2的标识信息ID_2和主KDC的标识信息ID_KDC，生成第二会话秘钥协商信息。示例性地，KDE2将KDE2的标识信息ID_2、B_2、第二随机因子Y和主KDC的标识信息ID_KDC进行拼接，得到第二会话秘钥协商信息C7，其中，B_1为KDE2在秘钥申请过程中生成的B_i。KDE2生成第二会话秘钥协商信息C7的过程，可以表示为：KDE2 generates the second session key negotiation information according to the second random factor Y, the identification information ID_2 of KDE2, and the identification information ID_KDC of the master KDC. Exemplarily, KDE2 concatenates KDE2's identification information ID_2, B_2, the second random factor Y and the main KDC's identification information ID_KDC to obtain the second session key negotiation information C7, where B_1 is KDE2's key application process Generated B_i. The process of KDE2 generating the second session key negotiation information C7 can be expressed as:

C7＝ID_2||B_2||Y||ID_KDCC7＝ID_2||B_2||Y||ID_KDC

S506，KDE2向KDE1发送第二会话秘钥协商信息。S506, KDE2 sends the second session key negotiation information to KDE1.

S507，KDE1根据第二会话秘钥协商信息生成第二会话秘钥。S507, KDE1 generates a second session key according to the second session key negotiation information.

KDE1从第二会话秘钥协商信息中获取KDE2的标识信息ID_2、第二随机因子Y和主KDC的标识信息ID_KDC，根据主KDC的标识信息ID_KDC确定该主KDC的中心秘钥中的PK2，并获取KDE1的实体秘钥中的私钥sk_1。KDE1根据第一随机因子X、KDE2的标识信息ID_2、主KDC的中心秘钥中的PK2，KDE1的私钥sk_1和第二随机因子Y，生成第二会话秘钥masterKey2。示例性地，KDE1可以将KDE2的标识信息ID_2与主KDC的标识信息ID_KDC拼接后的数据和B_2进行哈希运算，根据哈希运算的结果与主KDC的中心秘钥中的PK2的点乘，以及B_2，确定pkID2。KDE1根据随机数x与第二随机因子Y加pkID2的和的点乘，以及KDE1的私钥sk_1与pkID2加第二随机因子Y的和的点乘，生成第二会话秘钥masterKey2。KDE1生成第二会话秘钥masterKey2的过程，可以表示为：KDE1 obtains the identification information ID_2 of KDE2, the second random factor Y, and the identification information ID_KDC of the master KDC from the second session key negotiation information, determines PK2 in the central key of the master KDC according to the identification information ID_KDC of the master KDC, and Obtain the private key sk_1 in the entity key of KDE1. KDE1 generates the second session key masterKey2 according to the first random factor X, the identification information ID_2 of KDE2, PK2 in the central key of the master KDC, the private key sk_1 of KDE1 and the second random factor Y. Exemplarily, KDE1 can perform hash operation on the spliced data of KDE2's identification information ID_2 and master KDC's identification information ID_KDC and B_2, and according to the dot product of the result of the hash operation and PK2 in the master KDC's central key, And B_2, determine pkID2. KDE1 generates the second session key masterKey2 according to the dot product of the random number x and the sum of the second random factor Y plus pkID2, and the dot product of KDE1's private key sk_1 and the sum of pkID2 plus the second random factor Y. The process of KDE1 generating the second session key masterKey2 can be expressed as:

pkID2＝B_2+Hash(ID_2||ID_KDC,B_2)·PK2pkID2=B_2+Hash(ID_2||ID_KDC,B_2)·PK2

masterKey2＝x·(Y+pkID2)+sk_1·(pkID2+Y)masterKey2＝x·(Y+pkID2)+sk_1·(pkID2+Y)

可选地，KDE1生成第二会话秘钥masterKey2之后，可以根据第二会话秘钥masterKey2生成第二认证秘钥Kauth2和第二加密秘钥KEnc2。第二认证秘钥Kauth2和第二加密秘钥KEnc2也可以理解为第二会话秘钥masterKey2的部分。示例性地，KDE1可以将B_1、B_2、KDE1的标识信息ID_1、KDE2的标识信息ID_2、第一随机因子X和第二随机因子Y进行拼接，得到W，根据第二会话秘钥masterKey2和W，生成第二认证秘钥Kauth2和第二加密秘钥KEnc2。第二认证秘钥Kauth2和第二加密秘钥KEnc2可以用于在后续传输业务数据时对业务数据进行加密。上述过程可以表示为：Optionally, after KDE1 generates the second session key masterKey2, it may generate a second authentication key Kauth2 and a second encryption key KEnc2 according to the second session key masterKey2. The second authentication key Kauth2 and the second encryption key KEnc2 can also be understood as part of the second session key masterKey2. For example, KDE1 can concatenate B_1, B_2, identification information ID_1 of KDE1, identification information ID_2 of KDE2, the first random factor X and the second random factor Y to obtain W. According to the second session key masterKey2 and W, Generate a second authentication key Kauth2 and a second encryption key KEnc2. The second authentication key Kauth2 and the second encryption key KEnc2 can be used to encrypt service data during subsequent transmission of service data. The above process can be expressed as:

W＝B_1||B_2||ID_1||ID_2||X||YW＝B_1||B_2||ID_1||ID_2||X||Y

Kauth2||KEnc2＝PRF(masterKey2,W||"workKey")Kauth2||KEnc2＝PRF(masterKey2,W||"workKey")

上述过程为KDE1与KDE2协商生成会话秘钥的过程，在KDE1生成第二会话秘钥，KDE2 生成第一会话秘钥之后，KDE1和KDE2可以基于协商生成的会话秘钥进行业务数据的交互，在业务数据的交互过程中，确定KDE1和KDE2是否具有相同的会话秘钥。例如，KDE1向KDE2发送业务数据时，采用第二会话秘钥对该业务数据进行加密，KDE2接收到KDE1发送的加密的业务数据后，采用第一会话秘钥对该加密的业务数据进行解密，如果可以成功解密，则KDE2确定第一会话秘钥与第二会话秘钥一致，向KDE1返回响应数据；否则，KDE2认为第一会话秘钥与第二会话秘钥不一致，KDE2断开与KDE1之间的访问通道。KDE2在断开与KDE1的连接时，可以向KDE1发送认证失败的消息，也可以不发送认证失败的消息。如果KDE1接收到KDE2返回的响应数据，则说明KDE1和KDE2具有相同的会话秘钥，说明ID_1是KDE1的唯一标识信息，ID_2是KDE2的唯一标识信息，认证通过；如果KDE1接收到KDE2返回的认证失败的消息或KDE1检测到与KDE2之间的访问通道断开，则说明KDE1和KDE2的会话秘钥不一致，认证失败。The above process is the process of KDE1 and KDE2 negotiating to generate a session key. The second session key is generated in KDE1, and KDE2 After generating the first session key, KDE1 and KDE2 can exchange service data based on the session key generated through negotiation, and determine whether KDE1 and KDE2 have the same session key during the exchange of service data. For example, when KDE1 sends business data to KDE2, it encrypts the business data with the second session key, and KDE2 decrypts the encrypted business data with the first session key after receiving the encrypted business data sent by KDE1. If it can be successfully decrypted, KDE2 determines that the first session key is consistent with the second session key, and returns the response data to KDE1; otherwise, KDE2 considers that the first session key is inconsistent with the second session key, and KDE2 disconnects from KDE1. between access channels. When KDE2 disconnects from KDE1, it can send an authentication failure message to KDE1 or not. If KDE1 receives the response data returned by KDE2, it means that KDE1 and KDE2 have the same session key, indicating that ID_1 is the unique identification information of KDE1, ID_2 is the unique identification information of KDE2, and the authentication is passed; if KDE1 receives the authentication returned by KDE2 If the message fails or KDE1 detects that the access channel between KDE2 and KDE2 is disconnected, it means that the session keys of KDE1 and KDE2 are inconsistent, and the authentication fails.

由于KDE1和KDE2在协商生成会话秘钥的过程中所使用的KDE1的标识信息、KDE2的标识信息均是唯一的，因此协商生成的会话秘钥也具有唯一性，可以防止外部的恶意攻击，提高会话安全性。Since the identification information of KDE1 and KDE2 used by KDE1 and KDE2 in the process of negotiating to generate a session key are unique, the session key generated through negotiation is also unique, which can prevent external malicious attacks and improve Session security.

上述通过传输业务数据确认双方是否具有相同的会话密钥的方式，可以称为隐式确认方式。The above method of confirming whether both parties have the same session key by transmitting service data may be called an implicit confirmation method.

在另一种实施例中，在会话建立过程中，KDE1和KDE2可以协商确定会话秘钥，并基于确定的会话秘钥，采用显示确认方式进行认证。图6示出了KDE1与KDE2之间的另一种会话建立过程的交互流程图，如图6所示，KDE1与KDE2之间的会话建立过程，可以包括如下步骤：In another embodiment, during the session establishment process, KDE1 and KDE2 may negotiate to determine the session key, and based on the determined session key, perform authentication in an explicit confirmation manner. Figure 6 shows an interactive flowchart of another session establishment process between KDE1 and KDE2, as shown in Figure 6, the session establishment process between KDE1 and KDE2 may include the following steps:

S601，KDE1生成第一会话秘钥协商信息。S601. KDE1 generates first session key negotiation information.

KDE1生成随机数x，并根据随机数x与预设参数g的点乘，得到第一随机因子X。KDE1根据第一随机因子X、KDE1的标识信息ID_1和主KDC的标识信息ID_KDC，生成第一会话秘钥协商信息。示例性地，KDE1将KDE1的标识信息ID_1、B_1、第一随机因子X和主KDC的标识信息ID_KDC进行拼接，得到第一会话秘钥协商信息C6。KDE1生成第一会话秘钥协商信息C6的过程，可以表示为：KDE1 generates a random number x, and obtains the first random factor X according to the point multiplication of the random number x and the preset parameter g. KDE1 generates the first session key negotiation information according to the first random factor X, the identification information ID_1 of KDE1 and the identification information ID_KDC of the master KDC. Exemplarily, KDE1 concatenates the identification information ID_1 and B_1 of KDE1, the first random factor X and the identification information ID_KDC of the master KDC to obtain the first session key negotiation information C6. The process of KDE1 generating the first session key negotiation information C6 can be expressed as:

x＝Random()x=Random()

X＝x·gX=x·g

C6＝ID_1||B_1||X||ID_KDCC6＝ID_1||B_1||X||ID_KDC

S602，KDE1向KDE2发送第一会话秘钥协商信息。S602. KDE1 sends first session key negotiation information to KDE2.

S603，KDE2确认KDE1的访问权限。S603, KDE2 confirms the access authority of KDE1.

KDE2接收到KDE1发送的第一会话秘钥协商信息C6，从第一会话秘钥协商信息C6中获取KDE1的标识信息ID_1。KDE2根据KDE1的标识信息ID_1，以及保存的白名单或ACL，检查KDE1是否具有访问权限。若KDE1具有访问权限，则继续执行步骤S504，若KDE1不具有访问权限，则断开与KDE1之间的访问通道。KDE2 receives the first session key negotiation information C6 sent by KDE1, and obtains the identification information ID_1 of KDE1 from the first session key negotiation information C6. KDE2 checks whether KDE1 has access rights according to the identification information ID_1 of KDE1 and the saved white list or ACL. If KDE1 has the access authority, continue to execute step S504, and if KDE1 does not have the access authority, disconnect the access channel with KDE1.

S604，KDE2根据第一会话秘钥协商信息生成第一会话秘钥，并根据第一会话秘钥生成第一会话秘钥验证信息。S604, KDE2 generates a first session key according to the first session key negotiation information, and generates first session key verification information according to the first session key.

