CN109831457A - A kind of iOS application data transmission method - Google Patents
A kind of iOS application data transmission method Download PDFInfo
- Publication number
- CN109831457A CN109831457A CN201910198038.7A CN201910198038A CN109831457A CN 109831457 A CN109831457 A CN 109831457A CN 201910198038 A CN201910198038 A CN 201910198038A CN 109831457 A CN109831457 A CN 109831457A
- Authority
- CN
- China
- Prior art keywords
- secret key
- server end
- message
- log
- mobile terminal
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Abstract
The invention discloses a kind of iOS application data transmission methods, comprising: log-on message is carried out JSON serializing and encrypted to generate basic information identification code;Secondary encryption is carried out to basic information identification code and log-on message and is sent to server end;Server end generates new basic secret key and random secret key according to original basis secret key, timestamp and log-on message, stores and returns to the mobile terminal together with response message;When business datum is submitted in mobile terminal, is encrypted using the serializing string of new basic secret key pair basic information, encrypted using random secret key pair business datum;Server end generates new random secret key and returns to mobile terminal.By dynamically issuing basic secret key and basic information verifying, the safety that data are transmitted between mobile terminal and server end is effectively ensured, to avoid third party's malicious access, by dynamically issuing random secret key and setting effective time interval range, to prevent Replay Attack.
Description
Technical field
The present invention relates to mobile internet technical fields, are a kind of iOS application data transmission methods specifically.
Background technique
Mobile Internet it is booming also along with the continuous growth of network security threats, many mobile applications are being submitted
It is easy to be leaked the individual privacy of user by third-party malicious attack when request of data, threatens user account safety even wealth
Produce safety.Current many applications are symmetrically or non-symmetrically encrypted by preset fixed secret key pair user data, are then serviced
After device end receives encryption data, transmission data are obtained by similarly fixing secret key decryption, this improves number to a certain extent
According to transmission security, but it is in fact possible to user account, acquirement user's account are stolen by means such as reverse-engineering or Replay Attacks
Number operating rights.Therefore, the present invention provides the safer mobile application data safe transmission method of one kind and passes to be promoted using data
Defeated safety, to solve safety defect in the prior art.
Summary of the invention
The purpose of the present invention is to provide a kind of iOS application data transmission methods, for solving application end in the prior art
Using fixed key encryption, the server end problem not high with same fixed secret key ciphertext data transmission security.
The present invention is solved the above problems by following technical proposals:
A kind of iOS application data transmission method, comprising:
Step S100: obtaining log-on message, and the log-on message includes mobile application mark, system version number, moves and answer
JSON serializing is carried out with version number, and by log-on message and present system time stamp;
Step S200: it is encrypted using basic secret key pair serializing string described above, generates basic information identification code;
Step S300: being packaged the basic information identification code and log-on message according to data interface communication format,
And the data information obtained after secondary encryption is sent to server end;
Step S400: server end decrypts the data information to obtain basic information and log-on message, and server end is deposited
Store up the mobile application mark in log-on message, system version number and mobile application version number;
Step S500: server end generates new basis according to original basis secret key, present system time stamp and log-on message
Secret key and random secret key, return to the mobile terminal together with response message;
Step S600: when business datum is submitted in mobile terminal, believed using the new basic secret key pair basis that server end returns
The serializing string of breath is encrypted, and is encrypted using random secret key pair business datum, and encrypted data are committed to clothes
Business device end;
Step S700: the data that server end submits mobile terminal are decrypted to obtain basic information and business datum letter
Breath;
Step S800: server end according to new basic secret key, present system time stamp and log-on message generate it is new with
Secret spoon, and the mobile terminal is returned to together with response message, it is submitted for next business datum.
Further, the encryption number is turned to decode and be encrypted using Advanced Encryption Standard AES by Base64.
Compared with prior art, the present invention have the following advantages that and the utility model has the advantages that
Data transmission method of the present invention issues basic secret key and basic information verifying by dynamic, and shifting is effectively ensured
The safety that data are transmitted between moved end and server end, to avoid third party's malicious access, by dynamically issuing random secret key
With set effective time interval range, to prevent Replay Attack.
Detailed description of the invention
Fig. 1 is flow chart of the invention.
