CN117424761A

CN117424761A - Transmission processing method and system based on TLCP quantum security and electronic equipment

Info

Publication number: CN117424761A
Application number: CN202311743804.6A
Authority: CN
Inventors: 朱立通; 陈靖; 叶枫; 朱雅轩; 王学良
Original assignee: Beijing Geer Guoxin Technology Co ltd
Current assignee: Beijing Geer Guoxin Technology Co ltd
Priority date: 2023-12-19
Filing date: 2023-12-19
Publication date: 2024-01-19

Abstract

The embodiment of the application provides a transmission processing method, a transmission processing system and electronic equipment based on TLCP quantum security, which are used for receiving a client hello message sent by a client and comprise a client algorithm suite of an anti-quantum algorithm; sending the negotiated service end algorithm suite to the client; the client side exchanges key exchange information with the server side, wherein the key exchange information comprises TLCP original algorithm key parameters and quantum algorithm resistant key parameters; obtaining a TLCP original algorithm negotiation key according to the client TLCP original algorithm key parameter and the server TLCP original algorithm key parameter, and obtaining an anti-quantum algorithm negotiation key according to the client anti-quantum algorithm key parameter and the server anti-quantum algorithm key parameter negotiation; and calculating according to the TLCP original algorithm negotiation key and the anti-quantum algorithm negotiation key to obtain a mixed premaster key, establishing data transmission according to the mixed premaster key, and ensuring the safety of the data transmission in a quantum environment.

Description

Transmission processing method and system based on TLCP quantum security and electronic equipment

Technical Field

The application relates to the technical field of communication, in particular to a transmission processing method, a transmission processing system and electronic equipment based on TLCP quantum security.

Background

The transport layer crypto protocol (Information security technology-Transport layer cryptography protocol, TLCP) is a network security protocol used to protect the security of data during network transmission. The TLCP protocol can provide end-to-end encryption and identity authentication services on a transmission layer, can effectively prevent network security threats such as passive attack, man-in-the-middle attack and the like, supports various digital signature algorithms, message authentication code algorithms and pseudo-random number generation algorithms, and ensures the security of data transmission. However, with the advent and development of quantum computers, it may become a very simple matter to use the Shor algorithm to rapidly decompose integers, and most public key encryption algorithms are based on integer decomposition or discrete logarithm solution at present, so that under quantum computing, the security of TLCP data transmission cannot be guaranteed.

Disclosure of Invention

The application provides a transmission processing method, a transmission processing system, electronic equipment and a readable storage medium based on TLCP quantum security, which can resist quantum attack and ensure the security of data transmission.

The technical scheme of the embodiment of the application is as follows:

in a first aspect, an embodiment of the present application provides a transmission processing method based on TLCP quantum security, applied to a server, where the method includes:

Receiving a client hello message sent by a client, wherein the client hello message comprises a client algorithm suite of an anti-quantum algorithm;

sending a service end hello message to the client, wherein the service end hello message comprises a service end algorithm suite negotiated with the client;

sending a server key exchange message in the server algorithm suite to the client, wherein the server key exchange message comprises a server TLCP original algorithm key parameter and a server anti-quantum algorithm key parameter;

receiving a client key exchange message in the client algorithm suite sent by the client, wherein the client key exchange message comprises a client TLCP original algorithm key parameter and a client anti-quantum algorithm key parameter;

obtaining a TLCP original algorithm negotiation key according to the client TLCP original algorithm key parameter and the server TLCP original algorithm key parameter, and obtaining an anti-quantum algorithm negotiation key according to the client anti-quantum algorithm key parameter and the server anti-quantum algorithm key parameter negotiation;

and calculating according to the TLCP original algorithm negotiation key and the anti-quantum algorithm negotiation key to obtain a mixed premaster key, and establishing data transmission according to the mixed premaster key.

In the technical scheme, the client hello message sent by the client is received, the client hello message comprises a client algorithm suite of an anti-quantum algorithm, and the client algorithm suite of the anti-quantum algorithm is added in the client hello message, so that the client hello message is favorable for resisting quantum attack; sending a server hello message to the client, wherein the server hello message comprises a server algorithm suite negotiated with the client, and the server hello message is added with a server algorithm suite of an anti-quantum algorithm, so that the quantum attack can be resisted; sending a server key exchange message in a server algorithm suite to a client, wherein the server key exchange message comprises a server TLCP original algorithm key parameter and a server anti-quantum algorithm key parameter; receiving a client key exchange message in a client algorithm suite sent by a client, wherein the client key exchange message comprises a client TLCP original algorithm key parameter and a client anti-quantum algorithm key parameter, and the client and the server exchange parameters are beneficial to obtaining a negotiation key according to the parameters; obtaining a TLCP original algorithm negotiation key according to the client TLCP original algorithm key parameter and the server TLCP original algorithm key parameter, and obtaining an anti-quantum algorithm negotiation key according to the client anti-quantum algorithm key parameter and the server anti-quantum algorithm key parameter negotiation; according to the TLCP original algorithm negotiation key and the anti-quantum algorithm negotiation key, a mixed premaster key is obtained through calculation, quantum attack can be effectively resisted through obtaining the mixed premaster key, data transmission is established according to the mixed premaster key, and the safety of the data transmission is guaranteed.

In some embodiments of the present application, the calculating the hybrid premaster secret according to the TLCP original algorithm negotiation secret and the anti-quantum algorithm negotiation secret includes:

and carrying out serial connection processing on the TLCP original algorithm negotiation key and the anti-quantum algorithm negotiation key to obtain the hybrid premaster key.

In the technical scheme, the TLCP original algorithm negotiation key and the anti-quantum algorithm negotiation key are processed in series, so that the TLCP original algorithm negotiation key and the anti-quantum algorithm negotiation key can be fused into the mixed premaster key, the mixed premaster key is difficult to break, and the transmission safety is improved.

In some embodiments of the present application, before sending the server hello message to the client, the method further includes:

adding a key negotiation type into an initial server-side algorithm suite;

and setting the format of the server-side key exchange message, the format of the anti-quantum algorithm negotiation key and the format of the hybrid premaster key according to the key negotiation type to obtain the server-side hello message.

In the technical scheme, when an anti-quantum algorithm is added in the original TLCP protocol, a corresponding format is set, so that the original TLCP protocol is supported, quantum attacks can be resisted, and a foundation is laid for subsequent expansion.