KDE2生成随机数y，并根据随机数y与预设参数g的点乘，得到第二随机因子Y。KDE2 从第一会话秘钥协商信息中获取第一随机因子X和主KDC的标识信息ID_KDC，根据主KDC的标识信息ID_KDC确定该主KDC的中心秘钥中的PK2，并获取KDE2的实体秘钥中的私钥sk_2。KDE2根据第一随机因子X、KDE1的标识信息ID_1、主KDC的中心秘钥中的PK2，KDE2的私钥sk_2和第二随机因子Y，生成第二会话秘钥masterKey2。示例性地，KDE2可以将KDE1的标识信息ID_1与主KDC的标识信息ID_KDC拼接后的数据和B_1进行哈希运算，根据哈希运算的结果与主KDC的中心秘钥中的PK2的点乘，以及B_1，确定pkID1。KDE2根据随机数y与第一随机因子X加pkID1的和的点乘，以及KDE2的私钥sk_2与pkID1加第一随机因子X的和的点乘，生成第一会话秘钥masterKey1。KDE2生成第一会话秘钥masterKey1的过程，可以表示为：KDE2 generates a random number y, and obtains the second random factor Y according to the point multiplication of the random number y and the preset parameter g. KDE2 Obtain the first random factor X and the identification information ID_KDC of the primary KDC from the first session key negotiation information, determine the PK2 in the central key of the primary KDC according to the identification information ID_KDC of the primary KDC, and obtain the entity key of KDE2 private key sk_2. KDE2 generates the second session key masterKey2 according to the first random factor X, the identification information ID_1 of KDE1, PK2 in the central key of the master KDC, the private key sk_2 of KDE2 and the second random factor Y. Exemplarily, KDE2 can perform a hash operation on the spliced data of KDE1's identification information ID_1 and master KDC's identification information ID_KDC and B_1, and according to the dot product of the result of the hash operation and PK2 in the master KDC's central key, And B_1, determine pkID1. KDE2 generates the first session key masterKey1 according to the dot product of the random number y and the sum of the first random factor X plus pkID1, and the dot product of KDE2’s private key sk_2 and the sum of pkID1 plus the first random factor X. The process of KDE2 generating the first session key masterKey1 can be expressed as:

y＝Random()y=Random()

Y＝y·gY=y·g

pkID1＝B_1+Hash(ID_1||ID_KDC,B_1)·PK2pkID1=B_1+Hash(ID_1||ID_KDC,B_1)·PK2

KDE2生成第一会话秘钥masterKey1之后，可以根据第一会话秘钥masterKey1生成第一会话秘钥验证信息Mac1。示例性地，KDE2可以将B_1、B_2、KDE1的标识信息ID_1、KDE2的标识信息ID_2、第一随机因子X和第二随机因子Y进行拼接，得到W，根据第一会话秘钥masterKey1和W，生成Kmac1，再根据Kmac1，生成第一会话秘钥验证信息Mac1。上述过程可以表示为：After KDE2 generates the first session key masterKey1, it may generate first session key verification information Mac1 according to the first session key masterKey1. For example, KDE2 can concatenate B_1, B_2, identification information ID_1 of KDE1, identification information ID_2 of KDE2, the first random factor X and the second random factor Y to obtain W. According to the first session key masterKey1 and W, Generate Kmac1, and then generate first session key verification information Mac1 according to Kmac1. The above process can be expressed as:

W＝B_1||B_2||ID_1||ID_2||X||YW＝B_1||B_2||ID_1||ID_2||X||Y

Kmac1＝PRF(masterKey1,W||"MAC")Kmac1=PRF(masterKey1,W||"MAC")

Mac1＝AES-CMAC(Kmac1,W||"1")Mac1=AES-CMAC(Kmac1,W||"1")

S605，KDE2生成第二会话秘钥协商信息，第二会话秘钥协商信息中包括第一会话秘钥验证信息。S605. KDE2 generates second session key negotiation information, where the second session key negotiation information includes first session key verification information.

KDE2根据第二随机因子Y、KDE2的标识信息ID_2、主KDC的标识信息ID_KDC和第一会话秘钥验证信息Mac1，生成第二会话秘钥协商信息。示例性地，KDE2将KDE2的标识信息ID_2、B_2、第二随机因子Y、主KDC的标识信息ID_KDC和第一秘钥验证信息Mac1进行拼接，得到第二会话秘钥协商信息C7。KDE2生成第二会话秘钥协商信息C7的过程，可以表示为：KDE2 generates the second session key negotiation information according to the second random factor Y, the identification information ID_2 of KDE2, the identification information ID_KDC of the master KDC, and the first session key verification information Mac1. Exemplarily, KDE2 concatenates the identification information ID_2 and B_2 of KDE2, the second random factor Y, the identification information ID_KDC of the master KDC and the first key verification information Mac1 to obtain the second session key negotiation information C7. The process of KDE2 generating the second session key negotiation information C7 can be expressed as:

C7＝ID_2||B_2||Y||ID_KDC||Mac1C7＝ID_2||B_2||Y||ID_KDC||Mac1

S606，KDE2向KDE1发送第二会话秘钥协商信息。S606, KDE2 sends the second session key negotiation information to KDE1.

S607，KDE1根据第二会话秘钥协商信息生成第二会话秘钥，并根据第二会话秘钥生成第一秘钥确认信息。S607, KDE1 generates a second session key according to the second session key negotiation information, and generates first key confirmation information according to the second session key.

pkID2＝B_2+Hash(ID_2||ID_KDC,B_2)·PK2 pkID2=B_2+Hash(ID_2||ID_KDC,B_2)·PK2

KDE1生成第二会话秘钥masterKey2之后，可以根据第二会话秘钥masterKey2生成第一秘钥确认信息。示例性地，KDE1可以将B_1、B_2、KDE1的标识信息ID_1、KDE2的标识信息ID_2、第一随机因子X和第二随机因子Y进行拼接，得到W，根据第一会话秘钥masterKey1和W，生成Kmac2，再根据Kmac2，生成第一秘钥确认信息Mac1Local。上述过程可以表示为：After KDE1 generates the second session key masterKey2, it may generate first key confirmation information according to the second session key masterKey2. For example, KDE1 can concatenate B_1, B_2, identification information ID_1 of KDE1, identification information ID_2 of KDE2, the first random factor X and the second random factor Y to obtain W. According to the first session key masterKey1 and W, Generate Kmac2, and then generate the first secret key confirmation information Mac1Local according to Kmac2. The above process can be expressed as:

W＝B_1||B_2||ID_1||ID_2||X||YW＝B_1||B_2||ID_1||ID_2||X||Y

Kmac2＝PRF(masterKey2,W||"MAC")Kmac2=PRF(masterKey2,W||"MAC")

Mac1Local＝AES-CMAC(Kmac2,W||"1")Mac1Local=AES-CMAC(Kmac2,W||"1")

S608，若KDE1生成的第一秘钥确认信息与第二会话秘钥协商信息中携带的第一会话秘钥验证信息一致，则KDE1生成第二会话秘钥验证信息。S608. If the first key confirmation information generated by KDE1 is consistent with the first session key verification information carried in the second session key negotiation information, KDE1 generates second session key verification information.

KDE1验证生成的第一秘钥确认信息Mac1Local与第二会话秘钥协商信息中携带的第一会话秘钥验证信息Mac1是否一致。如果一致，即Mac1Local＝＝Mac1，则KDE1根据第二会话秘钥masterKey2生成第二会话秘钥验证信息，否则，KDE1断开与KDE2的访问通道，再重新尝试建立连接。示例性地，如果Mac1Local＝＝Mac1，则KDE1可以根据上述步骤中得到的Kmac2，生成第二会话秘钥验证信息Mac2，并将第二会话秘钥验证信息Mac2赋予C8。该过程可以表示为：KDE1 verifies whether the generated first key confirmation information Mac1Local is consistent with the first session key verification information Mac1 carried in the second session key negotiation information. If they are consistent, that is, Mac1Local==Mac1, then KDE1 generates the second session key verification information according to the second session key masterKey2, otherwise, KDE1 disconnects the access channel with KDE2, and then tries to establish a connection again. Exemplarily, if Mac1Local==Mac1, KDE1 may generate second session key verification information Mac2 according to Kmac2 obtained in the above steps, and assign the second session key verification information Mac2 to C8. The process can be expressed as:

Mac2＝AES-CMAC(Kmac2,W||"2")Mac2=AES-CMAC(Kmac2,W||"2")

C8＝Mac2C8 = Mac2

可选地，KDE1可以根据第二会话秘钥masterKey2和W，生成第二认证秘钥Kauth2和第二加密秘钥KEnc2。第二认证秘钥Kauth2和第二加密秘钥KEnc2可以用于在后续传输业务数据时对业务数据进行加密。上述过程可以表示为：Optionally, KDE1 may generate a second authentication key Kauth2 and a second encryption key KEnc2 according to the second session key masterKey2 and W. The second authentication key Kauth2 and the second encryption key KEnc2 can be used to encrypt service data during subsequent transmission of service data. The above process can be expressed as:

S609，KDE1向KDE2发送第二会话秘钥验证信息。S609, KDE1 sends the second session key verification information to KDE2.

KDE1向KDE2发送信息C8，C8＝Mac2。KDE1 sends information C8 to KDE2, C8=Mac2.

S610，KDE2生成第二秘钥确认信息，并验证第二秘钥确认信息与第二会话秘钥验证信息是否一致。S610, KDE2 generates second key confirmation information, and verifies whether the second key confirmation information is consistent with the second session key verification information.

KDE2可以根据第二会话秘钥masterKey2生成第二秘钥确认信息。示例性地，KDE2可以根据步骤S604中生成的Kmac1，生成第二秘钥确认信息Mac2Local。上述过程可以表示为：KDE2 may generate second key confirmation information according to the second session key masterKey2. Exemplarily, KDE2 may generate second key confirmation information Mac2Local according to Kmac1 generated in step S604. The above process can be expressed as:

Mac2Local＝AES-CMAC(Kmac1,W||"2")Mac2Local=AES-CMAC(Kmac1,W||"2")

KDE2验证生成的第二秘钥确认信息Mac2Local与接收到的第二会话秘钥验证信息Mac2是否一致。如果一致，即Mac2Local＝＝Mac2，则确定KDE1和KDE2具有相同的会话秘钥，即上述步骤中生成的第一会话秘钥与第二会话秘钥一致，说明ID_1是KDE1的唯一标识信息，ID_2是KDE2的唯一标识信息，认证通过。KDE1和KDE2可以通过建立的访问通道进行业务数据的交互。否则，KDE2确定第一会话秘钥与第二会话秘钥不一致，认证失败，KDE2断开与KDE1之间的访问通道。KDE2 verifies whether the generated second key confirmation information Mac2Local is consistent with the received second session key verification information Mac2. If they are consistent, that is, Mac2Local==Mac2, it is determined that KDE1 and KDE2 have the same session key, that is, the first session key generated in the above steps is consistent with the second session key, indicating that ID_1 is the unique identification information of KDE1, ID_2 It is the unique identification information of KDE2, and the authentication is passed. KDE1 and KDE2 can exchange business data through the established access channel. Otherwise, KDE2 determines that the first session key is inconsistent with the second session key, the authentication fails, and KDE2 disconnects the access channel with KDE1.

可选地，在认证通过之后或之前，KDE2可以根据第一会话秘钥masterKey1和W，生成第一认证秘钥Kauth1和第一加密秘钥KEnc1。第一认证秘钥Kauth1和第一加密秘钥KEnc1可以用于在后续传输业务数据时对业务数据进行加密。上述过程可以表示为：Optionally, after or before the authentication is passed, KDE2 may generate the first authentication key Kauth1 and the first encryption key KEnc1 according to the first session key masterKey1 and W. The first authentication key Kauth1 and the first encryption key KEnc1 can be used to encrypt service data during subsequent transmission of service data. The above process can be expressed as:

Kauth1||KEnc1＝PRF(masterKey1,W||"workKey")Kauth1||KEnc1＝PRF(masterKey1,W||"workKey")

上述过程中，KDE1与KDE2协商生成会话秘钥，并通过相互发送会话秘钥验证信息来确认双方是否具有相同的会话密钥的方式，可以称为显式确认方式。 In the above process, KDE1 and KDE2 negotiate to generate a session key, and send session key verification information to each other to confirm whether the two parties have the same session key, which can be called an explicit confirmation method.

显式确认方式通过相互发送会话秘钥验证信息进行认证，而不需要通过传输业务数据的方式来认证，因此对业务数据无要求。隐式确认方式通过业务数据的传输进行认证，可以减少一次数据交互，因此性能更高。在实际使用中，可以根据不同业务场景的实际需求，选择采用显式确认方式或隐式确认方式。The explicit confirmation method authenticates by sending session key verification information to each other instead of transmitting business data, so there is no requirement for business data. The implicit confirmation method is authenticated through the transmission of business data, which can reduce one data interaction, so the performance is higher. In actual use, you can choose to use the explicit confirmation method or the implicit confirmation method according to the actual needs of different business scenarios.

本申请实施例中，每个服务组件中均部署有KDE，两个服务组件之间通过服务组件内部署的KDE建立访问通道，在建立访问通道的过程中，两个KDE通过相互协商确定相同的会话秘钥的方式，相互进行认证，而无需通过数字证书进行认证，降低了管理复杂度；同时，也无需使用复杂的数字证书认证算法，可以提高认证效率，提高系统性能。In the embodiment of this application, KDE is deployed in each service component, and an access channel is established between two service components through the KDE deployed in the service component. During the process of establishing the access channel, the two KDEs determine the same The method of session secret key is used for mutual authentication without digital certificate authentication, which reduces the complexity of management; at the same time, it does not need to use complex digital certificate authentication algorithms, which can improve authentication efficiency and system performance.

在本申请实施例中，每个服务组件的KDE仅在首次启动或实体秘钥丢失时，才向KDC发起注册过程和秘钥申请过程，并保存生成的实体秘钥，以备与其他KDE建立会话时协商会话秘钥使用。本申请实施例无需在两个KDE建立会话时，由其中一个KDE向KDC申请此次会话的会话秘钥，即无需KDE在每次建立会话之前均访问KDC，从而大量减少KDE与KDC的通信次数，减少KDC被访问的次数，避免因大量访问KDC造成阻塞带来的性能瓶颈，且可以降低KDC的数据处理压力，提高KDC的性能和可靠性。同时，可以避免由KDC保存所有会话的会话秘钥，导致KDC被入侵带来整个系统失去安全性的问题。In the embodiment of this application, the KDE of each service component initiates the registration process and key application process to the KDC only when it is started for the first time or when the entity key is lost, and saves the generated entity key in preparation for establishing with other KDEs. Negotiate the session key to use during the session. In the embodiment of the present application, when two KDEs establish a session, one of the KDEs does not need to apply for the session key of the session from the KDC, that is, there is no need for the KDE to visit the KDC before each session is established, thereby greatly reducing the number of communications between the KDE and the KDC , reduce the number of times KDC is accessed, avoid the performance bottleneck caused by blocking caused by a large number of accesses to KDC, and can reduce the data processing pressure of KDC, and improve the performance and reliability of KDC. At the same time, it can avoid the problem that the KDC saves the session keys of all sessions, which leads to the loss of security of the entire system due to the KDC being invaded.

并且，本申请实施例的两个KDE在协商生成会话秘钥时，使用到两个KDE的标识信息，从而可以使两个KDE通过会话秘钥相互进行身份认证，以实现访问控制的功能。本申请实施例的两个KDE在协商生成会话秘钥时，使用点乘代替传统的数字签名，其计算速度是基于数字证书认证的10倍左右。Moreover, the two KDEs in the embodiment of the present application use the identification information of the two KDEs when negotiating to generate the session key, so that the two KDEs can authenticate each other through the session key to realize the function of access control. The two KDEs in the embodiment of this application use dot multiplication instead of traditional digital signatures when negotiating to generate session keys, and the calculation speed is about 10 times that of digital certificate-based authentication.

在一些实施例中，为了进一步保障各秘钥的安全性，防止秘钥泄露或被破解，各KDC的中心秘钥和各KDE的实体秘钥均可以按照设定时间周期进行更新，示例性地，设定时间周期可以是几个小时、一天或一周。秘钥更新过程与图3所示的KDE的注册过程类似，可以理解为各个KDE重新向各个KDC进行注册。In some embodiments, in order to further ensure the security of each key and prevent the key from being leaked or cracked, the central key of each KDC and the entity key of each KDE can be updated according to a set time period, exemplarily , the set time period can be several hours, one day or one week. The key update process is similar to the KDE registration process shown in Figure 3, and it can be understood that each KDE re-registers with each KDC.

仍以一个KDE与一个KDC之间的交互过程为例进行说明，秘钥更新过程可以包括如下步骤：KDE从KDC下载新秘钥信息，KDE从新秘钥信息中提取出KDC的新ID和新中心秘钥并保存。KDE生成新注册信息，KDE生成新注册信息的过程可以参照上述步骤S304中生成注册信息的过程执行，在此不再赘述。KDE根据KDE的标识信息和新注册信息生成新的数据报文C3_new，KDE向KDC发送旧的数据报文C3和新的数据报文C3_new，KDC验证旧的数据报文C3，验证通过后，KDC注册新的数据报文C3_new，即保存KDE的标识信息和新注册信息。Still taking the interaction process between a KDE and a KDC as an example, the key update process may include the following steps: KDE downloads new key information from the KDC, and KDE extracts the new ID and new center of the KDC from the new key information key and save it. KDE generates new registration information. The process of KDE generating new registration information can be performed by referring to the process of generating registration information in step S304 above, and details will not be repeated here. KDE generates a new data packet C3_new according to KDE’s identification information and new registration information. KDE sends the old data packet C3 and the new data packet C3_new to the KDC. The KDC verifies the old data packet C3. After the verification is passed, the KDC To register a new data packet C3_new, that is, to store the identification information of KDE and the new registration information.

KDE向每个KDC更新注册信息后，获取新的实体秘钥。示例性地，KDE根据KDE的标识信息和主KDC的新中心秘钥，生成新的秘钥申请信息C4_new，KDE生成新的秘钥申请信息C4_new的过程可以参照上述步骤S401中生成秘钥申请信息C4的过程执行，在此不再赘述。KDE向主KDC发送秘钥申请请求，秘钥申请请求中携带有新的秘钥申请信息C4_new。主KDC根据保存的该KDE的新注册信息对新的秘钥申请信息C4_new进行验证，验证通过后，主KDC向KDE发送新的秘钥生成信息，KDE根据新的秘钥生成信息生成新的实体秘钥并保存。After KDE updates the registration information to each KDC, it obtains a new entity key. Exemplarily, KDE generates new key application information C4_new according to the identification information of KDE and the new central key of the main KDC. The process of KDE generating new key application information C4_new can refer to the above step S401 to generate key application information The process execution of C4 will not be repeated here. KDE sends a key application request to the master KDC, and the key application request carries new key application information C4_new. The main KDC verifies the new key application information C4_new according to the saved new registration information of the KDE. After the verification is passed, the main KDC sends new key generation information to KDE, and KDE generates a new entity based on the new key generation information key and save it.

示例性地，如果KDE1或KDE2在会话建立过程中进行了秘钥更新，为了避免业务中断，会话建立过程仍可以继续进行，而不会更新会话秘钥。在会话时长超时或发起新的会话建立过程时，再重新协商新的会话秘钥。Exemplarily, if KDE1 or KDE2 updates the key during the session establishment process, in order to avoid service interruption, the session establishment process can still continue without updating the session key. When the session duration expires or a new session establishment process is initiated, a new session key is renegotiated.

上述会话建立过程中，考虑到秘钥更新、KDC的主备倒换等原因，可能会导致KDE1和KDE2在生成会话秘钥时所使用的KDC的中心秘钥不一致，从而KDE1和KDE2不能生成相同的会话秘钥。为了避免上述情况的发生，本申请实施例中，KDE1在向KDE2发送的第一会话秘钥协商信息中携带主KDC的标识信息，KDE2在向KDE1发送的第二会话秘钥协商信息中也携带主KDC的标识信息，从而可以使KDE1和KDE2基于相同的KDC的中心秘钥生成会话秘钥，避免由于使用的KDC的中心秘钥不一致而导致的会话秘钥不一致的情况。综上所述，每个KDE中存储有不同KDC的中心秘钥，两个KDE以协商的方式确定共同使用的KDC，可以避免在KDC主备倒换时，数据不同步的问题，以解决主备倒换时如何实现两个KDE秘钥同步的难题。During the above session establishment process, considering reasons such as key update and KDC active-standby switchover, the central key of the KDC used by KDE1 and KDE2 may be inconsistent when generating session keys, so that KDE1 and KDE2 cannot generate the same session key. In order to avoid the occurrence of the above situation, in the embodiment of this application, KDE1 sends KDE2 the first session key agreement The provider information carries the identification information of the primary KDC, and KDE2 also carries the identification information of the primary KDC in the second session key negotiation information sent to KDE1, so that KDE1 and KDE2 can generate session keys based on the same KDC central key , to avoid the inconsistency of the session key caused by the inconsistency of the central key of the KDC used. To sum up, each KDE stores the central key of a different KDC, and the two KDEs determine the common KDC through negotiation, which can avoid the problem of data out-of-sync during KDC master-standby switchover, and solve the problem of master-standby How to synchronize the two KDE keys during switching.

在一些实施例中，如果KDE1中保存有多组有效的KDC的信息，还可以在向KDE2发送的第一会话秘钥协商信息中携带多个KDC的标识信息，即第一会话秘钥协商信息中携带的主KDC的标识信息可以包括多个KDC的标识信息，由KDE2从多个KDC的标识信息中选择一个有效的目标KDC的标识信息，并根据目标KDC的中心秘钥生成第一会话秘钥。KDE2在向KDE1发送的第二会话秘钥协商信息中携带目标KDC的标识信息，以使KDE1根据该目标KDC的中心秘钥生成第二会话秘钥，从而保证KDE1和KDE2使用相同的KDC的中心秘钥生成会话秘钥。In some embodiments, if there are multiple sets of valid KDC information stored in KDE1, the first session key negotiation information sent to KDE2 may also carry identification information of multiple KDCs, that is, the first session key negotiation information The identification information of the master KDC carried in the KDC may include the identification information of multiple KDCs. KDE2 selects a valid identification information of the target KDC from the identification information of multiple KDCs, and generates the first session key according to the central key of the target KDC. key. KDE2 carries the identification information of the target KDC in the second session key negotiation information sent to KDE1, so that KDE1 generates the second session key according to the central key of the target KDC, thus ensuring that KDE1 and KDE2 use the same KDC central The secret key generates a session key.

在一些实施例中，如果管理员发现某些秘钥泄漏，可以在管理节点发起秘钥吊销过程。管理节点可以理解为可与主KDC进行通信的控制设备、虚拟设备或控制组件。管理员可以确定泄漏秘钥的相关信息，将泄漏秘钥的相关信息输入管理节点，管理节点可以根据管理员输入的泄漏秘钥的相关信息，生成吊销列表(revocation list，RL)，将RL发送至主KDC。其中，泄漏秘钥的相关信息可以包括被泄漏的实体秘钥对应的KDE的标识信息或被泄漏的中心秘钥对应的KDC的标识信息。主KDC对接收到的RL进行签发，即主KDC将RL签名后，分发至各个备KDC，以使各个备KDC更新保存的RL。In some embodiments, if the administrator finds that some keys are leaked, the key revocation process can be initiated at the management node. A management node can be understood as a control device, virtual device or control component that can communicate with the master KDC. The administrator can determine the relevant information of the leaked secret key, and input the relevant information of the leaked secret key into the management node, and the management node can generate a revocation list (revocation list, RL) according to the relevant information of the leaked secret key input by the administrator, and send the RL to to the master KDC. Wherein, the relevant information of the leaked key may include the identification information of the KDE corresponding to the leaked entity key or the identification information of the KDC corresponding to the leaked central key. The primary KDC signs the received RL, that is, the primary KDC signs the RL and distributes it to each standby KDC, so that each standby KDC updates the saved RL.