Specific embodiment
The present invention is described in further detail below with reference to embodiment, embodiments of the present invention are not limited thereto.
Embodiment 1:
In conjunction with shown in attached drawing 1, a kind of iOS application data transmission method, comprising the following steps:
Step 101, user obtains login relevant to mobile device in mobile terminal login or automated log on application program
Information, log-on message include user's login account, password, mobile application mark, and system version number, mobile application version number steps on
Record information and present system time stab and carry out JSON serializing;Mobile application mark is generated by mobile terminal, and is stored in
System key string, when use, directly read from key chain;
Step 102, it is encrypted using the serializing string of JSON described in basic secret key pair, generates basic information identification code;Base
Plinth secret key dynamically issues after being logged in by server end, and is stored in system key string, and when use directly reads from key chain;
Step 103, the basic information identification code and log-on message are packaged and are carried out according to data-interface format
Then encrypted data information is sent to server end by secondary encryption;
Step 104, server end is decrypted to obtain basic information and step on after getting the encryption data that mobile terminal is sent
Information is recorded, and stores mobile application mark, system version number and mobile application version number;Verifying user's login account and password are
It is no correct, it is incorrect, mobile terminal new basic secret key and random secret key are updated and be handed down to, prompts user to log in again, correctly
Then proceed to respond to;
Step 105, server end is according to original basis secret key, and timestamp and log-on message generate new basic secret key and random
Secret key stores new basic secret key and random secret key and returns to mobile terminal together with response message;Random secret key is by server
End is submitted according to business needs dynamic to issue, and is stored in system key string, and when use directly reads from key chain;
Step 106, when business datum is submitted in mobile terminal, the basic secret key pair basic information that is returned using server end
JSON serializing string is encrypted, and is encrypted using random secret key pair business datum, and encryption data is committed to server
End;
In step 103 and 106, server end verify mobile terminal send timestamp validity, in vain then update and under
Mobile terminal new basic secret key and random secret key are issued, prompts user to resubmit, effectively then proceeds to respond to;
Step 107, server end is decrypted to obtain basic information and industry after getting the encryption data that mobile terminal is sent
Business data information;According to the mobile application mark for getting mobile terminal transmission after the decryption of basic secret key, system version number and movement
Application version number, whether verifying and the data that server end saves are consistent, if inconsistent, store new information and return to movement
End asks user to log in again;
Step 108, server end generates new random secret key according to basic secret key, timestamp and account information, and storage is simultaneously
Mobile terminal is returned to together with response message, is submitted for next business datum.
Further, when mobile terminal and server end carry out data communication, transcoding is carried out to data by Base64 and is adopted
It is encrypted with AES encryption algorithm, after received server-side information, is decrypted and decodes acquisition related data information, wherein
Basic secret key and random secret key used in encryption and decryption are generated by server end, are stored and are issued.
Although reference be made herein to invention has been described for explanatory embodiment of the invention, and above-described embodiment is only this hair
Bright preferable embodiment, embodiment of the present invention are not limited by the above embodiments, it should be appreciated that those skilled in the art
Member can be designed that a lot of other modification and implementations, these modifications and implementations will fall in principle disclosed in the present application
Within scope and spirit.
Claims (2)
1. a kind of iOS application data transmission method characterized by comprising
Step S100: log-on message is obtained, the log-on message includes mobile application mark, system version number, mobile application version
This number, and log-on message and present system time stamp are subjected to JSON serializing;
Step S200: it is encrypted using basic secret key pair serializing string described above, generates basic information identification code;
Step S300: being packaged the basic information identification code and log-on message according to data interface communication format, and will
The data information obtained after secondary encryption is sent to server end;
Step S400: server end decrypts the data information to obtain basic information and log-on message, and server end storage is stepped on
Record the mobile application mark in information, system version number and mobile application version number;
Step S500: server end generates new basic secret key according to original basis secret key, present system time stamp and log-on message
With random secret key, the mobile terminal is returned to together with response message;
Step S600: when business datum is submitted in mobile terminal, the new basic secret key pair basic information that is returned using server end
Serializing string is encrypted, and is encrypted using random secret key pair business datum, and encrypted data are committed to server
End;
Step S700: the data that server end submits mobile terminal are decrypted to obtain basic information and service data information;
Step S800: server end generates new with secret according to new basic secret key, present system time stamp and log-on message
Spoon, and the mobile terminal is returned to together with response message, it is submitted for next business datum.