In some embodiments of the present application, after the sending of the server hello message to the client, the method further includes:

sending a first certificate verification request to the client, and receiving a verification certificate corresponding to the first certificate verification request sent by the client;

and receiving a second certificate verification request sent by the client, and returning a verification certificate corresponding to the second certificate verification request to the client.

In the technical scheme, the authentication of the client and the server is performed by exchanging authentication certificates, so that the security of data transmission is ensured.

In a second aspect, an embodiment of the present application provides a transmission processing method based on TLCP quantum security, applied to a client, where the method includes:

sending a client hello message to a server, wherein the client hello message comprises a client algorithm suite of an anti-quantum algorithm;

receiving a service end hello message sent by the service end, wherein the service end hello message comprises a service end algorithm suite negotiated with the client;

receiving a server key exchange message in the server algorithm suite sent by the server, wherein the server key exchange message comprises a server TLCP original algorithm key parameter and a server anti-quantum algorithm key parameter;

Sending a client key exchange message in the client algorithm suite to the server, wherein the client key exchange message comprises a client TLCP original algorithm key parameter and a client anti-quantum algorithm key parameter;

In some embodiments of the present application, before the sending the client hello message to the server, the method further includes:

adding a key negotiation type into an initial client algorithm suite;

setting the format of the client-side key exchange message, setting the format of the TLCP original algorithm negotiation key and setting the format of the hybrid premaster key under the condition that the key negotiation type is an anti-quantum negotiation type, so as to obtain the client-side hello message.

In some embodiments of the present application, after the receiving the server hello message sent by the server, the method further includes:

receiving a first certificate verification request sent by the server, and sending a verification certificate corresponding to the first certificate verification request to the server;

and sending a second certificate verification request to the server side so that the server side returns a verification certificate corresponding to the second certificate verification request.

In a third aspect, an embodiment of the present application provides a transmission processing system based on TLCP quantum security, where the system includes a client and a server, and the server includes:

the first receiving module is used for receiving a client hello message sent by a client, wherein the client hello message comprises a client algorithm suite of an anti-quantum algorithm;

the first sending module is used for sending a service end hello message to the client, wherein the service end hello message comprises a service end algorithm suite negotiated with the client;

the second sending module is used for sending a server key exchange message in the server algorithm suite to the client, wherein the server key exchange message comprises a server TLCP original algorithm key parameter and a server anti-quantum algorithm key parameter;

The second receiving module is used for receiving a client key exchange message in the client algorithm suite, which is sent by the client, wherein the client key exchange message comprises a client TLCP original algorithm key parameter and a client anti-quantum algorithm key parameter;

the first key negotiation module is used for obtaining a TLCP original algorithm negotiation key according to the client TLCP original algorithm key parameter and the server TLCP original algorithm key parameter, and obtaining an anti-quantum algorithm negotiation key according to the client anti-quantum algorithm key parameter and the server anti-quantum algorithm key parameter negotiation;

the first negotiation processing module is used for calculating a mixed premaster secret key according to the TLCP original algorithm negotiation secret key and the anti-quantum algorithm negotiation secret key, and establishing data transmission according to the mixed premaster secret key;

the client comprises:

the third sending module is used for sending a client hello message to the server, wherein the client hello message comprises a client algorithm suite of an anti-quantum algorithm;

the third receiving module is used for receiving a service end hello message sent by the service end, wherein the service end hello message comprises a service end algorithm suite negotiated with the client;

A fourth receiving module, configured to receive a server-side key exchange message in the server-side algorithm suite sent by the server-side, where the server-side key exchange message includes a server-side TLCP original algorithm key parameter and a server-side anti-quantum algorithm key parameter;

a fourth sending module, configured to send a client key exchange message in the client algorithm suite to the server, where the client key exchange message includes a client TLCP original algorithm key parameter and a client anti-quantum algorithm key parameter;

the second key negotiation module is used for obtaining a TLCP original algorithm negotiation key according to the client TLCP original algorithm key parameter and the server TLCP original algorithm key parameter, and obtaining an anti-quantum algorithm negotiation key according to the client anti-quantum algorithm key parameter and the server anti-quantum algorithm key parameter negotiation;

and the second negotiation processing module is used for calculating a mixed premaster secret key according to the TLCP original algorithm negotiation secret key and the anti-quantum algorithm negotiation secret key, and establishing data transmission according to the mixed premaster secret key.

In a fourth aspect, an embodiment of the present application provides an electronic device, including a processor, a memory, a user interface, and a network interface, where the memory is configured to store instructions, and the user interface and the network interface are configured to communicate with other devices, and the processor is configured to execute the instructions stored in the memory, so that the electronic device performs the method provided in any one of the first aspect and the second aspect.

In a fifth aspect, embodiments of the present application provide a computer-readable storage medium storing instructions that, when executed, perform the method of any one of the first and second aspects provided above.

In summary, one or more technical solutions provided in the embodiments of the present application at least have the following technical effects or advantages:

1. the anti-quantum algorithm is added in hello messages of the client and the server respectively, key negotiation is carried out through key exchange parameters, a mixed premaster key is obtained, and data transmission is carried out through the mixed premaster key, so that the problem that the safety of TLCP data transmission cannot be guaranteed under quantum computation in the related technology is effectively solved. According to the embodiment of the application, the safety of data transmission can be ensured in a quantum environment.

2. When an anti-quantum algorithm is added in the original TLCP protocol, a corresponding format is set, so that the original TLCP protocol is supported, quantum attacks can be resisted, and a foundation is laid for subsequent expansion.

Drawings

Fig. 1 is a schematic flow diagram of a server side of a transmission processing method based on TLCP quantum security according to an embodiment of the present application;

Fig. 2 is a schematic flow diagram of a server side of a transmission processing method based on TLCP quantum security according to another embodiment of the present application;

fig. 3 is a schematic flow diagram of a server side of a transmission processing method based on TLCP quantum security according to still another embodiment of the present application;

fig. 4 is a schematic flow diagram of a client of a transmission processing method based on TLCP quantum security according to an embodiment of the present application;

fig. 5 is a schematic flow diagram of a client of a transmission processing method based on TLCP quantum security according to another embodiment of the present application;

fig. 6 is a schematic flow diagram of a client of a transmission processing method based on TLCP quantum security according to still another embodiment of the present application;

fig. 7 is a schematic diagram of interaction between a client and a server in a transmission processing method based on TLCP quantum security according to an embodiment of the present application;

FIG. 8 is a schematic structural diagram of a transmission processing system based on TLCP quantum security according to one embodiment of the present application;

fig. 9 is a schematic structural diagram of an electronic device according to an embodiment of the present application.

Detailed Description

In order to make those skilled in the art better understand the technical solutions in the present specification, the technical solutions in the embodiments of the present specification will be clearly and completely described below with reference to the drawings in the embodiments of the present specification, and it is obvious that the described embodiments are only some embodiments of the present application, but not all embodiments.

In the description of embodiments of the present application, words such as "for example" or "for example" are used to indicate examples, illustrations or descriptions. Any embodiment or design described herein as "such as" or "for example" should not be construed as preferred or advantageous over other embodiments or designs. Rather, the use of words such as "or" for example "is intended to present related concepts in a concrete fashion.

In the description of the embodiments of the present application, the term "plurality" means two or more. For example, a plurality of systems means two or more systems, and a plurality of screen terminals means two or more screen terminals. Furthermore, the terms "first," "second," and the like, are used for descriptive purposes only and are not to be construed as indicating or implying relative importance or implicitly indicating an indicated technical feature. Thus, a feature defining "a first" or "a second" may explicitly or implicitly include one or more such feature. The terms "comprising," "including," "having," and variations thereof mean "including but not limited to," unless expressly specified otherwise.

In the related art, the TLCP standard specifies contents in terms of security mechanism, message format, key management, etc. of the TLCP. According to the standard, the encryption algorithm used by the TLCP supports a symmetric encryption algorithm and an asymmetric encryption algorithm, and supports public key algorithms such as RSA, ECC, and the like, and symmetric encryption algorithms such as AES, DES, and the like, and the TLCP also supports a plurality of digital signature algorithms, message authentication code algorithms, and pseudo-random number generation algorithms. However, with the advent and development of quantum computers, it may be a very simple matter to use the Shor algorithm to rapidly decompose integers, and most public key encryption algorithms are currently based on integer decomposition or discrete logarithm solution, which presents a great challenge to conventional public key encryption algorithms. The anti-quantum algorithm is an algorithm capable of resisting quantum computing, aims to protect data safety in a quantum environment, and designs a password algorithm with safety in a classical environment and a quantum environment. Therefore, research on a post quantum cryptography system capable of resisting quantum attack has been paid attention, however, the research is still lacking in terms of anti-quantum secure communication.

Based on the above, the embodiment of the application provides a transmission processing method, a transmission processing system and an electronic device based on TLCP quantum security, wherein the transmission processing method based on TLCP quantum security receives a client hello message sent by a client, the client hello message comprises a client algorithm suite of an anti-quantum algorithm, and the client algorithm suite of the anti-quantum algorithm is added in the client hello message, so that the anti-quantum attack is facilitated; sending a server hello message to the client, wherein the server hello message comprises a server algorithm suite negotiated with the client, and the server hello message is added with a server algorithm suite of an anti-quantum algorithm, so that the quantum attack can be resisted; sending a server key exchange message in a server algorithm suite to a client, wherein the server key exchange message comprises a server TLCP original algorithm key parameter and a server anti-quantum algorithm key parameter; receiving a client key exchange message sent by a client from a client algorithm suite, wherein the client key exchange message comprises a client TLCP original algorithm key parameter and a client anti-quantum algorithm key parameter, and the client and a server exchange parameters are beneficial to obtaining a negotiation key according to the parameters; obtaining a TLCP original algorithm negotiation key according to the client TLCP original algorithm key parameter and the server TLCP original algorithm key parameter, and obtaining an anti-quantum algorithm negotiation key according to the client anti-quantum algorithm key parameter and the server anti-quantum algorithm key parameter negotiation; according to the TLCP original algorithm negotiation key and the anti-quantum algorithm negotiation key, a mixed premaster key is obtained through calculation, quantum attack can be effectively resisted through obtaining the mixed premaster key, data transmission is established according to the mixed premaster key, and the safety of the data transmission is guaranteed. Compared with the prior art that the security of TLCP data transmission cannot be guaranteed under quantum computing, the method and the device can guarantee the security of data transmission under a quantum environment.

It should be noted that, the TLCP quantum security-based transmission processing method is used for encrypting transmission, protecting the security of data by encrypting the data, and can also be used in combination with other protocols (such as secure socket layer SSL) to prevent man-in-the-middle attack; the integrity of the data is verified and protected by using digital signature and other mechanisms, so that the data is prevented from being tampered; the method can also be used for ensuring the identities of both communication parties, preventing unauthorized attacks and the like, and ensuring the security of data in the transmission process.

The technical scheme provided by the embodiment of the application is further described below with reference to the accompanying drawings.

Referring to fig. 1, fig. 1 is a schematic flow diagram of a server side of a transmission processing method based on TLCP quantum security according to an embodiment of the present application. The transmission processing method based on TLCP quantum security is applied to a server side, and is executed by an electronic device or a processor in a readable storage medium, and comprises the steps of S110, S120, S130, S140, S150 and S160.

Step S110, a client hello message sent by a client is received, where the client hello message includes a client algorithm suite of anti-quantum algorithms.

In an embodiment, the client sends a client hello message to the server, where the client hello message is different from the hello message in the original TLCP, and the client hello message includes a client algorithm suite of anti-quantum algorithm, and the server receives the client hello message sent by the client, and transmits the client algorithm suite of anti-quantum algorithm through the hello message, so that subsequent key negotiation is facilitated, so as to realize security of data transmission. It should be noted that, a client algorithm suite of an anti-quantum algorithm is added in the client hello message, and the client algorithm suite is compatible with the original TLCP, and can also ensure the security of communication. The anti-quantum algorithm client algorithm suite represents that the key negotiation uses the SM algorithm and the anti-quantum algorithm hybrid key negotiation, and the anti-quantum algorithm can be CRYSTALS-Kyber anti-quantum algorithm, which is a key exchange algorithm based on a Morgan Philippine algebra and polynomial ring, and the key exchange algorithm can exchange keys under the premise of safety. At present, the Kyber algorithm is mainly applied to key exchange, the Kyber algorithm defines a plurality of groups of different parameters according to different requirements, and the anti-quantum algorithm adopts the Kyber algorithm. Illustratively, the client algorithm suite represents key agreement using SM2 and Kyber hybrid key agreement. It should be noted that the client algorithm suite may be expressed as:

Tlcp_sm2_kyber 768_sm2_with_sm4_gcm_sm3= {0xe1,0x11}. Both the client algorithm suite and the server-side algorithm suite are described below by way of example with SM2 and Kyber.

Step S120, a server hello message is sent to the client, where the server hello message includes a server algorithm suite negotiated with the client.

In an embodiment, the server receives a client hello message sent by the client, and the server sends a server hello message to the client, where the server hello message is also different from the hello message in the original TLCP, and the server hello message includes a service end algorithm set negotiated with the client, and because the client hello message may include multiple algorithms, the service end algorithm set is a negotiated algorithm set, and the service end algorithm set of the quantum-resistant algorithm negotiated through hello message transmission is beneficial to subsequent key negotiation to achieve security of data transmission. It should be noted that, adding the service end algorithm suite of the anti-quantum algorithm in the service end hello message is compatible with the original TLCP, and can also ensure the security of communication. The server-side algorithm suite corresponding to the client-side algorithm suite represents that the key negotiation uses the SM algorithm and the anti-quantum algorithm hybrid key negotiation, the anti-quantum algorithm can be a CRYSTALS-Kyber anti-quantum algorithm, currently, the Kyber algorithm is mainly applied to key exchange, the Kyber algorithm defines a plurality of groups of different parameters according to different requirements, and the anti-quantum algorithm adopts the Kyber algorithm. The service-side algorithm suite is similar to the client-side algorithm suite in terms of representation and will not be described in detail herein.

Step S130, a server key exchange message in a server algorithm suite is sent to the client, wherein the server key exchange message comprises a server TLCP original algorithm key parameter and a server anti-quantum algorithm key parameter.

In an embodiment, the client and the server exchange not only hello messages but also key parameters for key agreement. The server sends a server key exchange message in a server algorithm suite to the client, wherein the server key exchange message comprises a server TLCP original algorithm key parameter and a server anti-quantum algorithm key parameter, and parameter exchange between the client and the server is realized. It should be noted that, the key parameter of the original algorithm of the server TLCP included in the key exchange message of the server is the parameter of the encryption algorithm supported by the original TLCP, and on this basis, the key parameter of the anti-quantum algorithm of the server is added, so that the subsequently obtained hybrid premaster key can resist quantum attack, adapt to the hello message of the server, and also use the original TLCP. The original TLCP is a common protocol without an anti-quantum algorithm added.

Step S140, receiving a client key exchange message in a client algorithm suite sent by a client, where the client key exchange message includes a client TLCP original algorithm key parameter and a client anti-quantum algorithm key parameter.

In an embodiment, the client and the server exchange not only hello messages but also key parameters for key agreement. The client sends a client key exchange message in the client algorithm suite to the server, and the server receives the client key exchange message in the client algorithm suite sent by the client, wherein the client key exchange message comprises a client TLCP original algorithm key parameter and a client anti-quantum algorithm key parameter, so that parameter exchange between the client and the server is realized. It should be noted that, the original algorithm key parameter of the client TLCP included in the client key exchange message is the parameter of the encryption algorithm supported by the original TLCP, and on this basis, the anti-quantum algorithm key parameter of the client is added, so that the subsequently obtained hybrid premaster key can resist quantum attack, adapt to the client hello message, and also use the original TLCP. The original TLCP is a common protocol without an anti-quantum algorithm added.

Step S150, a TLCP original algorithm negotiation key is obtained according to the client TLCP original algorithm key parameter and the server TLCP original algorithm key parameter, and an anti-quantum algorithm negotiation key is obtained according to the client anti-quantum algorithm key parameter and the server anti-quantum algorithm key parameter negotiation.

In an embodiment, the TLCP primary algorithm negotiation key is obtained by negotiating the client TLCP primary algorithm key parameter and the server TLCP primary algorithm key parameter obtained by exchanging in step S130 and step S140, which is beneficial to obtaining the hybrid premaster key according to the TLCP primary algorithm negotiation key. And according to the client side anti-quantum algorithm key parameter obtained by exchanging the step S130 and the step S140 and the client side anti-quantum algorithm key parameter, an anti-quantum algorithm negotiation key is obtained, and the method is beneficial to obtaining a mixed premaster key according to the anti-quantum algorithm negotiation key in the follow-up process. The TLCP original algorithm negotiation key may be a sm2 encrypted shared key, and the anti-quantum algorithm negotiation key may be a shared key calculated by Kyber768, where Kyber768 is an algorithm defined by using a broad set of parameters. And the shared secret key can also be a kyber512 and a kyber1024, and can also be a shared secret key of other anti-quantum algorithms, which are applicable as well and are not described herein.

Step S160, a mixed premaster secret key is obtained through calculation according to the TLCP original algorithm negotiation secret key and the anti-quantum algorithm negotiation secret key, and data transmission is established according to the mixed premaster secret key.

In an embodiment, a hybrid premaster key is obtained by calculating a TLCP original algorithm negotiation key and an anti-quantum algorithm negotiation key, specifically, the TLCP original algorithm negotiation key and the anti-quantum algorithm negotiation key are processed in series to obtain the hybrid premaster key, and data transmission is established according to the hybrid premaster key, so that quantum attack can be resisted, and the security of the data transmission is ensured. The tandem processing may be to perform or process the TLCP original algorithm negotiation key and the anti-quantum algorithm negotiation key to obtain a hybrid premaster key, or may be to connect the TLCP original algorithm negotiation key and the anti-quantum algorithm negotiation key to obtain a hybrid premaster key. The hybrid premaster secret may be expressed as: premaster_secret=z||k, Z is the TLCP original algorithm negotiation key, and K is the anti-quantum algorithm negotiation key.

As shown in fig. 2, before sending the server hello message to the client, the TLCP quantum security based transmission processing method further includes, but is not limited to, the following steps:

step S210, adding a key negotiation type to the initial server-side algorithm suite.

In an embodiment, before the client hello message is sent to the server, a hello message of the original TLCP protocol is defined in structure, an algorithm suite included in the hello message of the original TLCP protocol is recorded as an initial server algorithm suite, a key negotiation type is added to the initial server algorithm suite on the basis of the initial server algorithm suite, an SM2 negotiation key is used in the initial server algorithm suite, a kyber768 negotiation key is added on the basis of the initial server algorithm suite, and the added key negotiation type can be expressed as sm2_kyber.

Illustratively, the TLCP protocol messages are extended before adding the key agreement type to the initial server-side algorithm suite. First, the extension of the Hello message is defined as follows:

struct{

ExtensionType extension_type；

opaque extension_data<0..2^16-1>；

}Extension；

on the basis, the Kyber algorithm negotiates an extension item, and the type of the extension item is defined as follows:

enum{

pq_kem_parameters(0xFE01)

}ExtensionType；

the values of the extension items are defined as follows:

struct{

NamedGroup named_group_list<1..2^16-1>；

}NamedGroupListExtension；

the single element PQKEM of the value of the extension term is defined as follows:

enum{

KYBER768-R3(19)，

}NamedPQKEM(2^16-1)；

pq_ KEM _parameters are a list of post-quantum KEMs supported by the client, such as Kyber512, kyber768, etc., with priorities from high to low.

Adding an extension, i.e. adding a key agreement type, is expressed as:

enu{sm2_kyber}KeyExchangeAlgorithm。

step S220, according to the key negotiation type, the format of the key exchange message of the server is set, the format of the anti-quantum algorithm negotiation key is set, and the format of the mixed premaster key is set, so as to obtain the hello message of the server.

In an embodiment, since the algorithm suite is extended, the format of the exchange parameter information is extended according to the extended key negotiation type, the format of the server key exchange message is set, the server anti-quantum algorithm key parameter is added to the exchange parameter, the format of the negotiation key is changed, the format of the anti-quantum algorithm negotiation key is set, and the format of the hybrid premaster key is set so as to support the extension, and the method is compatible with the original TLCP protocol, so that the server algorithm suite is obtained, and further the server hello message is obtained. The method is beneficial to realizing safe data transmission through hello message negotiation suite.

Illustratively, the server side change ServerKeyExchange message is as follows:

struct{

select (KeyExchangeAlgorithm){

case sm2_kyber：

ServerPQKEMParams params；

digitally-signed struct{

opaque client_random[32]；

opaque server_random[32]；

opaque ASN.1Cert<1..2^24-1>；

ServerPQKEMParams pq_kem_params；

} signed_params；

}；

}ServerKeyExchange；

struct{

NamedPQKEM named_params；

PQKEMPublicKey public；

}ServerPQKEMParams；

struct{

opaque public_key<1,...,2^24 - 1>；

}PQKEMPublicKey；

the main difference from the original TLCP is that the message contains 'serverpqkempanams', and the signed data contains the message.

As shown in fig. 3, after sending the server hello message to the client, the TLCP quantum security based transmission processing method further includes, but is not limited to, the following steps:

step S310, a first certificate verification request is sent to the client, and the receiving client sends a verification certificate corresponding to the first certificate verification request.

In an embodiment, after the server sends a server hello message to the client, the client may perform identity verification on the client, and under the condition that the server verifies the identity of the client, the server sends a first certificate verification request to the client, the client receives the first certificate verification request sent by the server, sends a verification certificate corresponding to the first certificate verification request to the server, and receives the verification certificate corresponding to the first certificate verification request from the client, thereby realizing the identity verification of the client by the server and realizing the secure transmission.

Step S320, receiving a second certificate verification request sent by the client, and returning a verification certificate corresponding to the second certificate verification request to the client.

In an embodiment, to ensure the security of the information, the client may further perform identity authentication on the server, where the client sends a second certificate authentication request to the server, and the server receives the second certificate authentication request sent by the client and returns an authentication certificate corresponding to the second certificate authentication request to the client, so that the client performs identity authentication on the server, and ensures the security of data transmission.

Referring to fig. 4, fig. 4 is a schematic flow diagram of a client of a transmission processing method based on TLCP quantum security according to an embodiment of the present application. The transmission processing method based on TLCP quantum security is applied to the client, and is executed by the electronic device or a processor in the readable storage medium, and comprises the steps of S410, S420, S430, S440, S450 and S460.

In step S410, a client hello message is sent to the server, where the client hello message includes a client algorithm suite of anti-quantum algorithms.

In an embodiment, the client sends a client hello message to the server, where the client hello message is different from the hello message in the original TLCP, and the client hello message includes a quantum algorithm resistant client algorithm suite, and the quantum algorithm resistant client algorithm suite is transmitted through the hello message, so that subsequent key negotiation is facilitated, so as to realize security of data transmission. It should be noted that, a client algorithm suite of an anti-quantum algorithm is added in the client hello message, and the client algorithm suite is compatible with the original TLCP, and can also ensure the security of communication. The client hello message is already introduced in step S110, and will not be described here.

Step S420, a server hello message sent by the server is received, where the server hello message includes a server algorithm suite negotiated with the client.

In an embodiment, the server receives a client hello message sent from the client, the server sends the client hello message to the client, the client receives the server hello message sent by the server, the server hello message is also different from the hello message in the original TLCP, the server hello message includes a service end algorithm suite of an anti-quantum algorithm negotiated with the client, and the service end algorithm suite of the anti-quantum algorithm included in the client hello message corresponds to the service end algorithm suite of the anti-quantum algorithm, so that key negotiation is facilitated to be performed subsequently through the service end algorithm suite of the anti-quantum algorithm transmitted by the hello message, so as to realize security of data transmission. It should be noted that, adding the service end algorithm suite of the anti-quantum algorithm in the service end hello message is compatible with the original TLCP, and can also ensure the security of communication.

Step S430, receiving a server key exchange message in a server algorithm suite sent by a server, wherein the server key exchange message comprises a server TLCP original algorithm key parameter and a server anti-quantum algorithm key parameter.

In an embodiment, the client and the server exchange not only hello messages but also key parameters for key agreement. The server sends a server key exchange message in the server algorithm suite to the client, the client receives the server key exchange message sent by the server, and the server key exchange message comprises a server TLCP original algorithm key parameter and a server anti-quantum algorithm key parameter, so that parameter exchange between the client and the server is realized. It should be noted that, the key parameter of the original algorithm of the server TLCP included in the key exchange message of the server is the parameter of the encryption algorithm supported by the original TLCP, and on this basis, the key parameter of the anti-quantum algorithm of the server is added, so that the subsequently obtained hybrid premaster key can resist quantum attack, adapt to the hello message of the server, and also use the original TLCP. The original TLCP is a common protocol without an anti-quantum algorithm added.

Step S440, the client key exchange message in the client algorithm suite is sent to the server, and the client key exchange message comprises the client TLCP original algorithm key parameter and the client anti-quantum algorithm key parameter.

In an embodiment, the client and the server exchange not only hello messages but also key parameters for key agreement. The client sends a client key exchange message in a client algorithm suite to the server according to a server key exchange message sent by the server, wherein the client key exchange message comprises a client TLCP original algorithm key parameter and a client anti-quantum algorithm key parameter, and parameter exchange between the client and the server is achieved. It should be noted that, the original algorithm key parameter of the client TLCP included in the client key exchange message is the parameter of the encryption algorithm supported by the original TLCP, and on this basis, the anti-quantum algorithm key parameter of the client is added, so that the subsequently obtained hybrid premaster key can resist quantum attack, adapt to the client hello message, and also use the original TLCP. The original TLCP is a common protocol without an anti-quantum algorithm added.

Step S450, a TLCP original algorithm negotiation key is obtained according to the client TLCP original algorithm key parameter and the server TLCP original algorithm key parameter, and an anti-quantum algorithm negotiation key is obtained according to the client anti-quantum algorithm key parameter and the server anti-quantum algorithm key parameter negotiation.

In an embodiment, the TLCP primary algorithm negotiation key is obtained by negotiating the client TLCP primary algorithm key parameter and the server TLCP primary algorithm key parameter obtained by exchanging in step S430 and step S440, which is beneficial to obtaining the hybrid premaster key according to the TLCP primary algorithm negotiation key. The client side anti-quantum algorithm key parameter obtained according to the exchange of the step S430 and the step S440 and the client side anti-quantum algorithm key parameter are negotiated to obtain an anti-quantum algorithm negotiation key, which is beneficial to obtaining a mixed premaster key according to the anti-quantum algorithm negotiation key in the follow-up process

Step S460, a mixed premaster secret key is obtained through calculation according to the TLCP original algorithm negotiation secret key and the anti-quantum algorithm negotiation secret key, and data transmission is established according to the mixed premaster secret key.

In an embodiment, a hybrid premaster key is obtained by calculating a TLCP original algorithm negotiation key and an anti-quantum algorithm negotiation key, specifically, the TLCP original algorithm negotiation key and the anti-quantum algorithm negotiation key are processed in series to obtain the hybrid premaster key, and data transmission is established according to the hybrid premaster key, so that quantum attack can be resisted, and the security of the data transmission is ensured. The tandem processing may be to perform or process the TLCP original algorithm negotiation key and the anti-quantum algorithm negotiation key to obtain a hybrid premaster key, or may be to connect the TLCP original algorithm negotiation key and the anti-quantum algorithm negotiation key to obtain a hybrid premaster key. The hybrid premaster secret is represented in a manner similar to the client and will not be described in detail herein.

As shown in fig. 5, before sending the client hello message to the server, the TLCP quantum security based transmission processing method further includes, but is not limited to, the following steps:

step S510, adding a key agreement type to the initial client algorithm suite.

In an embodiment, before sending a client hello message to a server, a hello message of an original TLCP protocol is defined in structure, an algorithm set included in the hello message of the original TLCP protocol is recorded as an initial client algorithm set, and a key negotiation type is added to the initial client algorithm set based on the initial client algorithm set, and a format definition and an adding manner are similar to those of the server, which are not described herein.

Step S520, according to the key negotiation type, the format of the client key exchange message is set, the format of the TLCP original algorithm negotiation key is set, and the format of the hybrid premaster key is set, so as to obtain the client hello message.

In an embodiment, since the algorithm suite is extended, the format of exchange parameter information is extended according to the extended key negotiation type, the format of a client key exchange message is set, the client quantum-resistant algorithm key parameter is added to the exchange parameter, the format of the negotiation key is changed, the format of the TLCP original algorithm negotiation key and the format of the hybrid premaster key are set to support the extension, and the method is compatible with the original TLCP protocol, so that the client algorithm suite is obtained, and further the client hello message is obtained. The method is beneficial to realizing safe data transmission through hello message negotiation suite.

Illustratively, the client change ServerKeyExchange message is as follows:

struct{

select (KeyExchangeAlgorithm){

case sm2_kyber：

EncryptedPreMasterSecret encyrptedPremasterSecret；

PQKEMCiphertext ciphertext；

} exchange_keys；

}ClientKeyExchange；

struct{

public-key-encrypted PreMasterSecret pre_master_secret；

}EncryptedPreMasterSecret；

struct{

ProtocolVersion client_version；

opaque random[46]；

}PreMasterSecret；

struct{

opaque ciphertext<1,...,2^24-1>；

}PQKEMCiphertext；

the main difference is that 'PQKEMCipherext' is newly added for negotiating the shared key of Kyber.

The master key generation process is changed as follows:

master_secret = PRF(pre_master_secret, "master secret"，

ClientHello.random + ServerHello.random)

[0..47]：

pre_master_secret=SM2||Kyber。

as shown in fig. 6, after receiving the server hello message sent by the server, the TLCP quantum security based transmission processing method further includes, but is not limited to, the following steps:

step S610, a first certificate verification request sent by the server is received, and a verification certificate corresponding to the first certificate verification request is sent to the server.

In an embodiment, after the server sends the server hello message to the client, identity authentication may be performed on the client, the server sends a first certificate verification request to the client, and the client receives the first certificate verification request sent by the server and sends a verification certificate corresponding to the first certificate verification request to the server, so that the server performs identity verification on the client, thereby realizing secure transmission.

Step S620, a second certificate verification request is sent to the server, so that the server returns a verification certificate corresponding to the second certificate verification request.

In an embodiment, to ensure the security of the information, the server may perform identity authentication, where the client sends a second certificate authentication request to the server, so that the server returns an authentication certificate corresponding to the second certificate authentication request, thereby implementing the identity authentication of the server and ensuring the security of data transmission.

As shown in fig. 7, the embodiment of the application provides a schematic diagram of interaction between a client and a server in a transmission processing method based on TLCP quantum security, the client sends a client hello message to the server, the server receives the client hello message and sends the server hello message to the client, the server and the client perform parameter exchange such as an identity certificate verification request and a key exchange parameter, wherein the hello message is different from the hello message of the original TLCP protocol, the client hello message and the server hello message both include anti-quantum algorithms, and the server key exchange message and the client key exchange message both include anti-quantum parameters, so that quantum attack can be resisted and the security of data transmission is ensured. The server side sends a server side hello message ending message to the client side, the client side sends a completion message to the server side, and the server side sends the completion message to the client side to establish data communication.

It should be noted that, the client adds an anti-quantum algorithm in the client hello message, the server adds an anti-quantum algorithm in the server hello message, and when negotiating, the client and any one of the server do not negotiate a set of anti-quantum algorithms, the client and the server process according to the original TLCP, and the processing procedure is not repeated here.

As shown in fig. 8, an embodiment of the present application provides a transmission processing system 100 based on TLCP quantum security, where the system 100 includes a client 110 and a server 120, and the server 120 receives, through a first receiving module 121, a client hello message sent by the client, where the client hello message includes a client algorithm suite of anti-quantum algorithms; transmitting a server hello message to the client by using the first transmitting module 122, wherein the server hello message comprises a server algorithm suite negotiated with the client; then, a second sending module 123 is adopted to send a server key exchange message in a server algorithm suite to the client, wherein the server key exchange message comprises a server TLCP original algorithm key parameter and a server anti-quantum algorithm key parameter; receiving, by the second receiving module 124, a client key exchange message in a client algorithm suite sent by a client, where the client key exchange message includes a client TLCP original algorithm key parameter and a client anti-quantum algorithm key parameter; the first key negotiation module 125 is adopted to obtain a TLCP original algorithm negotiation key according to the client TLCP original algorithm key parameter and the server TLCP original algorithm key parameter, and an anti-quantum algorithm negotiation key is obtained according to the client anti-quantum algorithm key parameter and the server anti-quantum algorithm key parameter negotiation; calculating a mixed premaster secret key according to the TLCP original algorithm negotiation secret key and the anti-quantum algorithm negotiation secret key by utilizing a first negotiation processing module 126, and establishing data transmission according to the mixed premaster secret key; the client sends a client hello message to the server through the third sending module 111, wherein the client hello message comprises a client algorithm suite of an anti-quantum algorithm; receiving a service side hello message sent by a service side by using a third receiving module 112, wherein the service side hello message comprises a service side algorithm suite negotiated with a client side; then, a fourth receiving module 113 is adopted to receive a server key exchange message in a server algorithm suite sent by the server, wherein the server key exchange message comprises a server TLCP original algorithm key parameter and a server anti-quantum algorithm key parameter; transmitting a client key exchange message in a client algorithm suite to a server by using a fourth transmitting module 114, wherein the client key exchange message comprises a client TLCP original algorithm key parameter and a client anti-quantum algorithm key parameter; a second key negotiation module 115 is adopted to obtain a TLCP original algorithm negotiation key according to the client TLCP original algorithm key parameter and the server TLCP original algorithm key parameter, and an anti-quantum algorithm negotiation key is obtained according to the client anti-quantum algorithm key parameter and the server anti-quantum algorithm key parameter negotiation; and calculating a mixed premaster secret key according to the TLCP original algorithm negotiation secret key and the anti-quantum algorithm negotiation secret key by using a second negotiation processing module 116, and establishing data transmission according to the mixed premaster secret key. The transmission processing system 100 based on TLCP quantum security can resist quantum attack through the quantum resisting algorithm after the client side negotiates with the server side, and ensure the security of data transmission.

Also to be described is: in the device provided in the above embodiment, when implementing the functions thereof, only the division of the above functional modules is used as an example, in practical application, the above functional allocation may be implemented by different functional modules according to needs, that is, the internal structure of the device is divided into different functional modules, so as to implement all or part of the functions described above. In addition, the embodiments of the apparatus and the method provided in the foregoing embodiments belong to the same concept, and specific implementation processes of the embodiments of the method are detailed in the method embodiments, which are not repeated herein.

The application also discloses electronic equipment. Referring to fig. 9, fig. 9 is a schematic structural diagram of an electronic device according to the disclosure of the embodiment of the present application. The electronic device 500 may include: at least one processor 501, at least one network interface 504, a user interface 503, a memory 505, at least one communication bus 502.

Wherein a communication bus 502 is used to enable connected communications between these components.

The user interface 503 may include a Display screen (Display) and a Camera (Camera), and the optional user interface 503 may further include a standard wired interface and a standard wireless interface.

The network interface 504 may optionally include a standard wired interface, a wireless interface (e.g., WI-FI interface), among others.

Wherein the processor 501 may include one or more processing cores. The processor 501 connects various parts throughout the server using various interfaces and lines to perform various functions and processes of the server by executing or executing instructions, programs, code sets, or instruction sets stored in the memory 505, and invoking data stored in the memory 505. Alternatively, the processor 501 may be implemented in hardware in at least one of digital signal processing (Digital Signal Processing, DSP), field programmable gate array (Field-Programmable Gate Array, FPGA), programmable logic array (Programmable Logic Array, PLA). The processor 501 may integrate one or a combination of several of a central processing unit (Central Processing Unit, CPU), an image processor (Graphics Processing Unit, GPU), and a modem, etc. The CPU mainly processes an operating system, a user interface, an application program and the like; the GPU is used for rendering and drawing the content required to be displayed by the display screen; the modem is used to handle wireless communications. It will be appreciated that the modem may not be integrated into the processor 501 and may be implemented by a single chip.

The Memory 505 may include a random access Memory (Random Access Memory, RAM) or a Read-Only Memory (Read-Only Memory). Optionally, the memory 505 comprises a non-transitory computer readable medium (non-transitory computer-readable storage medium). Memory 505 may be used to store instructions, programs, code sets, or instruction sets. The memory 505 may include a stored program area and a stored data area, wherein the stored program area may store instructions for implementing an operating system, instructions for at least one function (such as a touch function, a sound playing function, an image playing function, etc.), instructions for implementing the above-described various method embodiments, etc.; the storage data area may store data or the like involved in the above respective method embodiments. The memory 505 may also optionally be at least one storage device located remotely from the processor 501. Referring to fig. 9, an operating system, a network communication module, a user interface module, and an application program of a transmission processing method based on TLCP quantum security may be included in the memory 505 as a computer storage medium.

In the electronic device 500 shown in fig. 9, the user interface 503 is mainly used for providing an input interface for a user, and acquiring data input by the user; and the processor 501 may be configured to invoke an application in the memory 505 that stores a TLCP quantum secure based transport processing method, which when executed by the one or more processors 501, causes the electronic device 500 to perform the method as in one or more of the embodiments described above. It should be noted that, for simplicity of description, the foregoing method embodiments are all expressed as a series of action combinations, but it should be understood by those skilled in the art that the present application is not limited by the order of actions described, as some steps may be performed in other order or simultaneously in accordance with the present application. Further, those skilled in the art will also appreciate that the embodiments described in the specification are all preferred embodiments, and that the acts and modules referred to are not necessarily required in the present application.

In the foregoing embodiments, the descriptions of the embodiments are emphasized, and for parts of one embodiment that are not described in detail, reference may be made to related descriptions of other embodiments.

In the several embodiments provided herein, it should be understood that the disclosed apparatus may be implemented in other ways. For example, the apparatus embodiments described above are merely illustrative, such as a division of units, merely a division of logic functions, and there may be additional divisions in actual implementation, such as multiple units or components may be combined or integrated into another system, or some features may be omitted, or not performed. Alternatively, the coupling or direct coupling or communication connection shown or discussed with each other may be through some service interface, device or unit indirect coupling or communication connection, electrical or otherwise.

The units described as separate units may or may not be physically separate, and units shown as units may or may not be physical units, may be located in one place, or may be distributed over a plurality of network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.

In addition, each functional unit in each embodiment of the present application may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit. The integrated units may be implemented in hardware or in software functional units.

The integrated units, if implemented in the form of software functional units and sold or used as stand-alone products, may be stored in a computer readable memory. Based on such understanding, the technical solution of the present application may be embodied in essence or a part contributing to the prior art or all or part of the technical solution in the form of a software product stored in a memory, including several instructions for causing a computer device (which may be a personal computer, a server or a network device, etc.) to perform all or part of the steps of the methods of the embodiments of the present application. And the aforementioned memory includes: various media capable of storing program codes, such as a U disk, a mobile hard disk, a magnetic disk or an optical disk.

The above are merely exemplary embodiments of the present disclosure and are not intended to limit the scope of the present disclosure. That is, equivalent changes and modifications are contemplated by the teachings of this disclosure, which fall within the scope of the present disclosure. Other embodiments of the disclosure will be apparent to those skilled in the art from consideration of the specification and practice of the disclosure.

This application is intended to cover any adaptations, uses, or adaptations of the disclosure following, in general, the principles of the disclosure and including such departures from the present disclosure as come within known or customary practice within the art to which the disclosure pertains. It is intended that the specification and examples be considered as exemplary only, with a scope and spirit of the disclosure being indicated by the claims.

Claims

1. The transmission processing method based on TLCP quantum security is characterized by being applied to a server side, and comprises the following steps:

2. The method of claim 1, wherein the computing the hybrid premaster secret from the TLCP original algorithm negotiation secret and the anti-quantum algorithm negotiation secret comprises:

3. The method of claim 1, wherein prior to sending a server hello message to the client, the method further comprises:

adding a key negotiation type into an initial server-side algorithm suite;

4. The method of claim 1, wherein after said sending a server hello message to said client, said method further comprises:

5. A transmission processing method based on TLCP quantum security, which is applied to a client, the method comprising:

6. The method of claim 5, wherein prior to said sending the client hello message to the server, the method further comprises:

adding a key negotiation type into an initial client algorithm suite;

7. The method of claim 5, wherein after said receiving a server hello message sent by the server, the method further comprises:

8. A TLCP quantum security based transmission processing system, the system comprising a client (110) and a server (120), the server (120) comprising:

a first receiving module (121) configured to receive a client hello message sent by a client, where the client hello message includes a client algorithm suite of anti-quantum algorithms;

a first sending module (122) configured to send a server hello message to the client, where the server hello message includes a server algorithm suite negotiated with the client;

a second sending module (123) configured to send a server-side key exchange message in the server-side algorithm suite to the client, where the server-side key exchange message includes a server-side TLCP original algorithm key parameter and a server-side anti-quantum algorithm key parameter;

a second receiving module (124) configured to receive a client key exchange message in the client algorithm suite sent by the client, where the client key exchange message includes a client TLCP original algorithm key parameter and a client anti-quantum algorithm key parameter;

The first key negotiation module (125) is configured to obtain a TLCP original algorithm negotiation key according to the client TLCP original algorithm key parameter and the server TLCP original algorithm key parameter, and obtain an anti-quantum algorithm negotiation key according to the client anti-quantum algorithm key parameter and the server anti-quantum algorithm key parameter negotiation;

a first negotiation processing module (126) configured to calculate a hybrid premaster secret according to the TLCP original algorithm negotiation secret and the anti-quantum algorithm negotiation secret, and establish data transmission according to the hybrid premaster secret;

the client (110) comprises:

a third sending module (111) configured to send a client hello message to a server, where the client hello message includes a client algorithm suite of anti-quantum algorithms;

a third receiving module (112) configured to receive a server hello message sent by the server, where the server hello message includes a server algorithm suite negotiated with the client;

a fourth receiving module (113) configured to receive a server-side key exchange message in the server-side algorithm suite sent by the server-side, where the server-side key exchange message includes a server-side TLCP original algorithm key parameter and a server-side anti-quantum algorithm key parameter;

A fourth sending module (114) configured to send a client key exchange message in the client algorithm suite to the server, where the client key exchange message includes a client TLCP original algorithm key parameter and a client anti-quantum algorithm key parameter;

the second key negotiation module (115) is configured to obtain a TLCP original algorithm negotiation key according to the client TLCP original algorithm key parameter and the server TLCP original algorithm key parameter, and obtain an anti-quantum algorithm negotiation key according to the client anti-quantum algorithm key parameter and the server anti-quantum algorithm key parameter negotiation;

and the second negotiation processing module (116) is used for calculating a mixed premaster secret key according to the TLCP original algorithm negotiation secret key and the anti-quantum algorithm negotiation secret key, and establishing data transmission according to the mixed premaster secret key.

9. An electronic device comprising a processor (501), a memory (505), a user interface (503), a communication bus (502) and a network interface (504), the processor (501), the memory (505), the user interface (503) and the network interface (504) being respectively connected to the communication bus (502), the memory (505) being for storing instructions, the user interface (503) and the network interface (504) being for communicating to other devices, the processor (501) being for executing the instructions stored in the memory (505) for causing the electronic device (500) to perform the method according to any one of claims 1-4 and 5-7.

10. A computer readable storage medium storing instructions which, when executed, perform the method of any one of claims 1-4 and claims 5-7.