KDE可以按照设定时间间隔从KDC下载RL，根据RL删除被泄漏的中心秘钥及其对应的KDC的标识信息。在与其他KDE建立会话的过程中，KDE可以根据下载的RL，确定对端的实体秘钥是否被吊销。例如，上文中的KDE2在接收到KDE1发送的第一会话秘钥协商信息后，可以获取其中携带的KDE1的标识信息ID_1，检测下载的RL中是否包含KDE1的标识信息ID_1，若包含，则说明KDE1的实体秘钥因泄漏已被吊销，此时与KDE1的连接是不安全的，KDE2断开与KDE1的连接；若不包含，则继续执行与KDE1协商会话秘钥的步骤。通过将泄漏的秘钥吊销，可以进一步提高系统的安全性。KDE can download RL from KDC according to the set time interval, and delete the leaked central key and the corresponding identification information of KDC according to RL. In the process of establishing a session with other KDEs, KDE can determine whether the entity key of the peer end is revoked according to the downloaded RL. For example, after KDE2 above receives the first session key negotiation information sent by KDE1, it can obtain the identification information ID_1 of KDE1 carried in it, and check whether the downloaded RL contains the identification information ID_1 of KDE1. The entity key of KDE1 has been revoked due to leakage. At this time, the connection with KDE1 is not safe. KDE2 disconnects the connection with KDE1; By revoking the leaked secret key, the security of the system can be further improved.

图7示出了本申请实施例提供的另一种设备集群系统的结构示意图。如图7所示，在另一些实施例中，设备集群系统除包括多个KDE和多个KDC之外，还可以包括秘钥分发代理(Key Distribution Agent，KDA)。该设备集群系统同样可以应用于图1所示的应用场景中，每个控制设备中可以部署有一个KDA，一个控制设备中的KDA可以代理该控制设备内的各个KDE与KDC之间的数据通信，即与KDA部署在同一控制设备内的各个KDE均与该KDA进行数据通信，KDA与各个KDC进行数据通信。通常一个控制设备内具有多个服务组件，每个服务组件中部署有一个KDE，多个服务组件中的KDE通过一个KDA与KDC连接，与KDC连接的KDA的数量远小于KDE的数量，因此可以减少所占用的KDC对外通信接口的数量。一个控制设备中的KDA可以保存该控制设备内的各个KDE的实体秘钥，例如，KDA可以将各个KDE的实体秘钥与标识信息对应进行存储，避免了多个KDE分别保存秘钥带来的秘钥安全存储难题。KDA可以采用可信平台模块(trusted platform module，TPM)、可信执行环境(trusted execution environmen，TEE)等安全存储机制存储秘钥，可以保证不受常规操作系统干扰，进一步提高秘钥的安全性，减少秘钥泄漏的风险。FIG. 7 shows a schematic structural diagram of another device cluster system provided by an embodiment of the present application. As shown in FIG. 7, in other embodiments, the device cluster system may also include a key distribution agent (Key Distribution Agent, KDA) in addition to multiple KDEs and multiple KDCs. The device cluster system can also be applied to the application scenario shown in Figure 1. A KDA can be deployed in each control device, and the KDA in a control device can act as an agent for the data communication between each KDE and KDC in the control device. , that is, each KDE deployed in the same control device as the KDA performs data communication with the KDA, and the KDA performs data communication with each KDC. Usually, there are multiple service components in one control device, and one KDE is deployed in each service component. KDE in multiple service components is connected to KDC through one KDA. The number of KDAs connected to KDC is much smaller than the number of KDEs, so it can Reduce the number of KDC external communication interfaces occupied. The KDA in a control device can save the entity key of each KDE in the control device. For example, the KDA can store the entity key of each KDE and the identification information correspondingly, avoiding the inconvenience caused by multiple KDEs separately storing the key. The problem of safe storage of secret keys. KDA can use trusted platform module (trusted platform module, TPM), trusted execution environment (trusted execution environment, TEE) and other secure storage mechanisms to store secret keys, which can ensure no interference from conventional operating systems and further improve the security of secret keys , to reduce the risk of key leakage.

在该实施例中，KDE在每次启动时，可以通过所属控制设备的操作系统(Operating System，OS)内的通信机制，与该控制设备内的KDA建立连接。该KDE可以是任意一个KDE。KDA可以使用OS中自带的认证机制，如域套接字(domain socket)、共享内存等，结合白名单或ACL等其他方式确认KDE的合法性。由于KDA中保存有该控制设备内的各个KDE的实体秘钥，所以KDE可以向KDA请求获取其实体秘钥。示例性地，KDE可以向KDA发送秘钥获取请求，秘钥获取请求中可以携带KDE的标识信息ID_i，KDA可以根据KDE的标识信息ID_i，查找是否保存有该KDE的实体秘钥，若查找到该KDE的实体秘钥，则将该KDE的实体秘钥发送至KDE；若没有查找到该KDE的实体秘钥，例如，该KDE首次部署尚未申请实体秘钥，或该KDE的实体秘钥丢失或被吊销，则KDA向KDE发送获取失败消息。KDE接收到KDA发送的获取失败消息，分别向各个KDC执行注册过程，下文以向任意一个KDC执行注册过程为例进行说明。In this embodiment, KDE can establish a connection with the KDA in the control device through the communication mechanism in the operating system (Operating System, OS) of the control device at each startup. The KDE can be any KDE. KDA can use the authentication mechanism that comes with the OS, such as domain socket (domain socket), shared memory, etc., combined with the white name Confirm the legitimacy of KDE by other means such as list or ACL. Since KDA stores the entity keys of each KDE in the control device, KDE can request KDA to obtain its entity keys. Exemplarily, KDE can send a key acquisition request to KDA, and the key acquisition request can carry the identification information ID_i of KDE, and KDA can check whether the entity key of KDE is saved according to the identification information ID_i of KDE. The entity key of the KDE, then send the entity key of the KDE to KDE; if the entity key of the KDE is not found, for example, the KDE has not applied for the entity key for the first deployment, or the entity key of the KDE is lost or is revoked, KDA sends an acquisition failure message to KDE. KDE receives the acquisition failure message sent by KDA, and performs the registration process with each KDC respectively. The following takes the registration process with any KDC as an example to illustrate.

任意一个KDE均可以通过其所属控制设备内的KDA与KDC进行通信，当KDE通过KDA与KDC进行通信时，KDE的注册过程如图8所示，可以包括如下步骤：Any KDE can communicate with KDC through the KDA in its control device. When KDE communicates with KDC through KDA, the registration process of KDE is shown in Figure 8, which can include the following steps:

S801，KDE向KDA发送KDC秘钥信息请求。S801. KDE sends a KDC key information request to KDA.

KDA中保存有KDC的秘钥消息，即在KDE向KDA发送KDC秘钥消息请求之前，KDA已经预先从KDC获取其秘钥消息并保存。示例性地，KDA可以通过如下方式从KDC获取其秘钥消息：KDA可以通过安全通道与KDC进行信息交互，该安全通道可以是部署时的专用通道、管理通道、或者是基于证书建立的TLS安全通道，本申请对此不作限定。KDA向KDC发送KDC秘钥信息获取请求，KDC秘钥信息获取请求中携带有KDA的标识信息，并采用随机数C1对KDA的标识信息加密。KDC接收到KDA发送的KDC秘钥信息获取请求后，采用随机数C1对KDC秘钥信息获取请求中携带的信息进行解密，得到KDA的标识信息。KDC根据KDA的标识信息，向该KDA发送KDC的秘钥信息，秘钥信息中可以包括KDC的标识信息和KDC的中心秘钥，其中，KDC的中心秘钥可以理解为KDC的公钥AKey_pub，包含在KDC的公钥信息C2中，公钥信息C2是采用加密算法对KDC的公钥AKey_pub进行加密得到的，KDC的公钥AKey_pub可以由PK1和PK2两部分组成。因此，KDC的公钥信息C2可以表示为：C2＝PK1||PK2||CipherSuite。KDA接收并保存KDC的秘钥信息。KDA stores KDC's secret key message, that is, before KDE sends KDC secret key message request to KDA, KDA has obtained its secret key message from KDC in advance and saved it. Exemplarily, KDA can obtain its secret key information from KDC in the following manner: KDA can exchange information with KDC through a secure channel, which can be a dedicated channel during deployment, a management channel, or a TLS security channel established based on a certificate. channel, which is not limited in this application. KDA sends KDC key information acquisition request to KDC, KDC key information acquisition request carries KDA identification information, and uses random number C1 to encrypt KDA identification information. After receiving the KDC key information acquisition request sent by the KDA, the KDC uses the random number C1 to decrypt the information carried in the KDC key information acquisition request to obtain the identification information of the KDA. According to the identification information of KDA, KDC sends the secret key information of KDC to the KDA. The key information may include the identification information of KDC and the central secret key of KDC. The central secret key of KDC can be understood as the public key AKey_pub of KDC. Included in the KDC's public key information C2, the public key information C2 is obtained by encrypting the KDC's public key AKey_pub with an encryption algorithm, and the KDC's public key AKey_pub can be composed of two parts, PK1 and PK2. Therefore, the public key information C2 of the KDC can be expressed as: C2=PK1||PK2||CipherSuite. KDA receives and saves the key information of KDC.

S802，KDA向KDE发送KDC的秘钥信息。S802. The KDA sends the key information of the KDC to the KDE.

KDE向KDA发送的KDC秘钥信息请求中携带有KDE的标识信息，并采用随机数C1对KDE的标识信息进行加密。KDA接收到KDE发送的KDC秘钥信息请求后，采用随机数C1对KDC秘钥信息请求中携带的信息进行解密，得到KDE的标识信息。KDA根据KDE的标识信息，向该KDE发送KDC的秘钥信息。KDE从KDA发送的KDC的秘钥信息中分别提取出KDC的标识信息和KDC的中心秘钥中的PK1和PK2，并保存。The KDC key information request sent by KDE to KDA carries the identification information of KDE, and uses the random number C1 to encrypt the identification information of KDE. After receiving the KDC key information request sent by KDE, KDA uses the random number C1 to decrypt the information carried in the KDC key information request to obtain the identification information of KDE. KDA sends KDC's secret key information to KDE according to KDE's identification information. KDE extracts the identification information of KDC and PK1 and PK2 in the central key of KDC from the secret key information of KDC sent by KDA, and saves them.

S803，KDE生成注册信息。S803. KDE generates registration information.

KDE生成随机数K和随机数Nonce，将该KDE的标识信息ID_i和随机数Nonce进行拼接，根据随机数K和拼接后的数据生成R_i，然后根据随机数K和R_i生成n_i；根据n_i，以及ID_i、R_i和字符“MAC”进行拼接后的数据，生成注册信息AuthValue_i。上述KDE生成注册信息AuthValue_i的过程可以表示为：KDE generates a random number K and a random number Nonce, splices the KDE identification information ID_i and the random number Nonce, generates R_i according to the random number K and the spliced data, and then generates n_i according to the random number K and R_i; according to n_i, and The spliced data of ID_i, R_i and the character "MAC" generates the registration information AuthValue_i. The above process of KDE generating registration information AuthValue_i can be expressed as:

K＝Random()K=Random()

Nonce＝Random()Nonce=Random()

R_i＝PRF(K,ID_i||Nonce)R_i=PRF(K,ID_i||Nonce)

n_i＝PRF(K,R_i)n_i=PRF(K,R_i)

S804，KDE向KDA发送KDE的注册信息。S804, KDE sends KDE registration information to KDA.

KDE在向KDA发送注册信息时，可以将KDE的标识信息ID_i和KDE的注册信息 AuthValue_i一起发送至KDA。示例性地，KDE可以采用KDC的中心秘钥中的PK1对KDE的标识信息ID_i和KDE的注册信息AuthValue_i拼接后的数据进行加密，得到数据报文C3，并将数据报文C3发送至KDA。其中，数据报文C3可以表示为：C3＝Enc(PK1,ID_i||AuthValue_i)。When KDE sends registration information to KDA, it can use KDE's identification information ID_i and KDE's registration information AuthValue_i is sent to KDA together. Exemplarily, KDE can use PK1 in the central key of KDC to encrypt the data after the concatenation of KDE's identification information ID_i and KDE's registration information AuthValue_i to obtain data packet C3, and send the data packet C3 to KDA. Wherein, the data packet C3 can be expressed as: C3=Enc(PK1, ID_i||AuthValue_i).

S805，KDA向KDC发送KDE的注册信息。S805. The KDA sends the KDE registration information to the KDC.

S806，KDC保存KDE的注册信息。S806. The KDC saves the registration information of the KDE.

KDC接收到KDA发送的数据报文C3，可以采用KDC的私钥中的SK1对KDA发送的数据报文C3进行解密，得到KDE的标识信息ID_i和KDE的注册信息AuthValue_i，并保存。该过程可以表示为：KDC receives the data packet C3 sent by KDA, and can use SK1 in the private key of KDC to decrypt the data packet C3 sent by KDA, obtain the identification information ID_i of KDE and the registration information AuthValue_i of KDE, and save them. The process can be expressed as:

ID_i||AuthValue_i＝Dec(SK1,C3)ID_i||AuthValue_i=Dec(SK1,C3)

Store(ID_i,AuthValue_i)Store(ID_i, AuthValue_i)

S807，KDC向KDA发送注册完成通知。S807. The KDC sends a registration completion notification to the KDA.

S808，KDA向KDE发送注册完成通知。S808, KDA sends a registration completion notification to KDE.

S809，KDE向KDA发送待保存信息。S809, KDE sends the information to be saved to KDA.

S810，KDA保存KDE发送的待保存信息。S810. The KDA saves the information to be saved sent by the KDE.

其中，待保存信息中可以包括KDE的标识信息ID_i，以及在生成注册信息的过程中所使用的随机数K和数据R_i。该过程可以表示为：Store(ID_i,K,R_i)。Wherein, the information to be saved may include the identification information ID_i of KDE, and the random number K and data R_i used in the process of generating the registration information. This process can be expressed as: Store(ID_i, K, R_i).

可选地，KDA在保存KDE发送的待保存信息之后，还可以向KDE发送保存成功通知。Optionally, after KDA saves the information to be saved sent by KDE, it may also send a notification of successful saving to KDE.

通过上述注册过程，KDE中可以保存每个在线的KDC的标识信息和中心秘钥，每个KDC可以保存所有已注册的KDE的标识信息ID_i和注册信息AuthValue_i。Through the above registration process, KDE can store the identification information and central key of each online KDC, and each KDC can store the identification information ID_i and registration information AuthValue_i of all registered KDEs.

KDE在完成上述注册过程后，可以通过所述控制设备内的KDA向主KDC发起秘钥申请过程。如图9所示，该秘钥申请过程可以包括如下步骤：After KDE completes the above registration process, it can initiate a key application process to the main KDC through the KDA in the control device. As shown in Figure 9, the key application process may include the following steps:

S901，KDE生成秘钥申请信息。S901. KDE generates key application information.

KDE生成随机数a_i，并根据注册过程中生成的R_i和随机数K，生成n_i。KDE基于a_i与g的点乘，得到A_i，其中，g为预设参数。KDE采用主KDC的中心秘钥中的PK1，对KDE的标识信息ID_i、上述的R_i、n_i和A_i拼接得到的数据进行加密，得到秘钥申请信息C4。KDE生成秘钥申请信息C4的过程可以表示为：KDE generates random number a_i, and generates n_i according to R_i and random number K generated during the registration process. KDE obtains A_i based on the dot product of a_i and g, where g is a preset parameter. KDE uses PK1 in the central key of the main KDC to encrypt the data obtained by concatenating KDE's identification information ID_i, the above-mentioned R_i, n_i, and A_i, and obtain the key application information C4. The process of KDE generating the key request information C4 can be expressed as:

a_i＝Random()a_i=Random()

n_i＝PRF(K,R_i)n_i=PRF(K,R_i)

A_i＝a_i·gA_i=a_i·g

C4＝Enc(PK1,ID_i||R_i||n_i||A_i)C4＝Enc(PK1,ID_i||R_i||n_i||A_i)

S902，KDE向KDA发送秘钥申请请求。S902. KDE sends a key application request to KDA.

其中，KDA为KDE所属控制设备中部署的KDA。秘钥申请请求中携带有秘钥申请信息C4。Among them, KDA is the KDA deployed in the control device to which KDE belongs. The key application request carries the key application information C4.

S903，KDA向主KDC发送秘钥申请请求。S903. The KDA sends a key application request to the master KDC.

示例性地，KDA可以通过浮动网络互通协议(Internet Protocol，IP)地址访问主KDC，即KDA向设定的目标IP地址发送秘钥申请请求，KDA并不感知哪一个KDC为其提供服务，而是由各个KDC协商确定当前哪个KDC作为主KDC，由主KDC接收向目标IP地址发送的秘钥申请请求，并针对该秘钥申请请求给予响应。Exemplarily, KDA can access the master KDC through a floating Internet Protocol (IP) address, that is, KDA sends a secret key application request to a set target IP address, and KDA does not perceive which KDC provides services for it, but Each KDC negotiates to determine which KDC is currently the primary KDC, and the primary KDC receives the key application request sent to the target IP address and responds to the key application request.

S904，主KDC对秘钥申请请求中的秘钥申请信息进行验证。S904. The master KDC verifies the key application information in the key application request.

主KDC接收到KDA发送的秘钥申请请求，采用主KDC的私钥中的SK1对秘钥申请请求中的秘钥申请信息C4进行解密，得到KDE的标识信息ID_i、R_i、n_i和A_i。主KDC根据ID_i、R_i、n_i和字符“MAC”，计算得到秘钥申请信息对应的授权值AuthValue_I。上述过程可以表示为：The master KDC receives the key application request sent by KDA, uses SK1 in the private key of the master KDC to decrypt the key application information C4 in the key application request, and obtains the identification information ID_i, R_i, n_i and A_i of KDE. The master KDC calculates the authorization value AuthValue_I corresponding to the key application information based on ID_i, R_i, n_i and the character "MAC". The above process can Expressed as:

ID_i||R_i||n_i||A_i＝Dec(SK1,C4)ID_i||R_i||n_i||A_i=Dec(SK1,C4)

S905，主KDC确定秘钥生成信息。S905. The master KDC determines key generation information.

b_i＝Random()b_i=Random()

B_i＝b_i·g+A_iB_i=b_i·g+A_i

S_i＝b_i+Hash(ID_i||ID_KDC||B_i)SK2S_i=b_i+Hash(ID_i||ID_KDC||B_i)SK2

S906，主KDC向KDA发送秘钥生成信息。S906, the master KDC sends secret key generation information to the KDA.

S907，KDA向KDE发送秘钥生成信息。S907, KDA sends secret key generation information to KDE.

S908，KDE根据秘钥生成信息生成KDE的实体秘钥。S908, KDE generates an entity key of KDE according to the key generation information.

其中，KDE的实体秘钥Key_e可以包括KDE的私钥sk_i和KDE的公钥pk_i。KDE接收到主KDC发送的秘钥生成信息C5，从秘钥生成信息C5中提取出KDE的标识信息ID_i、主KDC的标识信息ID_KDC、A_i、B_i和S_i，根据a_i和S_i生成KDE的私钥sk_i，将KDE的标识信息ID_i、主KDC的标识信息ID_KDC和B_i拼接后的数据与保存的主KDC的中心秘钥中的PK2进行点乘，根据点乘结果的哈希值和B_i，生成KDE的公钥pk_i。上述过程可以表示为：Wherein, KDE entity key Key_e may include KDE private key sk_i and KDE public key pk_i. KDE receives the secret key generation information C5 sent by the master KDC, extracts the identification information ID_i of KDE, the identification information ID_KDC, A_i, B_i and S_i of the master KDC from the secret key generation information C5, and generates the private key of KDE according to a_i and S_i sk_i, dot multiplication of KDE’s identification information ID_i, primary KDC’s identification information ID_KDC, and B_i concatenated data with PK2 in the saved central key of the primary KDC, and generate KDE based on the hash value of the point multiplication result and B_i The public key pk_i. The above process can be expressed as:

sk_i＝a_i+S_isk_i=a_i+S_i

pk_i＝B_i+Hash(ID_i||ID_KDC||B_i)·PK2pk_i=B_i+Hash(ID_i||ID_KDC||B_i)·PK2

S909，KDE向KDA发送KDE的实体秘钥。S909, KDE sends KDE's entity key to KDA.

S910，KDA保存KDE的实体秘钥。S910. The KDA saves the KDE entity key.

KDE将B_i，以及KDE的私钥sk_i和KDE的公钥pk_i发送至KDA进行保存。该过程可以表示为：KDE sends B_i, KDE private key sk_i and KDE public key pk_i to KDA for storage. The process can be expressed as:

Store(B_i,sk_i,pk_i)Store(B_i,sk_i,pk_i)

可选地，KDA在保存KDE发送的实体秘钥之后，还可以向KDE发送秘钥已保存通知。Optionally, after KDA saves the entity key sent by KDE, it can also send a notification that the key has been saved to KDE.

KDE完成秘钥申请过程，并将生成的实体秘钥发送至KDA保存。待KDE再次启动时，可以从KDA之间获取KDE的实体秘钥，以用于与另一KDE在会话建立过程中进行认证。KDE completes the key application process and sends the generated entity key to KDA for storage. When KDE starts up again, KDE's entity key can be obtained from KDA for authentication with another KDE during session establishment.

两个KDE之间的会话建立过程可以参照上文中图5或图6所示的流程进行，在此不再赘述。The process of establishing a session between two KDEs can be performed with reference to the flow shown in FIG. 5 or FIG. 6 above, and will not be repeated here.

秘钥更新过程与首次秘钥申请时类似，也包括注册阶段和秘钥申请阶段。当KDE通过KDA与KDC进行通信时，秘钥更新过程的注册阶段如图10所示，可以包括如下步骤： The key update process is similar to the first key application, including the registration phase and the key application phase. When KDE communicates with KDC through KDA, the registration phase of the secret key update process is shown in Figure 10, which may include the following steps:

S1001，KDA向KDC发送KDC秘钥信息更新请求。S1001. The KDA sends a KDC key information update request to the KDC.

KDA可以理解为任意一个KDA，KDC可以理解为任意一个KDC。KDC秘钥信息更新请求中携带有KDA的标识信息，并采用随机数C1对KDA的标识信息进行加密。KDA can be understood as any KDA, and KDC can be understood as any KDC. The KDC key information update request carries the identification information of the KDA, and uses the random number C1 to encrypt the identification information of the KDA.

S1002，KDC向KDA发送KDC的新秘钥信息。S1002. The KDC sends the new key information of the KDC to the KDA.

KDC接收到KDA发送的KDC秘钥信息更新请求后，采用随机数C1对KDC秘钥信息更新请求中携带的信息进行解密，得到KDA的标识信息。KDC根据KDA的标识信息，向该KDA发送KDC的新秘钥信息，新秘钥信息中可以包括KDC的新标识信息和KDC的新中心秘钥，其中，KDC的新中心秘钥包含在KDC的新公钥信息C2中，新公钥信息C2是采用加密算法对KDC的新中心秘钥进行加密得到的，KDC的新中心秘钥可以包括PK1_New和PK2_New。因此，KDC的新公钥信息C2可以表示为：C2＝PK1_New,PK2_New,CipherSuite。KDA接收并保存KDC的新秘钥信息。After receiving the KDC key information update request sent by the KDA, the KDC uses the random number C1 to decrypt the information carried in the KDC key information update request to obtain the identification information of the KDA. The KDC sends the new key information of the KDC to the KDA according to the identification information of the KDA. The new key information may include the new identification information of the KDC and the new central key of the KDC, wherein the new central key of the KDC is contained in the KDC's In the new public key information C2, the new public key information C2 is obtained by encrypting the KDC's new central key with an encryption algorithm, and the KDC's new central key may include PK1_New and PK2_New. Therefore, the new public key information C2 of the KDC can be expressed as: C2 = PK1_New, PK2_New, CipherSuite. KDA receives and saves the new key information of KDC.

S1003，KDE向KDA发送KDC秘钥更新请求。S1003. KDE sends a KDC key update request to KDA.

S1004，KDA向KDE发送KDC的新秘钥信息。S1004, the KDA sends the new key information of the KDC to the KDE.

KDE从KDC的新秘钥信息中提取出KDC的新标识信息和新中心秘钥并保存。KDE extracts the new identification information of KDC and the new central key from the new key information of KDC and saves them.

S1005，KDE生成新注册信息。S1005, KDE generates new registration information.

KDE生成新注册信息的过程，可以参照步骤S803中KDE生成注册信息的过程执行，在此不再赘述。The process of KDE generating new registration information can be performed with reference to the process of KDE generating registration information in step S803, and will not be repeated here.

S1006，KDE向KDA发送旧注册信息和新注册信息。S1006, KDE sends old registration information and new registration information to KDA.

KDE根据KDE的标识信息和新注册信息生成新的数据报文C3_new，KDE向KDA发送旧的数据报文C3和新的数据报文C3_new。该过程可以表示为：KDE generates new data message C3_new according to KDE's identification information and new registration information, and KDE sends old data message C3 and new data message C3_new to KDA. The process can be expressed as:

Register(C3,C3_New)Register(C3,C3_New)

S1007，KDA向KDC发送KDE的旧注册信息和新注册信息。S1007, the KDA sends the old registration information and the new registration information of KDE to the KDC.

S1008，KDC保存KDE的新注册信息。S1008. The KDC saves the new registration information of the KDE.

KDA向KDC发送旧的数据报文C3和新的数据报文C3_new。KDC验证旧的数据报文C3，验证通过后，KDC注册新的数据报文C3_new，即从新的数据报文C3_new中提取KDE的标识信息和新注册信息，并保存。该过程可以表示为：The KDA sends the old data packet C3 and the new data packet C3_new to the KDC. The KDC verifies the old data message C3, and after the verification is passed, the KDC registers the new data message C3_new, that is, extracts the KDE identification information and new registration information from the new data message C3_new, and saves them. The process can be expressed as:

Store(ID_i,AuthValue_i_New)Store(ID_i, AuthValue_i_New)

S1009，KDC向KDA发送注册信息已更新通知。S1009, the KDC sends a notification that the registration information has been updated to the KDA.

S1010，KDA向KDE发送注册信息已更新通知。S1010, the KDA sends a notification that the registration information has been updated to the KDE.

S1011，KDE向KDA发送待更新信息。S1011, KDE sends information to be updated to KDA.

S1012，KDA保存KDE发送的待更新信息。S1012. The KDA saves the information to be updated sent by the KDE.

其中，待保存信息中可以包括KDE的标识信息ID_i，以及在生成新注册信息的过程中所使用的随机数K_new和数据R_i_new。该过程可以表示为：Store(ID_i,K_new,R_i_new)。Wherein, the information to be saved may include identification information ID_i of KDE, and random number K_new and data R_i_new used in the process of generating new registration information. This process can be expressed as: Store(ID_i, K_new, R_i_new).

可选地，KDA在保存KDE发送的待更新信息之后，还可以向KDE发送更新成功通知。Optionally, after KDA saves the information to be updated sent by KDE, it can also send an update success notification to KDE.

当KDE通过KDA与KDC进行通信时，秘钥更新过程的秘钥申请阶段如图11所示，可以包括如下步骤：When KDE communicates with KDC through KDA, the key application phase of the key update process is shown in Figure 11, which may include the following steps:

S1101，KDE向KDA发送新秘钥申请信息。S1101. KDE sends new key application information to KDA.

KDE向每个KDC更新注册信息后，还要获取新的实体秘钥。KDE可以根据KDE的标识信息和主KDC的新中心秘钥，生成新秘钥申请信息C4_new，KDE生成新秘钥申请信息C4_new的过程可以参照上述步骤S901中生成秘钥申请信息C4的过程执行，在此不再赘述。KDE向KDA发送新秘钥申请请求，新秘钥申请请求中携带有新秘钥申请信息C4_new。 After KDE updates the registration information to each KDC, it needs to obtain a new entity key. KDE can generate new key application information C4_new according to the identification information of KDE and the new central key of the main KDC. The process of KDE generating new key application information C4_new can be performed by referring to the process of generating key application information C4 in the above step S901. I won't repeat them here. KDE sends a new key application request to KDA, and the new key application request carries the new key application information C4_new.

S1102，KDA向主KDC发送KDE的新秘钥申请信息。S1102, the KDA sends KDE's new key application information to the master KDC.

S1103，主KDC向KDA发送新秘钥生成信息。S1103, the master KDC sends new secret key generation information to the KDA.

主KDC根据保存的该KDE的新注册信息对新秘钥申请信息C4_new进行验证，验证通过后，主KDC为该KDE确定新秘钥生成信息C5_new。KDC确定新秘钥生成信息C5_new的过程可以参照上述步骤S905中确定秘钥生成信息C5的过程执行，在此不再赘述。主KDC向KDA发送新秘钥生成信息C5_new。The master KDC verifies the new key application information C4_new according to the saved new registration information of the KDE. After the verification is passed, the master KDC determines the new key generation information C5_new for the KDE. The process for the KDC to determine the new key generation information C5_new may be performed by referring to the process for determining the key generation information C5 in the above step S905, which will not be repeated here. The master KDC sends the new key generation information C5_new to the KDA.

S1104，KDA向KDE发送新秘钥生成信息。S1104, KDA sends new secret key generation information to KDE.

S1105，KDE根据新秘钥生成信息生成KDE的新实体秘钥。S1105, KDE generates a new KDE entity key according to the new key generation information.

KDE的新实体秘钥可以包括KDE的新私钥sk_i_new和KDE的新公钥pk_i_new。KDE生成新实体秘钥的过程可以参照上述步骤S908中生成实体秘钥的过程执行，在此不再赘述。KDE's new entity key may include KDE's new private key sk_i_new and KDE's new public key pk_i_new. The process of KDE generating a new entity key can be performed by referring to the process of generating an entity key in step S908 above, and will not be repeated here.

S1106，KDE向KDA发送KDE的新实体秘钥。S1106, KDE sends KDE's new entity key to KDA.

S1107，KDA保存KDE的新实体秘钥。S1107, KDA saves the new entity key of KDE.

KDE将在生成新实体秘钥的过程中使用的B_i_new，以及KDE的新私钥sk_i_new和KDE的新公钥pk_i_new发送至KDA进行保存。该过程可以表示为：KDE sends B_i_new used in the process of generating the new entity key, as well as KDE's new private key sk_i_new and KDE's new public key pk_i_new to KDA for storage. The process can be expressed as:

Store(B_i_new,sk_i_new,pk_i_new)Store(B_i_new, sk_i_new, pk_i_new)

可选地，KDA在保存KDE发送的新实体秘钥之后，还可以向KDE发送秘钥更新成功通知。Optionally, after KDA saves the new entity key sent by KDE, it can also send a key update success notification to KDE.

当设备集群系统中包含KDA时，秘钥吊销过程如图12所示，可以包括如下步骤：When the device cluster system includes KDA, the key revocation process is shown in Figure 12, which may include the following steps:

S1201，管理节点向主KDC发送秘钥吊销指令。S1201. The management node sends a key revocation instruction to the master KDC.

如果管理员发现某些秘钥泄漏，可以在管理节点发起秘钥吊销过程。管理节点可以理解为可与主KDC进行通信的控制设备、虚拟设备或控制组件。管理节点可以根据管理员输入的泄漏秘钥的相关信息，生成RL，并向主KDC发送秘钥吊销指令，秘钥吊销指令中携带有RL。其中，泄漏秘钥的相关信息可以包括被泄漏的实体秘钥对应的KDE的标识信息或被泄漏的中心秘钥对应的KDC的标识信息。If the administrator finds that some keys are leaked, the key revocation process can be initiated on the management node. A management node can be understood as a control device, virtual device or control component that can communicate with the master KDC. The management node can generate RL according to the relevant information of the leaked key input by the administrator, and send the key revocation command to the main KDC, and the key revocation command carries the RL. Wherein, the relevant information of the leaked key may include the identification information of the KDE corresponding to the leaked entity key or the identification information of the KDC corresponding to the leaked central key.

S1202，主KDC对秘钥吊销指令中携带的RL进行签名。S1202. The master KDC signs the RL carried in the key revocation command.

S1203，主KDC将签名后的RL发送至KDA。S1203. The master KDC sends the signed RL to the KDA.

其中，该KDA为与主KDC部署在同一控制设备内的KDA。该步骤也可以理解为，KDA从主KDC下载RL。Wherein, the KDA is a KDA deployed in the same control device as the main KDC. This step can also be understood as, the KDA downloads the RL from the master KDC.

S1204，KDA将签名后的RL分别发送至各个备KDC。S1204. The KDA sends the signed RL to each standby KDC respectively.

上述步骤S1203和步骤S1204也可以理解为，主KDC通过与其部署在同一控制设备内的KDA将签名后的RL分发至各个备KDC。图12中仅以一个备KDC进行示例性说明。The above step S1203 and step S1204 can also be understood as, the active KDC distributes the signed RL to each standby KDC through the KDA deployed in the same control device as the active KDC. In Fig. 12, only one standby KDC is used for illustration.

S1205，备KDC根据接收到的RL更新保存的RL。S1205. The standby KDC updates the saved RL according to the received RL.

各个备KDC均基于新接收到的RL更新保存的RL。Each standby KDC updates the stored RL based on the newly received RL.

KDE可以按照设定时间间隔，通过KDA从KDC下载RL，根据RL删除被泄漏的中心秘钥及其对应的KDC的标识信息。在与其他KDE建立会话的过程中，KDE可以根据下载的RL，确定对端的实体秘钥是否被吊销。KDE can download RL from KDC through KDA according to the set time interval, and delete the leaked central key and the corresponding identification information of KDC according to RL. In the process of establishing a session with other KDEs, KDE can determine whether the entity key of the peer end is revoked according to the downloaded RL.

在一些实施例中，部署在同一控制设备内的多个KDE可以通过图8所示的注册过程和图9所示的秘钥申请过程，分别获取不同的实体秘钥。在另一些实施例中，为了进一步减少资源消耗，可以减少秘钥申请过程的执行次数，部署在同一控制设备内的多个KDE可以共享实体秘钥。也就是说，一个控制设备可以生成一个共同实体秘钥，该控制设备内的所有KDE共享该共同实体秘钥。示例性地，一个控制设备可以通过部署在该控制设备内的KDA生成共同实体秘钥。KDA生成共同实体秘钥的过程与KDE生成实体秘钥的过程类似，包括KDA的注册过程和KDA生成秘钥过程。其中，KDA的注册过程可以参照图3所示的KDE的注册过程执行，KDA生成秘钥过程可以参照图4所示的KDE生成实体秘钥的过程执行，在此不再赘述。In some embodiments, multiple KDEs deployed in the same control device can respectively obtain different entity keys through the registration process shown in FIG. 8 and the key application process shown in FIG. 9 . In some other embodiments, in order to further reduce resource consumption, the execution times of the key application process can be reduced, and multiple KDEs deployed in the same control device can share the real body secret key. That is to say, a control device can generate a common entity key, which is shared by all KDEs in the control device. Exemplarily, a control device may generate a common entity key through a KDA deployed in the control device. The process of KDA generating a common entity key is similar to the process of KDE generating an entity key, including the KDA registration process and the KDA key generation process. Wherein, the registration process of KDA can be performed with reference to the registration process of KDE shown in FIG. 3 , and the process of KDA generating a key can be performed with reference to the process of KDE generating an entity key shown in FIG. 4 , which will not be repeated here.

控制设备中的各个KDE启动时，可以从该控制设备中的KDA获取共同实体秘钥。以KDE1为例进行说明，KDE1为部署在控制设备A的第一服务组件中的KDE，KDE1启动时，从控制设备A中的KDA获取共同实体秘钥，该共同实体秘钥为控制设备A中的所有KDE共享的实体秘钥。KDE1在与部署在其他控制设备中的KDE2建立会话的过程中，除使用该共同实体秘钥之外，还会加入KDE1的标识信息，由于KDE1的标识信息是唯一的，因此仍可以保证KDE1与KDE2协商生成的会话秘钥的唯一性。通过同一控制设备中的所有KDE共享一个共同实体秘钥的方式，可以显著降低各个控制设备中保存的实体秘钥的数量，并且，无需各个KDE单独执行注册过程，可以降低KDC中保存的注册信息的数量，提高设备集群系统的性能。When each KDE in the control device is started, the common entity key can be obtained from the KDA in the control device. Take KDE1 as an example for illustration. KDE1 is KDE deployed in the first service component of control device A. When KDE1 starts, it obtains the common entity key from KDA in control device A. The common entity key is the Entity key shared by all KDEs. In the process of establishing a session with KDE2 deployed in other control devices, KDE1 will add the identification information of KDE1 in addition to using the common entity key. Since the identification information of KDE1 is unique, it can still be guaranteed that KDE1 and KDE2 negotiates the uniqueness of the generated session keys. By sharing a common entity key with all KDEs in the same control device, the number of entity keys stored in each control device can be significantly reduced, and without the need for each KDE to perform a separate registration process, the registration information stored in the KDC can be reduced to improve the performance of the device cluster system.

在一些实施例中，当同一控制设备内的所有KDE共享一个共同实体秘钥时，KDA可以按照设定时间周期对共同实体秘钥进行更新，生成并保存新的共同实体秘钥。共同实体秘钥更新过程可以参照上文记载的KDE的秘钥更新过程执行，在此不再赘述。In some embodiments, when all KDEs in the same control device share a common entity key, KDA can update the common entity key according to a set time period, generate and save a new common entity key. The common entity key update process can be performed by referring to the KDE key update process described above, and will not be repeated here.

在一些实施例中，当同一控制设备内的所有KDE共享一个共同实体秘钥时，秘钥吊销过程可以包括如下步骤：管理节点向主KDC发送秘钥吊销指令，秘钥吊销指令中携带有RL。RL中包括泄漏秘钥的相关信息，即被吊销秘钥的相关信息，泄漏秘钥的相关信息可以包括被泄漏的共同实体秘钥对应的同一控制设备内的所有KDE的标识信息或被泄漏的中心秘钥对应的KDC的标识信息。主KDC对接收到的秘钥吊销指令中携带的RL进行签名，主KDC通过与其部署在同一控制设备内的KDA将签名后的RL分发至各个备KDC，以使各个备KDC更新保存的RL。In some embodiments, when all KDEs in the same control device share a common entity key, the key revocation process may include the following steps: the management node sends a key revocation command to the master KDC, and the key revocation command carries RL . The RL includes related information about the leaked key, that is, related information about the revoked key. The related information about the leaked key may include the identification information of all KDEs in the same control device corresponding to the leaked common entity key or the leaked The identification information of the KDC corresponding to the central key. The primary KDC signs the RL carried in the received key revocation command, and the primary KDC distributes the signed RL to each standby KDC through the KDA deployed in the same control device, so that each standby KDC updates the saved RL.

KDE可以按照设定时间间隔，通过KDA从KDC下载RL，根据RL删除被泄漏的中心秘钥及其对应的KDC的标识信息。在与其他KDE建立会话的过程中，KDE可以根据下载的RL，确定对端的共同实体秘钥是否被吊销。KDE can download RL from KDC through KDA according to the set time interval, and delete the leaked central key and the corresponding identification information of KDC according to RL. In the process of establishing a session with other KDEs, KDE can determine whether the common entity key of the other end is revoked according to the downloaded RL.

与上述实施例基于相同的发明构思，本申请实施例还提供一种控制设备，该控制设备可以应用于上述设备集群系统中。Based on the same inventive concept as the above-mentioned embodiments, the embodiments of the present application further provide a control device, which can be applied to the above-mentioned device cluster system.

图13示例性地示出了本申请实施例提供的一种控制设备的结构示意图。如图13所示，在一些实施例中，控制设备100可以包括KDC和至少一个服务组件，每个服务组件中均部署有KDE，也可以理解为，控制设备100中包括第一服务组件，第一服务组件中部署有第一秘钥分发实体KDE。Fig. 13 exemplarily shows a schematic structural diagram of a control device provided by an embodiment of the present application. As shown in FIG. 13 , in some embodiments, the control device 100 may include KDC and at least one service component, and KDE is deployed in each service component. It can also be understood that the control device 100 includes the first service component, the second A first key distribution entity KDE is deployed in a service component.

KDC可以用于响应于第一KDE的秘钥申请请求，为第一KDE提供秘钥生成信息。第一KDE用于根据KDC提供的秘钥生成信息生成第一实体秘钥。示例性地，第一KDE可以在首次启动时或实体秘钥丢失时，向KDC发送秘钥申请请求，KDC响应于第一KDE的秘钥申请请求，为第一KDE提供秘钥生成信息。The KDC may be used to provide key generation information for the first KDE in response to the key application request of the first KDE. The first KDE is used to generate the first entity key according to the key generation information provided by the KDC. Exemplarily, the first KDE may send a key application request to the KDC when it is started for the first time or when the entity key is lost, and the KDC provides key generation information for the first KDE in response to the key application request of the first KDE.

第一KDE还可以用于在与第二KDE建立会话的过程中，向第二KDE发送第一KDE的标识信息和KDC的标识信息，以使第二KDE根据第二KDE的实体秘钥、第一KDE的标识信息和KDC的标识信息，生成用于第一KDE和第二KDE之间进行认证的会话密钥；第一KDE接收第二KDE发送的第二KDE的标识信息和KDC的标识信息，根据第一实体秘钥、第二KDE的标识信息和KDC的标识信息，生成用于第一KDE和第二KDE之间进行认证的会话密钥。其中，第二KDE部署在设备集群系统中的第二控制设备的服务组件内。 The first KDE can also be used to send the identification information of the first KDE and the identification information of the KDC to the second KDE during the process of establishing a session with the second KDE, so that the second KDE can use the entity key of the second KDE, the second KDE The identification information of the KDE and the identification information of the KDC generate a session key for authentication between the first KDE and the second KDE; the first KDE receives the identification information of the second KDE and the identification information of the KDC sent by the second KDE , generating a session key for authentication between the first KDE and the second KDE according to the first entity key, the identification information of the second KDE, and the identification information of the KDC. Wherein, the second KDE is deployed in the service component of the second control device in the device cluster system.

在一种可能的实现方式中，第一KDE还可以用于：获取并保存KDC的标识信息和中心秘钥。在与第二KDE协商生成会话秘钥时，第一KDE可以根据KDC的标识信息，获取KDC的中心秘钥，并根据第一实体秘钥、第二KDE的标识信息和KDC的中心秘钥生成会话秘钥。In a possible implementation manner, the first KDE may also be used to: obtain and save the identification information and the central key of the KDC. When negotiating with the second KDE to generate a session key, the first KDE can obtain the central key of the KDC according to the identification information of the KDC, and generate a session key based on the first entity key, the identification information of the second KDE, and the central key of the KDC session key.

图14示例性地示出了本申请实施例提供的另一种控制设备的结构示意图。如图14所示，在另一些实施例中，控制设备200可以包括KDC、KDA和至少一个服务组件，每个服务组件中均部署有KDE。其中，KDA用于保存第一控制设备内的各个服务组件中包括的KDE的实体秘钥，其中包括第一实体秘钥；相对应地，第一KDE还用于在生成第一实体秘钥之后，将第一实体秘钥保存在第一控制设备的KDA中，并在每次启动时，从第一控制设备的KDA中获取第一实体秘钥。Fig. 14 exemplarily shows a schematic structural diagram of another control device provided by an embodiment of the present application. As shown in FIG. 14 , in some other embodiments, the control device 200 may include KDC, KDA and at least one service component, and KDE is deployed in each service component. Wherein, KDA is used to save the KDE entity key included in each service component in the first control device, including the first entity key; correspondingly, the first KDE is also used to store the first entity key after generating the first entity key , saving the first entity key in the KDA of the first control device, and obtaining the first entity key from the KDA of the first control device at each startup.

在一种可能的实现方式中，第一控制设备中的各个KDE还可以通过第一控制设备的KDA与各个KDC进行信息传输。示例性地，第一控制设备的KDA还可以用于：接收第一KDE发送的秘钥申请请求，并向KDC转发第一KDE的秘钥申请请求；以及接收KDC发送的秘钥生成信息，并向第一KDE转发该秘钥生成信息。In a possible implementation manner, each KDE in the first control device may also perform information transmission with each KDC through the KDA of the first control device. Exemplarily, the KDA of the first control device can also be used to: receive the key application request sent by the first KDE, and forward the key application request of the first KDE to the KDC; and receive the key generation information sent by the KDC, and The key generation information is forwarded to the first KDE.

可以理解的是，本申请实施例示意的结构并不构成对控制设备的具体限定。在本申请另一些实施例中，控制设备可以包括比图示更多或更少的部件，或者组合某些部件，或者拆分某些部件，或者不同的部件布置。图示的部件可以以硬件，软件或软件和硬件的组合实现。It can be understood that the structure shown in the embodiment of the present application does not constitute a specific limitation on the control device. In some other embodiments of the present application, the control device may include more or less components than shown in the illustration, or combine some components, or separate some components, or arrange different components. The illustrated components can be realized in hardware, software or a combination of software and hardware.

与上述实施例基于相同的发明构思，本申请实施例还提供一种会话秘钥生成方法，该方法可以应用于上述设备集群系统中的控制设备。图15示出了本申请实施例提供的一种会话秘钥生成方法的流程图。如图15所示，该方法可以包括如下步骤：Based on the same inventive concept as the above-mentioned embodiment, the embodiment of the present application further provides a method for generating a session key, which can be applied to the control device in the above-mentioned device cluster system. FIG. 15 shows a flow chart of a method for generating a session key provided by an embodiment of the present application. As shown in Figure 15, the method may include the following steps:

S1501，第一KDE获取KDC为第一KDE提供的秘钥生成信息，并根据秘钥生成信息生成第一实体秘钥。S1501. The first KDE acquires key generation information provided by the KDC for the first KDE, and generates a first entity key according to the key generation information.

其中，第一KDE部署在第一控制设备中的服务组件内；第一控制设备为设备集群系统包括的多个控制设备中的一个，KDC位于多个控制设备中的任意一个控制设备中。Wherein, the first KDE is deployed in the service component of the first control device; the first control device is one of the multiple control devices included in the device cluster system, and the KDC is located in any one of the multiple control devices.

在一些实施例中，第一KDE从KDC获取秘钥生成信息之前，第一KDE还可以生成注册信息，并将第一KDE的注册信息发送至KDC，以使KDC保存第一KDE的注册信息。In some embodiments, before the first KDE obtains the key generation information from the KDC, the first KDE may also generate registration information and send the registration information of the first KDE to the KDC, so that the KDC saves the registration information of the first KDE.

第一KDE的秘钥生成信息是KDC在接收到第一KDE的秘钥申请请求时，将秘钥申请请求中携带有的秘钥申请信息与保存的第一KDE的注册信息进行一致性验证，且在验证通过后为第一KDE提供的。The key generation information of the first KDE is that when the KDC receives the key application request of the first KDE, it will verify the consistency between the key application information carried in the key application request and the stored registration information of the first KDE, And it is provided by the first KDE after the verification is passed.

在一些实施例中，第一KDE从KDC获取秘钥生成信息之前，第一KDE还可以接收并保存设备集群系统中包含的各个KDC的标识信息和中心秘钥。In some embodiments, before the first KDE obtains the key generation information from the KDC, the first KDE may also receive and save the identification information and central key of each KDC included in the device cluster system.

S1502，在与第二KDE建立会话的过程中，第一KDE向第二KDE发送第一KDE的标识信息和KDC的标识信息。S1502. In the process of establishing a session with the second KDE, the first KDE sends the identification information of the first KDE and the identification information of the KDC to the second KDE.

其中，第二KDE部署在设备集群系统中的第二控制设备的服务组件内。第二KDE可以根据KDC的标识信息，获取KDC的中心秘钥，并根据第二KDE的实体秘钥、第二KDE的标识信息和KDC的中心秘钥生成会话秘钥。Wherein, the second KDE is deployed in the service component of the second control device in the device cluster system. The second KDE can obtain the central key of the KDC according to the identification information of the KDC, and according to the entity key of the second KDE, the identification information of the second KDE Information and the central key of the KDC to generate a session key.

S1503，第一KDE接收第二KDE发送的第二KDE的标识信息和KDC的标识信息。S1503. The first KDE receives the identification information of the second KDE and the identification information of the KDC sent by the second KDE.

S1504，第一KDE根据第一实体秘钥、第二KDE的标识信息和KDC的标识信息，生成用于第一KDE和第二KDE之间进行认证的会话秘钥。S1504. The first KDE generates a session key for authentication between the first KDE and the second KDE according to the first entity key, the identification information of the second KDE, and the identification information of the KDC.

在一些实施例中，第一KDE可以根据KDC的标识信息，获取KDC的中心秘钥，并根据第一实体秘钥、第二KDE的标识信息和KDC的中心秘钥生成会话秘钥。In some embodiments, the first KDE can obtain the central key of the KDC according to the identification information of the KDC, and generate a session key according to the first entity key, the identification information of the second KDE, and the central key of the KDC.

第一KDE和第二KDE可以基于协商生成的会话秘钥进行认证和会话。The first KDE and the second KDE can perform authentication and session based on the session key generated through negotiation.

在一种可能的实现方式中，第一控制设备内部署有KDA。第一KDE在生成第一实体秘钥之后，可以将第一实体秘钥保存至第一控制设备内部署的KDA中，并在每次启动时，从KDA中获取第一实体秘钥。In a possible implementation manner, a KDA is deployed in the first control device. After the first KDE generates the first entity key, it may store the first entity key in the KDA deployed in the first control device, and obtain the first entity key from the KDA each time it is started.

第一KDE还可以通过KDA向KDC发送秘钥申请请求，并接收KDA转发的从KDC获取的秘钥生成信息。The first KDE can also send a key application request to the KDC through the KDA, and receive the key generation information obtained from the KDC forwarded by the KDA.

本申请的实施例中的方法步骤可以通过硬件的方式来实现，也可以由处理器执行计算机程序或指令的方式来实现。计算机程序或指令可以构成计算机程序产品。本申请实施例还提供一种计算机程序产品，包含有计算机可执行指令。在一种实施例中，该计算机可执行指令用于使计算机执行图15所示的方法实施例中的功能。The method steps in the embodiments of the present application may be implemented by means of hardware, or by means of a processor executing computer programs or instructions. A computer program or instructions may constitute a computer program product. The embodiment of the present application also provides a computer program product including computer executable instructions. In one embodiment, the computer-executable instructions are used to cause a computer to execute the functions in the method embodiment shown in FIG. 15 .

计算机可执行指令可以被存放于计算机可读存储介质中，本申请实施例还提供一种计算机可读存储介质，所述计算机可读存储介质内存储有可执行指令。在一种实施例中，该计算机可执行指令用于使计算机执行图15所示的方法实施例中的功能。Computer-executable instructions may be stored in a computer-readable storage medium, and the embodiment of the present application further provides a computer-readable storage medium, and the computer-readable storage medium stores executable instructions. In one embodiment, the computer-executable instructions are used to cause a computer to execute the functions in the method embodiment shown in FIG. 15 .

本申请实施例提供的计算机可读存储介质可以是随机存取存储器(random access memory，RAM)、闪存、只读存储器(read-only memory，ROM)、可编程只读存储器(programmableROM，PROM)、可擦除可编程只读存储器(erasable PROM，EPROM)、电可擦除可编程只读存储器(electrically ePROM，EEPROM)、寄存器、硬盘、移动硬盘、CD-ROM或者本领域熟知的任何其它形式的计算机可读存储介质。The computer-readable storage medium provided by the embodiment of the present application may be random access memory (random access memory, RAM), flash memory, read-only memory (read-only memory, ROM), programmable read-only memory (programmable ROM, PROM), Erasable programmable read-only memory (erasable PROM, EPROM), electrically erasable programmable read-only memory (electrically ePROM, EEPROM), registers, hard disk, removable hard disk, CD-ROM or any other form known in the art computer readable storage medium.

计算机可执行指令可以存储在计算机可读存储介质中，或者从一个计算机可读存储介质向另一个计算机可读存储介质传输，例如，所述计算机程序或指令可以从一个网站站点、计算机、服务器或数据中心通过有线或无线方式向另一个网站站点、计算机、服务器或数据中心进行传输。所述计算机可读存储介质可以是计算机能够存取的任何可用介质或者是集成一个或多个可用介质的服务器、数据中心等数据存储设备。所述可用介质可以是磁性介质，例如，软盘、硬盘、磁带；也可以是光介质，例如，数字视频光盘(digital video disc，DVD)；还可以是半导体介质，例如，固态硬盘。Computer-executable instructions may be stored in or transmitted from one computer-readable storage medium to another computer-readable storage medium, for example, the computer programs or instructions may be transmitted from a website, computer, server or A data center transmits to another website site, computer, server, or data center via wired or wireless means. The computer-readable storage medium may be any available medium that can be accessed by a computer, or a data storage device such as a server or a data center integrating one or more available media. The available medium may be a magnetic medium, such as a floppy disk, a hard disk, or a magnetic tape; it may also be an optical medium, such as a digital video disc (digital video disc, DVD); it may also be a semiconductor medium, such as a solid-state hard disk.

在本申请的各个实施例中，如果没有特殊说明以及逻辑冲突，不同的实施例之间的术语和/或描述具有一致性、且可以相互引用，不同的实施例中的技术特征根据其内在的逻辑关系可以组合形成新的实施例。此外，术语“包括”和“部署”以及他们的任何变形，意图在于覆盖不排他的包含，例如，包含了一系列步骤或单元。方法、系统、产品或设备不必限于清楚地列出的那些步骤或单元，而是可包括没有清楚地列出的或对于这些过程、方法、产品或设备固有的其它步骤或单元。In each embodiment of the present application, if there is no special explanation and logical conflict, the terms and/or descriptions between different embodiments are consistent and can be referred to each other, and the technical features in different embodiments are based on their inherent Logical relationships can be combined to form new embodiments. Furthermore, the terms "comprising" and "deploying", as well as any variations thereof, are intended to cover a non-exclusive inclusion, eg, a series of steps or elements. A method, system, product or device is not necessarily limited to those steps or elements explicitly listed, but may include other steps or elements not explicitly listed or inherent to the process, method, product or device.

尽管结合具体特征及其实施例对本申请进行了描述，显而易见的，在不脱离本申请的精神和范围的情况下，可对其进行各种修改和组合。相应地，本说明书和附图仅仅是所附权利要求所界定的方案进行示例性说明，且视为已覆盖本申请范围内的任意和所有修改、变化、组合或等同物。 Although the application has been described in conjunction with specific features and embodiments thereof, it will be apparent that various modifications and combinations can be made thereto without departing from the spirit and scope of the application. Accordingly, the specification and drawings are merely illustrative of the solutions defined by the appended claims, and are deemed to cover any and all modifications, changes, combinations or equivalents within the scope of the application.

显然，本领域的技术人员可以对本申请进行各种改动和变型而不脱离本申请的范围。这样，倘若本申请实施例的这些修改和变型属于本申请权利要求及其等同技术的范围之内，则本申请也意图包含这些改动和变型在内。 Apparently, those skilled in the art can make various changes and modifications to the present application without departing from the scope of the present application. In this way, if the modifications and variations of the embodiments of the present application fall within the scope of the claims of the present application and their equivalent technologies, the present application is also intended to include these modifications and variations.

Claims

A control device, characterized in that it is applied in a device cluster system, the control device includes a key distribution center KDC and a first service component, and a first key distribution entity KDE is deployed in the first service component;

The KDC is configured to provide key generation information for the first KDE in response to the key application request of the first KDE;

The first KDE is configured to generate a first entity key according to the key generation information provided by the KDC;

The first KDE is further configured to send the identification information of the first KDE and the identification information of the KDC to the second KDE during the process of establishing a session with the second KDE of the service component of another control device; and receiving the identification information of the second KDE and the identification information of the KDC sent by the second KDE; generating A session key used for authentication between the first KDE and the second KDE.

The control device according to claim 1, wherein the control device further includes a key distribution agent KDA,

The first KDE is further configured to store the first entity key in the KDA after the first entity key is generated, and obtain the first entity key from the KDA each time it is started. Entity key.

The control device according to claim 2, wherein the KDA is further configured to: receive the key application request sent by the first KDE, and forward the key application request of the first KDE to the KDC; and receiving the key generation information sent by the KDC, and forwarding the key generation information to the first KDE.

The control device according to any one of claims 1-3, wherein the KDC is further configured to: receive and save the registration information of each KDE included in the device cluster system; and receive the first When requesting a KDE key application, verify the consistency between the key application information carried in the key application request and the stored registration information of the first KDE, and provide the first KDE with Key generation information.

The control device according to any one of claims 1-4, wherein the first KDE is further configured to: obtain and save the identification information and the central key of the KDC.

The control device according to claim 5, wherein the first KDE is specifically configured to obtain the central key of the KDC according to the identification information of the KDC, and obtain the central key of the KDC according to the first entity key, The session key is generated by the identification information of the second KDE and the central key of the KDC.

The control device according to any one of claims 1-6, wherein the KDC is also used for:

receiving the key revocation command sent by the management node, signing the revocation list carried in the key revocation command and distributing it to the standby KDC of the KDC;

The revocation list includes identification information of the KDE corresponding to the leaked entity key and/or identification information of the KDC corresponding to the leaked central key.

A method for generating a session key, comprising:

The first key distribution entity KDE obtains the key generation information provided by the key distribution center KDC for the first KDE, and Generate a first entity key according to the key generation information; the first KDE is deployed in the service component of the first control device in the device cluster system;

In the process of establishing a session with the second KDE, the first KDE sends the identification information of the first KDE and the identification information of the KDC to the second KDE; the second KDE is deployed in the device cluster system within the service component of the second control device;

The first KDE receives the identification information of the second KDE and the identification information of the KDC sent by the second KDE;

The first KDE generates an authentication session between the first KDE and the second KDE according to the first entity key, the identification information of the second KDE, and the identification information of the KDC Secret key.

The method according to claim 8, characterized in that the method further comprises:

After the first KDE generates the first entity key, it saves the first entity key to the key distribution agent KDA deployed in the first control device, and at each startup, from the The KDA obtains the first entity key.

The method according to claim 9, wherein the first key distribution entity KDE acquires the key generation information provided by the key distribution center KDC for the first KDE, including:

The first KDE sends a key application request to the KDC through the KDA;

The first KDE receives the key generation information obtained from the KDC forwarded by the KDA.

The method according to any one of claims 8-10, wherein before the first key distribution entity KDE obtains the key generation information from the key distribution center KDC, the method further includes:

The first KDE generates registration information, and sends the registration information of the first KDE to the KDC, so that the KDC saves the registration information of the first KDE.

The method according to claim 11, wherein the key generation information is that when the KDC receives the key application request from the first KDE, it applies the key application information carried in the key application request. The information is verified for consistency with the stored registration information of the first KDE, and is provided by the first KDE after the verification is passed.

The method according to claim 11 or 12, wherein, before the first key distribution entity KDE obtains the key generation information from the key distribution center KDC, the method further comprises:

The first KDE receives and saves the identification information and central key of the KDC.

The method according to claim 13, wherein the generating the first entity key according to the key generation information comprises:

The first KDE obtains the central secret key of the KDC according to the identification information of the KDC;

The first KDE generates the session key according to the first entity key, the identification information of the second KDE, and the central key of the KDC.

A device cluster system, characterized by comprising a plurality of control devices; the plurality of control devices include the control device according to any one of claims 1-7.

A computer-readable storage medium, characterized in that computer-executable instructions are stored, and the computer-executable The instructions are used to make the computer execute the method according to any one of claims 8 to 14.

A computer program product, characterized by comprising computer-executable instructions for causing a computer to execute the method according to any one of claims 8-14.