CN104283680A - Data transmission method, client side, server and system - Google Patents

Data transmission method, client side, server and system Download PDF

Info

Publication number
CN104283680A
CN104283680A CN201310282061.7A CN201310282061A CN104283680A CN 104283680 A CN104283680 A CN 104283680A CN 201310282061 A CN201310282061 A CN 201310282061A CN 104283680 A CN104283680 A CN 104283680A
Authority
CN
China
Prior art keywords
key
data
client
account information
service server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201310282061.7A
Other languages
Chinese (zh)
Inventor
凌星
吴江能
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tencent Technology Shenzhen Co Ltd
Original Assignee
Tencent Technology Shenzhen Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tencent Technology Shenzhen Co Ltd filed Critical Tencent Technology Shenzhen Co Ltd
Priority to CN201310282061.7A priority Critical patent/CN104283680A/en
Publication of CN104283680A publication Critical patent/CN104283680A/en
Pending legal-status Critical Current

Links

Landscapes

  • Information Transfer Between Computers (AREA)

Abstract

The embodiment of the invention discloses a data transmission method, client side, server and system. The method comprises the steps that when the client side carries out data transmission with the service server, the client side obtains a first secret key and a second secret key correlative to corresponding account information of the client side, wherein the first secret key is generated by encrypting the second secret key through a preset third secret key; the client side encrypts the data to be transmitted through the second secret key; the client side transmits the encrypted data and the first secret key to the service server, so that the service server decrypts the encrypted data according to the first secrete key and the preset third secret key. The method can improve data safety of a user and improve user experience.

Description

A kind of method of transfer of data, client, server and system thereof
Technical field
The present invention relates to field of computer technology, be specifically related to technical field of data transmission, particularly relate to a kind of method of transfer of data, client, server and system thereof.
Background technology
Along with burning the wind of Internet technology, the life networking day by day of people, informationization.In order to provide information service accurately to user, client often needs to provide oneself relevant data message to server, when user performs some operation simultaneously, need equally to provide related data to server, server, according to relevant user profile consumer positioning demand, is better supplied to user's service.
The Internet is as an open system, for people provide service miscellaneous, but it is incomplete for the consideration of the fail safe of data, such as based on HTTP(Hypertext Transfer Protocol, HTML (Hypertext Markup Language)) network service, in order to prevent the data leak of user, general processing mode is for passing through encrypted packets, but information stealth person by intercepting and capturing key, can crack user data or carrying out user's camouflage.Therefore the Information Security of user can not still be ensured, and user is when using client to log in multiple webserver, need repeatedly to carry out authentication to be encrypted to obtain different double secret key data, have impact on the efficiency of transfer of data, reduce the experience of user.
Summary of the invention
The embodiment of the present invention provides a kind of method of transfer of data, client, server and system thereof, can improve the Information Security of user, promotes Consumer's Experience.
First aspect present invention provides a kind of method of transfer of data, can comprise:
When client and service server carry out transfer of data, the first key that the described client acquisition account information corresponding with described client is associated and the second key, described first key is encrypted the key of generation for adopting the second key described in the 3rd default double secret key;
Described client adopts described second double secret key data waiting for transmission to be encrypted, and by the described data after encryption and described first cipher key delivery to service server;
Described service server receives the data after the encryption of described client transmission and the first key, and adopts the first key described in the 3rd default double secret key to be decrypted generation second key;
Described service server adopts the described decrypt data after described second key pair encryption, obtains described data.
Second aspect present invention provides the method for another kind of transfer of data, can comprise:
When client and service server carry out transfer of data, the first key that the client acquisition account information corresponding with described client is associated and the second key, described first key is encrypted the key of generation for adopting the second key described in the 3rd default double secret key;
Described client adopts described second double secret key data waiting for transmission to be encrypted;
Described client by encryption after described data and described first cipher key delivery to service server, to make described service server according to described first key and described the 3rd default key, to encryption after described decrypt data process.
Third aspect present invention provides the method for another transfer of data, can comprise:
When service server receives the data after the encryption of client transmission and the first key, described service server adopts the first key described in the 3rd default double secret key to be decrypted generation second key;
Described service server adopts the described decrypt data after described second key pair encryption, obtains described data.
Fourth aspect present invention provides a kind of client, can comprise:
Key Acquisition Module, for when client and service server carry out transfer of data, obtain the first key and the second key that the account information corresponding with client be associated, described first key is encrypted the key of generation for adopting the second key described in the 3rd double secret key preset;
Data encryption module, is encrypted for adopting described second double secret key data waiting for transmission;
Data key sending module, for by encryption after described data and described first cipher key delivery to service server, to make described service server according to described first key and described the 3rd default key, to encryption after described decrypt data process.
Fifth aspect present invention provides a kind of service server, can comprise:
Key-parsing module, for when receive client send encryption after data and the first key time, adopt preset the 3rd double secret key described in the first key be decrypted generation second key;
Data acquisition module, for adopting the described decrypt data after described second key pair encryption, obtains described data.
Sixth aspect present invention provides a kind of system of transfer of data, comprises service end that above-mentioned fourth aspect provides and the service server that above-mentioned 5th aspect provides.
Implement the embodiment of the present invention, there is following beneficial effect:
Only the first key is transmitted in data transmission procedure, the 3rd key preset can be ensured and the second key that user data carries out enciphering/deciphering is not exposed in the process of transfer of data, the person that avoids information stealth cracks user data by intercepting and capturing key, improve secure user data, due to the 3rd key preset be not exposed in the process of transfer of data the second key that user data carries out enciphering/deciphering, make all service servers can adopt the key of same enciphering/deciphering to the account information of identical user, without the need to carrying out multiple authentication to the identity of client, thus improve the efficiency of transfer of data, improve Consumer's Experience.
Accompanying drawing explanation
In order to be illustrated more clearly in the embodiment of the present invention or technical scheme of the prior art, be briefly described to the accompanying drawing used required in embodiment or description of the prior art below, apparently, accompanying drawing in the following describes is only some embodiments of the present invention, for those of ordinary skill in the art, under the prerequisite not paying creative work, other accompanying drawing can also be obtained according to these accompanying drawings.
Fig. 1 is the schematic flow sheet of the method for a kind of transfer of data that the embodiment of the present invention provides;
Fig. 2 is the schematic flow sheet of the method for the another kind of transfer of data that the embodiment of the present invention provides;
Fig. 3 is the schematic flow sheet of the method for another transfer of data that the embodiment of the present invention provides;
Fig. 4 is the schematic flow sheet of the method for another transfer of data that the embodiment of the present invention provides;
Fig. 5 is the schematic flow sheet of the method for another transfer of data that the embodiment of the present invention provides;
Fig. 6 is the structural representation of a kind of client that the embodiment of the present invention provides;
Fig. 7 is the structural representation of the another kind of client that the embodiment of the present invention provides;
Fig. 8 is the structural representation of a kind of service server that the embodiment of the present invention provides;
Fig. 9 is the mutual schematic diagram of the system of a kind of transfer of data that the embodiment of the present invention provides.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, be clearly and completely described the technical scheme in the embodiment of the present invention, obviously, described embodiment is only the present invention's part embodiment, instead of whole embodiments.Based on the embodiment in the present invention, those of ordinary skill in the art, not making the every other embodiment obtained under creative work prerequisite, belong to the scope of protection of the invention.
In embodiments of the present invention, client can comprise: PC(Personal Computer, personal computer), the terminal equipment such as panel computer, mobile phone, smart mobile phone, notebook computer; Client also can be the client modules in terminal equipment, such as: web(webpage) browser client, instant communication client etc.
The data transmission method that the embodiment of the present invention provides can be applied to client sends scene from request of data to service server, such as: client sends data request information to service server, the scene of the request to picture, music and video etc. can wherein be comprised; Also the scene of client upload data to service server can be applied to, such as: client upload file is to the scene etc. of service server; Client can also be applied to and send the scene of data by service server to other client, such as: client sends the scene etc. of instant chat information or transmission picture, music, video to other clients by service server.Described service server can be used for, for client provides miscellaneous service, including but not limited to: instant chat business, music services etc.; Described logon server can be used for for client provides the service of certification authority, and described client can carry out transfer of data with described service server by this certification authority.Wherein, client obtains the first key and second key of logon server transmission, and adopt the second double secret key to need the data of transmission to be encrypted, and by encryption after data and the first cipher key delivery to service server, after service server receives the data after the encryption of client transmission and the first key, the 3rd double secret key first key preset is adopted to be decrypted, obtain the second key, re-use the decrypt data after the second key pair encryption, obtain these data that client sends, can ensure when client and service server carry out transfer of data thus, the second key for the decrypt data to encryption is not exposed in transmitting procedure, ensure that the fail safe of data.
The second key related in the present embodiment can for logon server be when getting the account information that client sends, the key be associated with this account information generated voluntarily, first key can adopt the 3rd double secret key second key that be associated with this account information preset to be encrypted the key of generation for logon server, and the 3rd default key is exemplary all logon servers that power center manages to described AUC and the default key that all service servers send.
Below in conjunction with accompanying drawing 1-accompanying drawing 5, the method for the transfer of data that the embodiment of the present invention provides is described in detail.
Refer to Fig. 1, for embodiments providing a kind of schematic flow sheet of method of transfer of data.The present embodiment sets forth the idiographic flow of the method for transfer of data from client-side, the method can comprise the following steps S101-step S103.
S101, when client and service server carry out transfer of data, the first key that the client acquisition account information corresponding with described client is associated and the second key, described first key is encrypted the key of generation for adopting the second key described in the 3rd default double secret key;
Concrete, account information corresponding to described client can use client to carry out logging in used account information in logon server for user, such as: when using instant messenger, user can input registered account information in the client of this instant messenger, and the logon server that the described account information that user inputs by the client of this instant messenger is sent to this instant messenger logs in.
In this step, when carrying out transfer of data, the first key that the client acquisition account information corresponding with described client is associated and the second key.Wherein, client obtains the mode of the first key of being associated of the account information corresponding with described client and the second key and can be:
Described in described client logs during logon server, obtain described first key and the second key;
Or, described client, when logging in described logon server, obtains described first key and the second key, and by described first key and the second key storage in the buffer, when carrying out transfer of data, in the buffer memory of self, obtain described first key and the second key.
S102, described client adopts described second double secret key data waiting for transmission to be encrypted;
Concrete, described client adopts the data of the second double secret key band transmission obtained to be encrypted, preferably, the algorithm that encryption adopts can be TEA(Tiny Encryption Algorithm, block encryption algorithm) algorithm, described TEA algorithm is a kind of symmetric encipherment algorithm, adopts this algorithm enciphering/deciphering speed fast, and realizes simple.Certainly, the mode adopting TEA algorithm to be encrypted is only citing, and other encryption/decryption algorithm also can be used to be encrypted data waiting for transmission.
S103, described client by encryption after described data and described first cipher key delivery to service server, to make described service server according to described first key and described the 3rd default key, to encryption after described decrypt data process;
Concrete, described client by described first cipher key delivery of the described data after encryption and acquisition to service server.Described service server receives the described data after encryption and described first key, the first key described in the 3rd default double secret key is adopted to be decrypted acquisition second key, re-use the described decrypt data process after described second key pair encryption, obtain described data.
In embodiments of the present invention, only the first key is transmitted in data transmission procedure, the 3rd key preset can be ensured and the second key that user data carries out enciphering/deciphering is not exposed in the process of transfer of data, the person that avoids information stealth cracks user data by intercepting and capturing key, improve secure user data, due to the 3rd key preset be not exposed in the process of transfer of data the second key that user data carries out enciphering/deciphering, make all service servers can adopt the key of same enciphering/deciphering to the account information of identical user, without the need to carrying out multiple authentication to the identity of client, thus improve the efficiency of transfer of data, improve Consumer's Experience.
Refer to Fig. 2, for embodiments providing the schematic flow sheet of the method for another kind of transfer of data.The present embodiment sets forth the idiographic flow of the method for transfer of data from client-side, the method can comprise the following steps S201-step S205.
S201, when the account information that described client is corresponding carries out register, described client sends logging request to logon server, carrying account information corresponding to described client in described logging request, is that account information corresponding to described client arranges the first key and the second key that are associated to make described logon server;
Concrete, described register can input account information for user in client, and sends confirmation login instruction to client.Described client generates logging request according to the account information of correspondence, and described logging request is sent to logon server logs in, if described logon server has been verified account information corresponding to described client, the account information that then described logon server is corresponding according to described client generates described second key, and the 3rd default key can be adopted, based on TEA algorithm, generation first key is encrypted to described second key, the first key that the account information corresponding with described client is associated by described logon server and the second key are sent to described client.
It should be noted that, described TEA algorithm is a kind of symmetric encipherment algorithm, adopts this algorithm enciphering/deciphering speed fast, and realizes simple.Certainly, the mode adopting TEA algorithm to be encrypted is only citing, and also can adopt the 3rd default key, the encryption/decryption algorithm based on other is encrypted generation first key to described second key.
S202, described client receives the first key and the second key that the account information corresponding with described client that described logon server returns be associated;
Concrete, described client receives the first key and the second key that the account information corresponding with described client that described logon server sends be associated, and can by described first key and described second key storage in the buffer.
S203, when client and service server carry out transfer of data, the first key that the client acquisition account information corresponding with described client is associated and the second key, described first key is encrypted the key of generation for adopting the second key described in the 3rd default double secret key;
S204, described client adopts described second double secret key data waiting for transmission to be encrypted;
S205, described client by encryption after described data and described first cipher key delivery to service server, to make described service server according to described first key and described the 3rd default key, to encryption after described decrypt data process.
Wherein, step S203, S204 and S205 of the present embodiment can distinguish step S101, S102 and S103 of embodiment shown in Figure 1, do not repeat at this.
In embodiments of the present invention, only the first key is transmitted in data transmission procedure, the 3rd key preset can be ensured and the second key that user data carries out enciphering/deciphering is not exposed in the process of transfer of data, the person that avoids information stealth cracks user data by intercepting and capturing key, improve secure user data, due to the 3rd key preset be not exposed in the process of transfer of data the second key that user data carries out enciphering/deciphering, make all service servers can adopt the key of same enciphering/deciphering to the account information of identical user, without the need to carrying out multiple authentication to the identity of client, thus improve the efficiency of transfer of data, improve Consumer's Experience.
Refer to Fig. 3, for embodiments providing the schematic flow sheet of the method for another transfer of data.The present embodiment sets forth the idiographic flow of the method for transfer of data from business server side, the method can comprise the following steps S301-step S302.
S301, when service server receives the data after the encryption of client transmission and the first key, described service server adopts the first key described in the 3rd default double secret key to be decrypted generation second key;
Concrete, when service server and client carry out transfer of data, described service server receives described client the first key sent and the data used after the second secret key encryption, adopts the first key described in the 3rd default double secret key to be decrypted generation second key.
It should be noted that, described in the 3rd double secret key that employing is preset, the first key is decrypted the decipherment algorithm that generation second key uses, need to adopt the second key described in the 3rd double secret key preset to be encrypted the cryptographic algorithm that generation first key adopts based on logon server, such as: logon server adopts the 3rd key preset, based on TEA algorithm, generation first key is encrypted to described second key, then service server also needs to adopt the 3rd key preset, and is decrypted generation second key based on described TEA algorithm to described first key.Certainly, the mode adopting TEA algorithm to carry out enciphering/deciphering process is herein only citing.
S302, described service server adopts the described decrypt data after described second key pair encryption, obtains described data;
Concrete, the described decrypt data after described second key pair encryption that described service server obtains after adopting deciphering, obtains described data.
It should be noted that, need to be encrypted adopted algorithm based on client to described data to the algorithm of the described decrypt data process after encryption, such as: client is based on TEA algorithm, the second double secret key data waiting for transmission are adopted to be encrypted, then service server also needs based on TEA algorithm, adopts the described decrypt data that the second double secret key receives.Certainly, the mode adopting TEA algorithm to carry out enciphering/deciphering process is herein only citing.
In embodiments of the present invention, only the first key is transmitted in data transmission procedure, the 3rd key preset can be ensured and the second key that user data carries out enciphering/deciphering is not exposed in the process of transfer of data, the person that avoids information stealth cracks user data by intercepting and capturing key, improve secure user data, due to the 3rd key preset be not exposed in the process of transfer of data the second key that user data carries out enciphering/deciphering, make all service servers can adopt the key of same enciphering/deciphering to the account information of identical user, without the need to carrying out multiple authentication to the identity of client, thus improve the efficiency of transfer of data, improve Consumer's Experience.
Refer to Fig. 4, for embodiments providing the schematic flow sheet of the method for another transfer of data.The present embodiment is from the idiographic flow of the method for the mutual elaboration transfer of data of client and service server, and the method can comprise the following steps S401-step S404.
S401, when client and service server carry out transfer of data, the first key that the client acquisition account information corresponding with described client is associated and the second key, described first key is encrypted the key of generation for adopting the second key described in the 3rd default double secret key;
Concrete, account information corresponding to described client can use client to carry out logging in used account information in logon server for user, such as: when using instant messenger, user can input registered account information in the client of this instant messenger, and the logon server that the described account information that user inputs by the client of this instant messenger is sent to this instant messenger logs in.
In this step, when carrying out transfer of data, the first key that the client acquisition account information corresponding with described client is associated and the second key.Wherein, client obtains the mode of the first key of being associated of the account information corresponding with described client and the second key and can be:
Described in described client logs during logon server, obtain described first key and the second key;
Or, described client, when logging in described logon server, obtains described first key and the second key, and by described first key and the second key storage in the buffer, when carrying out transfer of data, in the buffer memory of self, obtain described first key and the second key.
S402, described client adopts described second double secret key data waiting for transmission to be encrypted, and by the described data after encryption and described first cipher key delivery to service server;
Concrete, described client adopts the data of the second double secret key band transmission obtained to be encrypted, preferably, the algorithm that encryption adopts can be TEA algorithm, described TEA algorithm is a kind of symmetric encipherment algorithm, adopts this algorithm enciphering/deciphering speed fast, and realizes simple.Certainly, the mode adopting TEA algorithm to be encrypted is only citing, and other encryption/decryption algorithm also can be used to be encrypted data waiting for transmission.Described client by the described data after encryption and described first cipher key delivery of acquisition to service server.
S403, described service server receives the data after the encryption of described client transmission and the first key, and adopts the first key described in the 3rd default double secret key to be decrypted generation second key;
Concrete, described service server receives described client the first key sent and the data used after the second secret key encryption, and described in the 3rd double secret key that employing is preset, the first key is decrypted generation second key.
It should be noted that, described in the 3rd double secret key that employing is preset, the first key is decrypted the decipherment algorithm that generation second key uses, need to adopt the second key described in the 3rd double secret key preset to be encrypted the cryptographic algorithm that generation first key adopts based on logon server, such as: logon server adopts the 3rd key preset, based on TEA algorithm, generation first key is encrypted to described second key, then service server also needs to adopt the 3rd key preset, and is decrypted generation second key based on described TEA algorithm to described first key.Certainly, the mode adopting TEA algorithm to carry out enciphering/deciphering process is herein only citing.
S404, described service server adopts the described decrypt data after described second key pair encryption, obtains described data;
Concrete, the described decrypt data after described second key pair encryption that described service server obtains after adopting deciphering, obtains described data.
It should be noted that, need to be encrypted adopted algorithm based on client to described data to the algorithm of the described decrypt data process after encryption, such as: client is based on TEA algorithm, the second double secret key data waiting for transmission are adopted to be encrypted, then service server also needs based on TEA algorithm, adopts the described decrypt data that the second double secret key receives.Certainly, the mode adopting TEA algorithm to carry out enciphering/deciphering process is herein only citing.
In embodiments of the present invention, only the first key is transmitted in data transmission procedure, the 3rd key preset can be ensured and the second key that user data carries out enciphering/deciphering is not exposed in the process of transfer of data, the person that avoids information stealth cracks user data by intercepting and capturing key, improve secure user data, due to the 3rd key preset be not exposed in the process of transfer of data the second key that user data carries out enciphering/deciphering, make all service servers can adopt the key of same enciphering/deciphering to the account information of identical user, without the need to carrying out multiple authentication to the identity of client, thus improve the efficiency of transfer of data, improve Consumer's Experience.
Refer to Fig. 5, for embodiments providing the schematic flow sheet of the method for another transfer of data.The present embodiment is from the idiographic flow of the method for the mutual elaboration transfer of data of client and service server, and the method can comprise the following steps S501-step S508.
S501, the 3rd key preset is sent to logon server and service server by AUC, and described logon server and described service server receive described the 3rd default key;
Concrete, AUC is for logon servers all in Unified Network and service server, 3rd key is set, the 3rd key preset is sent to described logon server and described service server by described AUC, described logon server and described service server receive described the 3rd default key, and preserve described the 3rd default key.
S502, when the account information that described client is corresponding carries out register, described client sends logging request to logon server, carries account information corresponding to described client in described logging request;
Concrete, described register can input account information for user in client, and sends confirmation login instruction to client.Described client generates logging request according to the account information of correspondence, and described logging request is sent to logon server logs in.
S503, described logon server is that account information corresponding to described client arranges the first key and the second key that are associated;
Concrete, if described logon server has been verified account information corresponding to described client, the account information that then described logon server is corresponding according to described client generates described second key, and the 3rd key preset that described AUC can be adopted to send, be encrypted generation first key based on TEA algorithm to described second key, the first key that the account information corresponding with described client is associated by described logon server and the second key are sent to described client.
It should be noted that, described TEA algorithm is a kind of symmetric encipherment algorithm, adopts this algorithm enciphering/deciphering speed fast, and realizes simple.Certainly, the mode adopting TEA algorithm to be encrypted is only citing, and also can adopt the 3rd default key, the encryption/decryption algorithm based on other is encrypted generation first key to described second key.
S504, described client receives the first key and the second key that the account information corresponding with described client that described logon server returns be associated;
Concrete, described client receives the first key and the second key that the account information corresponding with described client that described logon server sends be associated, and can by described first key and described second key storage in the buffer.
S505, when client and service server carry out transfer of data, the first key that the client acquisition account information corresponding with described client is associated and the second key, described first key is encrypted the key of generation for adopting the second key described in the 3rd default double secret key;
S506, described client adopts described second double secret key data waiting for transmission to be encrypted, and by the described data after encryption and described first cipher key delivery to service server;
S507, described service server receives the data after the encryption of described client transmission and the first key, and adopts the first key described in the 3rd default double secret key to be decrypted generation second key;
S508, described service server adopts the described decrypt data after described second key pair encryption, obtains described data.
Wherein, the step S505 of the present embodiment, S506, S507 and S508 can distinguish step S401, S402, S403 and S404 of embodiment shown in Figure 4, do not repeat at this.
In embodiments of the present invention, only the first key is transmitted in data transmission procedure, the 3rd key preset can be ensured and the second key that user data carries out enciphering/deciphering is not exposed in the process of transfer of data, the person that avoids information stealth cracks user data by intercepting and capturing key, improve secure user data, due to the 3rd key preset be not exposed in the process of transfer of data the second key that user data carries out enciphering/deciphering, make all service servers can adopt the key of same enciphering/deciphering to the account information of identical user, without the need to carrying out multiple authentication to the identity of client, thus improve the efficiency of transfer of data, improve Consumer's Experience.
Below in conjunction with accompanying drawing 6 and accompanying drawing 7, the client that the embodiment of the present invention provides is described in detail.It should be noted that, the client shown in accompanying drawing 6 and accompanying drawing 7, for performing Fig. 1 of the present invention and method embodiment illustrated in fig. 2, for convenience of explanation, illustrate only the part relevant to the embodiment of the present invention, concrete ins and outs do not disclose, and please refer to the embodiment shown in Fig. 1 and Fig. 2 of the present invention.
Refer to Fig. 6, for embodiments providing a kind of structural representation of client.As shown in Figure 6, the described client 1 of the embodiment of the present invention can comprise: Key Acquisition Module 11, data encryption module 12 and data key sending module 13.
Key Acquisition Module 11, for when carrying out transfer of data, obtains the first key and the second key that the account information corresponding with client be associated, and described first key is encrypted the key of generation for adopting the second key described in the 3rd double secret key preset;
In specific implementation, the account information of described client 1 correspondence can use client 1 to carry out logging in used account information in logon server for user, such as: when using instant messenger, user can input registered account information in the client of this instant messenger, and the logon server that the described account information that user inputs by the client of this instant messenger is sent to this instant messenger logs in.
When carrying out transfer of data, the first key that the described Key Acquisition Module 11 acquisition account information corresponding with described client 1 is associated and the second key.Wherein, described Key Acquisition Module 11 obtains the mode of the first key that the account information corresponding with described client 1 be associated and the second key and can be:
When described client 1 logs in described logon server, described Key Acquisition Module 11 obtains described first key and the second key;
Or, described client 1 is when logging in described logon server, described Key Acquisition Module 11 obtains described first key and the second key, and by described first key and the second key storage in the buffer memory of described client 1, when carrying out transfer of data, described Key Acquisition Module 11 obtains described first key and the second key in the buffer memory of described client 1.
Data encryption module 12, is encrypted for adopting described second double secret key data waiting for transmission;
In specific implementation, the data of the second double secret key band transmission that described data encryption module 12 adopts described Key Acquisition Module 11 to obtain are encrypted, preferably, the algorithm that encryption adopts can be TEA algorithm, described TEA algorithm is a kind of symmetric encipherment algorithm, adopt this algorithm enciphering/deciphering speed fast, and realize simple.Certainly, the mode adopting TEA algorithm to be encrypted is only citing, and other encryption/decryption algorithm also can be used to be encrypted data waiting for transmission.
Data key sending module 13, for by encryption after described data and described first cipher key delivery to service server, to make described service server according to described first key and described the 3rd default key, to encryption after described decrypt data process;
In specific implementation, described first cipher key delivery that the described data after encryption and described Key Acquisition Module 11 obtain by described data key sending module 13 is to service server.Described service server receives the described data after encryption and described first key, the first key described in the 3rd default double secret key is adopted to be decrypted acquisition second key, re-use the described decrypt data process after described second key pair encryption, obtain described data.
In embodiments of the present invention, only the first key is transmitted in data transmission procedure, the 3rd key preset can be ensured and the second key that user data carries out enciphering/deciphering is not exposed in the process of transfer of data, the person that avoids information stealth cracks user data by intercepting and capturing key, improve secure user data, due to the 3rd key preset be not exposed in the process of transfer of data the second key that user data carries out enciphering/deciphering, make all service servers can adopt the key of same enciphering/deciphering to the account information of identical user, without the need to carrying out multiple authentication to the identity of client, thus improve the efficiency of transfer of data, improve Consumer's Experience.
Refer to Fig. 7, for embodiments providing the structural representation of another kind of client.As shown in Figure 7, the described client 1 of the embodiment of the present invention can comprise: Key Acquisition Module 11, data encryption module 12, data key sending module 13, information sending module 14 and key reception module 15; Wherein, the structure of Key Acquisition Module 11, data encryption module 12 and data key sending module 13 can the associated description of embodiment shown in Figure 4, does not repeat at this.
Information sending module 14, when carrying out register for the account information corresponding when client, logging request is sent to logon server, carrying account information corresponding to described client in described logging request, is that account information corresponding to described client arranges the first key and the second key that are associated to make described logon server;
In specific implementation, described register can input account information for user in client 1, and sends confirmation login instruction to client 1.Described information sending module 14 generates logging request according to the account information of correspondence, and described logging request is sent to logon server logs in, if described logon server has been verified the account information of described client 1 correspondence, then described logon server generates described second key according to the account information of described client 1 correspondence, and the 3rd default key can be adopted, based on TEA algorithm, generation first key is encrypted to described second key, the first key that the account information corresponding with described client 1 is associated by described logon server and the second key are sent to described client 1.
It should be noted that, described TEA algorithm is a kind of symmetric encipherment algorithm, adopts this algorithm enciphering/deciphering speed fast, and realizes simple.Certainly, the mode adopting TEA algorithm to be encrypted is only citing, and also can adopt the 3rd default key, the encryption/decryption algorithm based on other is encrypted generation first key to described second key.
Key reception module 15, the first key that the account information corresponding with described client returned for receiving described logon server is associated and the second key;
In specific implementation, described key reception module 15 receives the first key that is associated of the account information corresponding with described client 1 and the second key that described logon server sends, and can by described first key and described second key storage in the buffer memory of described client 1.
In embodiments of the present invention, only the first key is transmitted in data transmission procedure, the 3rd key preset can be ensured and the second key that user data carries out enciphering/deciphering is not exposed in the process of transfer of data, the person that avoids information stealth cracks user data by intercepting and capturing key, improve secure user data, due to the 3rd key preset be not exposed in the process of transfer of data the second key that user data carries out enciphering/deciphering, make all service servers can adopt the key of same enciphering/deciphering to the account information of identical user, without the need to carrying out multiple authentication to the identity of client, thus improve the efficiency of transfer of data, improve Consumer's Experience.
Below in conjunction with accompanying drawing 8, the service server that the embodiment of the present invention provides is described in detail.It should be noted that, the service server shown in accompanying drawing 8, for performing the present invention's method embodiment illustrated in fig. 3, for convenience of explanation, illustrate only the part relevant to the embodiment of the present invention, concrete ins and outs do not disclose, and please refer to the embodiment shown in Fig. 3 of the present invention.
Refer to Fig. 8, for embodiments providing a kind of structural representation of service server.As shown in Figure 8, the described service server 2 of the embodiment of the present invention can comprise: key-parsing module 21 and data acquisition module 22.
Key-parsing module 21, for when receive client send encryption after data and the first key time, adopt preset the 3rd double secret key described in the first key be decrypted generation second key;
In specific implementation, when service server 2 carries out transfer of data with client, described key-parsing module 21 receives described client the first key sent and the data used after the second secret key encryption, adopts the first key described in the 3rd default double secret key to be decrypted generation second key.
It should be noted that, described in the 3rd double secret key that described key-parsing module 21 employing is preset, the first key is decrypted the decipherment algorithm that generation second key uses, need to adopt the second key described in the 3rd double secret key preset to be encrypted the cryptographic algorithm that generation first key adopts based on logon server, such as: logon server adopts the 3rd key preset, based on TEA algorithm, generation first key is encrypted to described second key, then described key-parsing module 21 also needs to adopt the 3rd key preset, based on described TEA algorithm, generation second key is decrypted to described first key.Certainly, the mode adopting TEA algorithm to carry out enciphering/deciphering process is herein only citing.
Data acquisition module 22, for adopting the described decrypt data after described second key pair encryption, obtains described data;
In specific implementation, the described decrypt data after described second key pair encryption that described data acquisition module 22 obtains after adopting deciphering, obtains described data.
It should be noted that, described data acquisition module 22 needs to be encrypted adopted algorithm based on client to described data to the algorithm of the described decrypt data process after encryption, such as: client is based on TEA algorithm, the second double secret key data waiting for transmission are adopted to be encrypted, then described data acquisition module 22 also needs based on TEA algorithm, adopts the described decrypt data that the second double secret key receives.Certainly, the mode adopting TEA algorithm to carry out enciphering/deciphering process is herein only citing.
In embodiments of the present invention, only the first key is transmitted in data transmission procedure, the 3rd key preset can be ensured and the second key that user data carries out enciphering/deciphering is not exposed in the process of transfer of data, the person that avoids information stealth cracks user data by intercepting and capturing key, improve secure user data, due to the 3rd key preset be not exposed in the process of transfer of data the second key that user data carries out enciphering/deciphering, make all service servers can adopt the key of same enciphering/deciphering to the account information of identical user, without the need to carrying out multiple authentication to the identity of client, thus improve the efficiency of transfer of data, improve Consumer's Experience.
The embodiment of the invention also discloses a kind of system of transfer of data, comprise Fig. 6 and embodiment illustrated in fig. 7 in client, also comprise embodiment illustrated in fig. 8 in service server.It should be noted that, the system of the transfer of data of the present embodiment can be applied in said method.
Refer to Fig. 9, for embodiments providing a kind of mutual schematic diagram of system of transfer of data.The implementation process of each hardware in the described system of the embodiment of the present invention to be described with an instantiation below in conjunction with Fig. 9.
Suppose that the first key is stkey, the second key is sessionkey, and the 3rd key is enkey, and data waiting for transmission are sext.The data transmission procedure of the embodiment of the present invention is as follows:
AUC sends to all logon servers of self-management and service server the enkey preset, when client uses corresponding account information to carry out register, described client sends the logging request carrying account information corresponding to described client to logon server, if described logon server has been verified account information corresponding to described client, the account information that then described logon server is corresponding according to described client generates sessionkey, and default enkey can be adopted to be encrypted generation stkey to sessionkey, sessionkey and stkey is sent to described client by described logon server, described client receives sessionkey and stkey, and sessionkey and stkey can be kept in the buffer memory of self.
When described client needs and service server carries out transfer of data, described client can obtain sessionkey and stkey in own cache, use sessionkey to be encrypted sext, and the sext after stkey and encryption is sent to described service server.
Described service server receives the stkey of described client transmission and the sext after encrypting, and first adopts default enkey to be decrypted stkey and generates sessionkey, re-use sessionkey and be decrypted the sext after encryption, acquisition sext.
In embodiments of the present invention, only the first key is transmitted in data transmission procedure, the 3rd key preset can be ensured and the second key that user data carries out enciphering/deciphering is not exposed in the process of transfer of data, the person that avoids information stealth cracks user data by intercepting and capturing key, improve secure user data, due to the 3rd key preset be not exposed in the process of transfer of data the second key that user data carries out enciphering/deciphering, make all service servers can adopt the key of same enciphering/deciphering to the account information of identical user, without the need to carrying out multiple authentication to the identity of client, thus improve the efficiency of transfer of data, improve Consumer's Experience.
One of ordinary skill in the art will appreciate that all or part of flow process realized in above-described embodiment method, that the hardware that can carry out instruction relevant by computer program has come, described program can be stored in a computer read/write memory medium, this program, when performing, can comprise the flow process of the embodiment as above-mentioned each side method.Wherein, described storage medium can be magnetic disc, CD, read-only store-memory body (Read-Only Memory, ROM) or random store-memory body (Random Access Memory, RAM) etc.
Above disclosedly be only present pre-ferred embodiments, certainly can not limit the interest field of the present invention with this, therefore according to the equivalent variations that the claims in the present invention are done, still belong to the scope that the present invention is contained.

Claims (14)

1. a method for transfer of data, is characterized in that, comprising:
When client and service server carry out transfer of data, the first key that the client acquisition account information corresponding with described client is associated and the second key, described first key is encrypted the key of generation for adopting the second key described in the 3rd default double secret key;
Described client adopts described second double secret key data waiting for transmission to be encrypted, and by the described data after encryption and described first cipher key delivery to service server;
Described service server receives the data after the encryption of described client transmission and the first key, and adopts the first key described in the 3rd default double secret key to be decrypted generation second key;
Described service server adopts the described decrypt data after described second key pair encryption, obtains described data.
2. method according to claim 1, is characterized in that, described in carry out transfer of data before, also comprise:
The 3rd key preset is sent to logon server and service server by AUC, and described logon server and described service server receive described the 3rd default key;
When the account information that described client is corresponding carries out register, described client sends logging request to logon server, carries account information corresponding to described client in described logging request;
Described logon server is that account information corresponding to described client arranges the first key and the second key that are associated;
Described client receives the first key and the second key that the account information corresponding with described client that described logon server returns be associated.
3. method according to claim 1 and 2, is characterized in that, described logon server is that account information corresponding to described client arranges the first key and the second key that are associated, comprising:
Described first key is the 3rd key preset that described logon server adopts AUC to send, and based on block encryption algorithm TEA algorithm, the second key is encrypted to the key of generation.
4. a method for transfer of data, is characterized in that, comprising:
When client and service server carry out transfer of data, the first key that the client acquisition account information corresponding with described client is associated and the second key, described first key is encrypted the key of generation for adopting the second key described in the 3rd default double secret key;
Described client adopts described second double secret key data waiting for transmission to be encrypted;
Described client by encryption after described data and described first cipher key delivery to service server, to make described service server according to described first key and described the 3rd default key, to encryption after described decrypt data process.
5. method according to claim 4, is characterized in that, described in carry out transfer of data before, also comprise:
When the account information that described client is corresponding carries out register, described client sends logging request to logon server, carrying account information corresponding to described client in described logging request, is that account information corresponding to described client arranges the first key and the second key that are associated to make described logon server;
Described client receives the first key and the second key that the account information corresponding with described client that described logon server returns be associated.
6. the method according to claim 4 or 5, is characterized in that, described first key is the 3rd key preset that logon server adopts AUC to send, and based on block encryption algorithm TEA algorithm, the second key is encrypted to the key of generation.
7. a method for transfer of data, is characterized in that, comprising:
When service server receives the data after the encryption of client transmission and the first key, described service server adopts the first key described in the 3rd default double secret key to be decrypted generation second key;
Described service server adopts the described decrypt data after described second key pair encryption, obtains described data.
8. method according to claim 7, is characterized in that, described first key is the 3rd key preset that logon server adopts AUC to send, and based on block encryption algorithm TEA algorithm, the second key is encrypted to the key of generation.
9. a client, is characterized in that, comprising:
Key Acquisition Module, for when client and service server carry out transfer of data, obtain the first key and the second key that the account information corresponding with client be associated, described first key is encrypted the key of generation for adopting the second key described in the 3rd double secret key preset;
Data encryption module, is encrypted for adopting described second double secret key data waiting for transmission;
Data key sending module, for by encryption after described data and described first cipher key delivery to service server, to make described service server according to described first key and described the 3rd default key, to encryption after described decrypt data process.
10. client according to claim 9, is characterized in that, also comprises:
Information sending module, when carrying out register for the account information corresponding when client, logging request is sent to logon server, carrying account information corresponding to described client in described logging request, is that account information corresponding to described client arranges the first key and the second key that are associated to make described logon server;
Key reception module, the first key that the account information corresponding with described client returned for receiving described logon server is associated and the second key.
11. clients according to claim 9 or 10, is characterized in that, described first key is the 3rd key preset that logon server adopts AUC to send, and based on block encryption algorithm TEA algorithm, the second key is encrypted to the key of generation.
12. 1 kinds of service servers, is characterized in that, comprising:
Key-parsing module, for when receive client send encryption after data and the first key time, adopt preset the 3rd double secret key described in the first key be decrypted generation second key;
Data acquisition module, for adopting the described decrypt data after described second key pair encryption, obtains described data.
13. service servers according to claim 12, is characterized in that, described first key is the 3rd key preset that logon server adopts AUC to send, and based on block encryption algorithm TEA algorithm, the second key is encrypted to the key of generation.
The system of 14. 1 kinds of transfer of data, is characterized in that, comprises the client as described in any one of claim 9-11 and the service server as described in claim 12 or 13.
CN201310282061.7A 2013-07-05 2013-07-05 Data transmission method, client side, server and system Pending CN104283680A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201310282061.7A CN104283680A (en) 2013-07-05 2013-07-05 Data transmission method, client side, server and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201310282061.7A CN104283680A (en) 2013-07-05 2013-07-05 Data transmission method, client side, server and system

Publications (1)

Publication Number Publication Date
CN104283680A true CN104283680A (en) 2015-01-14

Family

ID=52258193

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201310282061.7A Pending CN104283680A (en) 2013-07-05 2013-07-05 Data transmission method, client side, server and system

Country Status (1)

Country Link
CN (1) CN104283680A (en)

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104717213A (en) * 2015-03-05 2015-06-17 沈文策 Encryption and decryption method and system for network data transmission
CN106411580A (en) * 2016-09-14 2017-02-15 努比亚技术有限公司 Device management client and server, and device management methods
CN106549927A (en) * 2015-09-23 2017-03-29 阿里巴巴集团控股有限公司 Key preservation, acquisition methods and device
CN107437992A (en) * 2016-05-26 2017-12-05 聂际敏 Secure data storage system and method
CN108230503A (en) * 2017-12-29 2018-06-29 中国船舶重工集团公司第七八研究所 A kind of half network type apartment door-locking system based on Bluetooth door lock
CN109409045A (en) * 2018-09-21 2019-03-01 天津海泰方圆科技有限公司 Browser automated log on account number safety guard method and device
CN110266480A (en) * 2019-06-13 2019-09-20 腾讯科技(深圳)有限公司 Data transmission method, device and storage medium
CN111125732A (en) * 2019-12-13 2020-05-08 重庆中科云从科技有限公司 Data processing method, system, machine readable medium and equipment
CN114007106A (en) * 2021-12-15 2022-02-01 创盛视联数码科技(北京)有限公司 H5 video encryption playing method
CN114362934A (en) * 2021-12-20 2022-04-15 卓尔智联(武汉)研究院有限公司 Key generation method and device, electronic equipment and storage medium

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101103590A (en) * 2005-01-07 2008-01-09 Lg电子株式会社 Authentication method, encryption method, decryption method, cryptographic system and recording medium
CN101277297A (en) * 2007-03-26 2008-10-01 华为技术有限公司 Conversation control system and method
CN101075874B (en) * 2007-06-28 2010-06-02 腾讯科技(深圳)有限公司 Certifying method and system
CN101964793A (en) * 2010-10-08 2011-02-02 上海银联电子支付服务有限公司 Method and system for transmitting data between terminal and server and sign-in and payment method
CN101964805A (en) * 2010-10-28 2011-02-02 北京握奇数据系统有限公司 Method, equipment and system for safely sending and receiving data
CN102739687A (en) * 2012-07-09 2012-10-17 广州杰赛科技股份有限公司 Application service network access method and system based on identifier

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101103590A (en) * 2005-01-07 2008-01-09 Lg电子株式会社 Authentication method, encryption method, decryption method, cryptographic system and recording medium
CN101277297A (en) * 2007-03-26 2008-10-01 华为技术有限公司 Conversation control system and method
CN101075874B (en) * 2007-06-28 2010-06-02 腾讯科技(深圳)有限公司 Certifying method and system
CN101964793A (en) * 2010-10-08 2011-02-02 上海银联电子支付服务有限公司 Method and system for transmitting data between terminal and server and sign-in and payment method
CN101964805A (en) * 2010-10-28 2011-02-02 北京握奇数据系统有限公司 Method, equipment and system for safely sending and receiving data
CN102739687A (en) * 2012-07-09 2012-10-17 广州杰赛科技股份有限公司 Application service network access method and system based on identifier

Cited By (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104717213A (en) * 2015-03-05 2015-06-17 沈文策 Encryption and decryption method and system for network data transmission
CN106549927B (en) * 2015-09-23 2020-11-13 阿里巴巴集团控股有限公司 Key storage and acquisition method and device
CN106549927A (en) * 2015-09-23 2017-03-29 阿里巴巴集团控股有限公司 Key preservation, acquisition methods and device
CN107437992A (en) * 2016-05-26 2017-12-05 聂际敏 Secure data storage system and method
CN106411580A (en) * 2016-09-14 2017-02-15 努比亚技术有限公司 Device management client and server, and device management methods
CN108230503A (en) * 2017-12-29 2018-06-29 中国船舶重工集团公司第七八研究所 A kind of half network type apartment door-locking system based on Bluetooth door lock
CN109409045A (en) * 2018-09-21 2019-03-01 天津海泰方圆科技有限公司 Browser automated log on account number safety guard method and device
CN110266480A (en) * 2019-06-13 2019-09-20 腾讯科技(深圳)有限公司 Data transmission method, device and storage medium
CN110266480B (en) * 2019-06-13 2022-05-20 腾讯科技(深圳)有限公司 Data transmission method, device and storage medium
CN111125732A (en) * 2019-12-13 2020-05-08 重庆中科云从科技有限公司 Data processing method, system, machine readable medium and equipment
CN114007106A (en) * 2021-12-15 2022-02-01 创盛视联数码科技(北京)有限公司 H5 video encryption playing method
CN114007106B (en) * 2021-12-15 2023-11-10 创盛视联数码科技(北京)有限公司 H5 video encryption playing method
CN114362934A (en) * 2021-12-20 2022-04-15 卓尔智联(武汉)研究院有限公司 Key generation method and device, electronic equipment and storage medium

Similar Documents

Publication Publication Date Title
CN104283680A (en) Data transmission method, client side, server and system
US8966243B2 (en) Method and system for data encryption and decryption in data transmission through the web
CN104144049B (en) A kind of encryption communication method, system and device
US20190197252A1 (en) Geolocation-based encryption method and system
KR101508360B1 (en) Apparatus and method for transmitting data, and recording medium storing program for executing method of the same in computer
CN103428221B (en) Safe login method, system and device to Mobile solution
CN102055768B (en) Network logon method and system
JP2017521934A (en) Method of mutual verification between client and server
CN104378379B (en) A kind of digital content encrypted transmission method, equipment and system
CN103237305B (en) Password protection method for smart card on facing moving terminal
CN103179128B (en) Communication security enhancement agent system between Android platform browser and Website server
Borgohain et al. Authentication systems in internet of things
CN103327034A (en) Safe login method, system and device
CN103108037A (en) Communication method, Web server and Web communication system
CN102404337A (en) Data encryption method and device
CN112437044B (en) Instant messaging method and device
CN103618612A (en) Method and device for achieving single sign on of applications in terminal
CN104168565A (en) Method for controlling safe communication of intelligent terminal under undependable wireless network environment
CN105610847A (en) Method for supporting security transmission and exchange of electronic official documents of multiple exchange nodes
CN103716280A (en) Data transmission method, server and system
CN106031097A (en) Service processing method and device
Gill et al. Secure remote access to home automation networks
KR101760376B1 (en) Terminal and method for providing secure messenger service
CN103685239A (en) Real-time encryption and decryption system and real-time encryption and decryption method for mobile products
JP4924943B2 (en) Authenticated key exchange system, authenticated key exchange method and program

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20150114