2. a kind of iOS application data transmission method according to claim 1, which is characterized in that the encryption number passes through
Base64 is turned to decode and be encrypted using Advanced Encryption Standard AES.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910198038.7A CN109831457B (en) | 2019-03-15 | 2019-03-15 | iOS application data transmission method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910198038.7A CN109831457B (en) | 2019-03-15 | 2019-03-15 | iOS application data transmission method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109831457A true CN109831457A (en) | 2019-05-31 |
| CN109831457B CN109831457B (en) | 2020-03-17 |
Family
ID=66870195
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910198038.7A Active CN109831457B (en) | 2019-03-15 | 2019-03-15 | iOS application data transmission method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109831457B (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR20130077171A (en) * | 2011-12-29 | 2013-07-09 | 고려대학교 산학협력단 | Authentication method between server and device |
| CN104408177A (en) * | 2014-12-15 | 2015-03-11 | 西安电子科技大学 | Cipher searching method based on cloud document system |
| WO2017009714A1 (en) * | 2015-07-15 | 2017-01-19 | Alcatel Lucent | Establishing a temporary subscription with isolated e-utran network |
| CN107181714A (en) * | 2016-03-09 | 2017-09-19 | 阿里巴巴集团控股有限公司 | Verification method and device, the generation method of service code and device based on service code |
-
2019
- 2019-03-15 CN CN201910198038.7A patent/CN109831457B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR20130077171A (en) * | 2011-12-29 | 2013-07-09 | 고려대학교 산학협력단 | Authentication method between server and device |
| CN104408177A (en) * | 2014-12-15 | 2015-03-11 | 西安电子科技大学 | Cipher searching method based on cloud document system |
| WO2017009714A1 (en) * | 2015-07-15 | 2017-01-19 | Alcatel Lucent | Establishing a temporary subscription with isolated e-utran network |
| CN107181714A (en) * | 2016-03-09 | 2017-09-19 | 阿里巴巴集团控股有限公司 | Verification method and device, the generation method of service code and device based on service code |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109831457B (en) | 2020-03-17 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106304074B (en) | Auth method and system towards mobile subscriber | |
| CN104065621B (en) | A kind of auth method of third party's service, client and system | |
| KR100721522B1 (en) | Method for providing location based service using location token | |
| CN109618326A (en) | User's dynamic identifier generation method and service registration method, login validation method | |
| CN108347428B (en) | Registration system, method and device of application program based on block chain | |
| CN103188221A (en) | Application login method, application login device and mobile terminal | |
| CN106230838A (en) | A kind of third-party application accesses the method and apparatus of resource | |
| CN108809936B (en) | Intelligent mobile terminal identity verification method based on hybrid encryption algorithm and implementation system thereof | |
| CN102624740A (en) | Data interaction method, client and server | |
| CN105491073B (en) | Data downloading method, device and system | |
| CN108712382A (en) | A kind of authentication method and system of the digital identity based on safe Quick Response Code | |
| JP2006079598A (en) | Access control system, access control method, and access control program | |
| JP4778250B2 (en) | Content distribution system and method, and program | |
| CN112861157A (en) | Data sharing method based on decentralized identity and proxy re-encryption | |
| CN104463584A (en) | Method for achieving mobile terminal App safety payment | |
| CN109862009A (en) | A kind of client identity method of calibration and device | |
| CN108768938B (en) | A kind of web data encryption and decryption method and device | |
| CN109873818A (en) | A kind of method and system preventing unauthorized access server | |
| CN109905376A (en) | A kind of method and system preventing unauthorized access server | |
| CN104243435A (en) | Communication method for HTTP based on OAuth | |
| CN110807210B (en) | Information processing method, platform, system and computer storage medium | |
| KR20090012013A (en) | Method and system for providing mutual authentication using kerberos | |
| CN109460647B (en) | Multi-device secure login method | |
| CN116346423A (en) | Client data multiple encryption system and method in intelligent Internet of things energy system | |
| CN109831457A (en) | A kind of iOS application data transmission method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |