CN109962767A - A kind of safety communicating method - Google Patents
A kind of safety communicating method Download PDFInfo
- Publication number
- CN109962767A CN109962767A CN201711417537.8A CN201711417537A CN109962767A CN 109962767 A CN109962767 A CN 109962767A CN 201711417537 A CN201711417537 A CN 201711417537A CN 109962767 A CN109962767 A CN 109962767A
- Authority
- CN
- China
- Prior art keywords
- key
- encryption
- value field
- field
- message
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/045—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply hybrid encryption, i.e. combination of symmetric and asymmetric encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/123—Applying verification of the received information received data contents, e.g. message integrity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/14—Session management
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0643—Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0822—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
Abstract
The present invention provides a kind of safety communicating methods, it include: to be utilized respectively first key and second the first preset content of key pair carries out encryption and generate first value field and second is examined to examine value field, first code key is the encryption key after public key encryption, and the second code key is the encryption key after the corresponding private key decryption of the public key;If described first examines value field to examine value field identical with described second, session key is generated;It is utilized respectively third key and the 4th the second preset content of key pair carries out encryption and generates third inspection value field and the 4th inspection value field, third code key is the session key after the encryption keys, and the 4th code key is the session key after the encryption key decryption;If the third examines value field to examine value field identical with the described 4th, communicated using the session key.The present invention can ensure the communication security in communication process.
Description
Technical field
The present invention relates to internet security technical fields, and in particular to a kind of safety communicating method.
Background technique
With the fast development of mobile Internet tide, more and more scenes and service by being transferred on line under line,
Therefore how the data interaction demand for also having expedited the emergence of a large amount of mobile client and server-side guarantees data security at the same time
Transmitting between the ends become a urgent problem needed to be solved.Although some APP productions are completed with https agreement at present
The transmitting of data, this to a certain extent ensure that the safety of data transmission, but itself solve or channel security
Problem can not set foot in the safety of the message content of transmission;On the other hand, due to the purchase, deployment and application of https certificate
For exploitation increase certain workload and difficulty, therefore in the market overwhelming majority APP and server still use it is traditional
Http communication protocol, this is exposed to transmitting message arbitrarily in the form of plaintext in unsafe network environment very much, black
Visitor even slightly experienced developer can obtain these message datas by packet capturing, so as to intercept, usurp easily
Change or resets message to realize the unlawful profit-makings behaviors such as it steals user information, fake user is operated, gains user's wealth by cheating.
It can be seen that most important to Content of Communication progress safety encryption, existing some message encryption means have following
It is several: one, using asymmetric cryptography, that is, public key encryption is used, private key decryption, such case encryption/decryption speed is slow, and server-side
If encrypting its message for issuing client, needs each client to generate a pair of public and private key, safeguard and update at high cost;
Two, using symmetric cryptography, i.e. client and server-side carries out encryption and decryption, this way encryption/decryption speed using the same key
Fastly, but all there is the risk being stolen in the transmission of the key and preservation;Three, the certain fields of message are carried out using hash algorithm
Signature, this can only guarantee the integrality of message, and recipient is allowed to know that message is not tampered with, and not can guarantee message content
It is stolen by others.
It would therefore be highly desirable to need a kind of more safety and perfect mode to guarantee the Content of Communication peace of client and server-side
Entirely.
Summary of the invention
In view of the above technical problems, the present invention provides the safety communicating method that a kind of pair of Content of Communication is encrypted.
The technical solution adopted by the present invention are as follows:
The embodiment of the present invention provides a kind of safety communicating method, comprising: is utilized respectively first key and the second key pair
One preset content, which encrypt, generates the first inspection value field and the second inspection value field, and the first code key is adding after public key encryption
Key, the second code key are the encryption key after the corresponding private key decryption of the public key;If described first examines value field and institute
It is identical to state the second inspection value field, then generates session key;It is utilized respectively third key and the 4th the second preset content of key pair
It carries out encryption and generates third inspection value field and the 4th inspection value field, third code key is the session after the encryption keys
Key, the 4th code key are the session key after the encryption key decryption;If the third examines value field and the 4th inspection
It is identical to test value field, then is communicated using the session key.
Optionally, close using the session if the third examines value field to examine value field identical with the described 4th
Key carries out communication and specifically includes: being added the whole needed in the message sent or critical field using the session key
It is close;All message field (MFLD)s splice according to preset rules and obtain the first preset characters finally splicing the session key
String;According to the first preset characters string, the second preset characters string is generated;According to the first preset characters string and the second predetermined word
Symbol string, is communicated.
Optionally, according to the first preset characters string, generating the second preset characters string includes: to calculate first preset characters
The cryptographic Hash of string, and cryptographic Hash calculated is filled into the sign field in message;By in the message in addition to sign field
Other fields according to the preset rules carry out splice and obtain the second preset characters string finally splicing the session key.
Optionally, according to the first preset characters string and the second preset characters string, carrying out communication includes: described in calculating
The cryptographic Hash of second preset characters string;If the cryptographic Hash of the first preset characters string and the Kazakhstan for stating the second preset characters string
Uncommon value is consistent, then encrypted message field (MFLD) is decrypted using the session key.
Optionally, the public key and private key are updated according to the preset update cycle;The encryption and decryption of the session key
Using 3DES, AES and SM4 algorithm;The encryption and decryption of the encryption key uses RSA, SM2 algorithm.
Optionally, the encryption and decryption of the message field (MFLD) uses 3DES, AES and SM4 algorithm.
Optionally, described first examine value field, described second that value field, the third is examined to examine value field and described
4th examines the byte number of value field for 8 0x00.
Optionally, the cryptographic Hash is obtained by one-way hash function.
Optionally, it is described according to preset rules carry out splicing include sorting from small to large according to parameter name ASCII character, use
The format of URL key-value pair is spliced.
Safety communicating method provided in an embodiment of the present invention encrypts encryption key using public key, then utilizes private
Encryption key is decrypted in key, using encryption key come encryption and decryption session key, and verifies, is verifying to session key
Encryption and decryption is carried out to the message field (MFLD) in communication process using the session key after qualification and signature prolongs label, by this asymmetric
Encrypt the mixed encryption method that combines with symmetric cryptography, can play two class cryptographic algorithms to from the advantages of, evade respective
Deficiency guarantees confidentiality and integrity of the data in transmission process, communication message can be prevented to be stolen in transmission process
With distort.
Detailed description of the invention
Fig. 1 is the flow diagram that the session key of safety communicating method provided in an embodiment of the present invention determines;
Fig. 2 is the specific example figure that the session key of safety communicating method provided in an embodiment of the present invention determines;
Fig. 3 is the process signal of safety communicating method provided in an embodiment of the present invention communicated using session key
Figure;
Fig. 4 is the specific example of safety communicating method provided in an embodiment of the present invention communicated using session key
Figure.
Specific embodiment
To keep the technical problem to be solved in the present invention, technical solution and advantage clearer, below in conjunction with attached drawing and tool
Body embodiment is described in detail.
Safety communicating method provided by the invention, for the secure communication between server-side and client, client can be extremely
It is less 1.
In the present invention, server-side is for generating and session key and public and private key used in the communication process of client
It is right, wherein session key is sent to corresponding client according to the solicited message that each client is sent, which is used for
Encryption and decryption is carried out to business datum involved in communication process;The public key of public private key pair can be pre-assigned to each client, phase
The private key answered then is stored in server-side, such as is stored in the associated server of server-side, what public key was used to generate client
Encryption key is encrypted, and private key is then decrypted encryption key.Specifically, pseudo-random number generator can be used in server-side
The random number for generating certain length, as session key KEY, for example, the random number that client generates 16 bytes is bright as KEY
Text changes into 32 hexadecimal characters [0-9A-F], carries out encryption for the message that client sends it and terminates to from service
The message of receipts is decrypted;And the message sent for server-side to it carries out encryption and carries out to from the received message of client
Decryption.Symmetric cryptographic technique can be used to carry out encryption and decryption to the message sent in communication process using session key, the present invention is not
Specific symmetric cryptographic algorithm is limited, the safety recognized extensively it is preferable to employ the world is secure as 3DES, AES and SM4 are calculated
Method etc., and the length of the random number of the certain length should meet cryptographic algorithm requirement used;Message is added in the present invention
Decryption can be and carry out encryption and decryption to whole messages, is also possible to the key in message or is related to the need for confidentiality such as privacy
Field carries out encryption and decryption.The public key of the public private key pair of generation can be generated certificate and is preset in each client-side program by server-side,
Such as public key can be sent to client by way of interface, the encryption key KEK generated for client to it adds
Close, then server-side goes decryption to obtain this KEK using corresponding private key, to carry out subsequent communication process.Public private key pair
Asymmetric cryptographic algorithm can be used, and asymmetric cryptographic algorithm can be used, the encryption key that client generates is carried out plus solved
It is close, the unlimited fixture body asymmetric cryptographic algorithm of the present invention, the safety recognized extensively it is preferable to employ the world it is secure as
RSA, SM2 algorithm etc..It in embodiments of the present invention, is guarantee key safety, server-side generation public private key pair should have certain
Update mechanism needs to be updated according to the preset update cycle, the specific update cycle can determine according to the actual situation,
The present invention does not do and particularly limits.
In the present invention, client for generates and the communication process of server-side used in encryption key, the encryption is close
The session key that key is used to generate server-side carries out encryption and decryption.Specifically, pseudo-random number generator can be used to generate for client
The random number of certain length turns as encryption key KEK for example, client generates the random number of 16 bytes as KEK plaintext
At 32 hexadecimal characters [0-9A-F], the session key that it is generated is encrypted to server-side, to guarantee server-side
Session key is passed to client by safety, and session key is decrypted for client.Symmetric cryptographic technique can be used
The encryption key is utilized to carry out encryption and decryption to session key, the unlimited fixture body symmetric cryptographic algorithm of the present invention, it is preferable to employ states
Secure such as 3DES, AES and SM4 algorithm of the safety that border recognizes extensively, and the length of the random number of the certain length
Cryptographic algorithm requirement used should be met.
In the present invention, for client to during server-side queued session key KEY, client is sent to the report of server-side
Text and server-side are returned in the message of client and should be all sent to comprising check value checkvalue field, value in client
In the message of server-side for using encryption key KEK to a certain character string that both ends are appointed encrypted as a result, server-side
After obtaining encryption key KEK, by carrying out comparison encryption result and field after similarly encrypting to above-mentioned agreement character string
Whether content unanimously determines whether message is tampered, if being tampered, the KEK is invalid;Client is returned in server-side
Field checkvalue value in message be session key KEY to a certain character string that both ends are appointed encrypted as a result,
Client after obtaining session key KEY, by above-mentioned agreement character string carry out similarly encrypt after comparison encryption result with
Whether the field contents unanimously determine whether message is tampered, if being tampered, the KEY is invalid.In addition, in the present invention,
After client and server-side begin to use determining session key KEY to carry out message encryption, message should include signature sign word
Section, value are to splice to every other field according to certain rule, and affix session key KEY forms final character string,
The cryptographic Hash that can be used one-way hash function that the character string is calculated, both ends are after receiving message to message field (MFLD) with same
The mode of sample calculates cryptographic Hash, and compare with the sign field in message, determines whether message is tampered with this.
Server-side and client specifically communicate the safety communicating method that can be provided through the invention.Hereinafter, to the present invention
The safety communicating method of offer is introduced.
Fig. 1 is the flow diagram that the session key of safety communicating method provided in an embodiment of the present invention determines.Such as Fig. 1 institute
Show, safety communicating method provided by the invention the following steps are included:
S110, it is utilized respectively first key and second the first preset content of key pair carries out encryption and generates the first test value word
Section and second examines value field, and the first code key is the encryption key after public key encryption, and the second code key is the corresponding private of the public key
Encryption key after key decryption.
If S120, described first examine value field to examine value field identical with described second, session key is generated.
S130, it is utilized respectively third key and the 4th the second preset content of key pair carries out encryption and generates third test value word
Section and the 4th examines value field, and third code key is the session key after the encryption keys, and the 4th code key is the encryption
Session key after key decryption.
If S140, the third examine value field to examine value field identical with the described 4th, the session key is utilized
It is communicated.
Above-mentioned steps step S110 to S140 is used to determine session used in the symmetrical encryption and decryption in subsequent packet communication
Key KEY.Asymmetric arithmetic generation, the unlimited fixture body asymmetric cryptography of the present invention can be used in public key and private key in above-mentioned steps
Algorithm, it is preferable to employ secure such as RSA, SM2 algorithms of safety that the world recognizes extensively;In addition, public key and private key can
It is updated according to the preset update cycle, to ensure communication security;Session key and encryption key can pass through presetting digit capacity
Generating random number, such as the random number of 16 bytes is used in plain text, to change into 32 hexadecimal character [0-9A- as KEY and KEK
F], symmetric cryptographic technique can be used to carry out encryption and decryption for the encryption and decryption of session key and the encryption and decryption of encryption key, and the present invention is not
Specific symmetric cryptographic algorithm is limited, the safety recognized extensively it is preferable to employ the world is secure as 3DES, AES and SM4 are calculated
Method etc..Described first examines value field, described second that value field, the third is examined to examine value field and the 4th test value
The byte number of field can be 8 0x00.
In a specific example, above-mentioned steps S110 to S140 can be by the process that client and server-side are shaken hands come real
It is existing, as shown in Fig. 2, determining that session key may particularly include following steps by the handshake procedure of client and server-side:
Step 1: client generates the random number of certain digit, i.e. encryption key with pseudo-random number generator first
The length of KEK, random number are determined by the symmetric cryptographic algorithm that client and server-side are arranged, such as use the random number of 16 bytes
In plain text as KEY and KEK, 32 hexadecimal characters [0-9A-F] are changed into.
Step 2: client carries out asymmetric encryption to KEK with the public key certificate that server-side is built into client, encryption is calculated
Method is reached an agreement on by client and server-side, such as 3DES encryption algorithm can be used;Then client recycles KEK to preset one section
Content carries out encryption and generates test value checkvalue field, which is that client is consulted to decide with server-side, and such as 8
0x00。
Step 3: checkvalue field and KEK ciphertext and other Optional Fields that client generates step 2 are sent out
Give server-side.
Step 4: server-side carries out received KEK ciphertext using its corresponding private key for being handed down to the public key of client
Decryption obtains KEK in plain text, then adopts and carries out encryption generation test value to the one section of content appointed with KEK in a like fashion
Checkvalue field.
Step 5: server-side compares the checkvalue field of their own calculating and receives from client
Whether checkvalue field is identical, if it is different, then indicating message, there are error of transmission or the risks being tampered, therefore terminate
This process;If identical, continue next step.
Step 6: in the mode similar with step 1, server-side generated with pseudo-random number generator certain digit with
The length of machine number, i.e. session key KEY, random number is determined by the symmetric cryptographic algorithm that client and server-side are arranged, such as is made
The random number of 16 bytes is used in plain text, to change into 32 hexadecimal characters [0-9A-F] as KEY and KEK.
Step 7: server-side carries out symmetric cryptography to KEY using the KEK got from client, Encryption Algorithm is by client
End is reached an agreement on server-side, such as 3DES encryption algorithm can be used;Then encryption generation is carried out to preset one section of content with KEY again
Test value checkvalue field, the content are that client is consulted to decide with server-side, such as 8 0x00.
Step 8: checkvalue field and KEY ciphertext and other Optional Fields that server-side generates step 7 are sent out
Give client.
Step 9: the KEK that client is generated using it is decrypted to obtain KEY in plain text to KEY ciphertext, then using identical
Mode with KEY to the one section of content appointed carry out encryption generate test value checkvalue field, for example, by using 3DES into
Row encryption.
Step 10: client compares the checkvalue field of their own calculating and receives from server-side
Whether checkvalue field is identical, if it is different, then indicating message, there are error of transmission or the risks being tampered, therefore terminate
This process;If identical, continue next step.
Step 11: client is finally obtained the symmetric cryptography session key that message encryption and decryption is used by shaking hands, visitor
Family end saves the session key, for use in subsequent communications.
Further, as shown in figure 3, step S140 may particularly include:
S141, the whole needed in the message sent or critical field are encrypted using the session key.
S142, all message field (MFLD)s are subjected to splicing according to preset rules and obtain the finally splicing the session key
One preset characters string.
S143, according to the first preset characters string, generate the second preset characters string.
S144, according to the first preset characters string and the second preset characters string, communicated.
Further, step S143 is specifically included: calculating the cryptographic Hash of the first preset characters string, and will be calculated
Cryptographic Hash is filled into the sign field in message;By other fields in the message in addition to sign field according to the default rule
It then carries out splicing and obtains the second preset characters string finally splicing the session key.
Further, step S144 is specifically included: calculating the cryptographic Hash of the second preset characters string;If described first is pre-
If the cryptographic Hash of character string is consistent with the cryptographic Hash for stating the second preset characters string, then using the session key to encrypted
Message field (MFLD) be decrypted.
Above-mentioned steps S141 to S144 is used to be communicated using the session key that step S110 to S140 is determined.Step
The cryptographic Hash of S143 and S144 can be obtained by one-way hash function, and the present invention is not intended to limit the specific calculation of one-way hash function
Method, it is preferable to employ secure such as MD5, SHA-1, SHA-256 and SM3 algorithms of safety that the world recognizes extensively.Step
3DES, AES and SM4 can be used to the algorithm that message field (MFLD) is encrypted and decrypted using session key in S141 and step S144
Algorithm.It is described according to preset rules carry out splicing include sorting from small to large according to parameter name ASCII character, use URL key-value pair
Format spliced.
In a specific example, client and server-side can be realized using the session key of above-mentioned steps determination each other it
Between message communication, client and server-side carry out message encryption and decryption to guarantee confidentiality, by report by session key KEY
Text section splices and does signature and prolong label to ensure message integrality, as shown in figure 4, carrying out communication using session key can be specific
The following steps are included:
First step, client need to send business datum to server-side, and client in step S140 using obtaining at this time
KEY in message whole or critical field encrypt, cipher mode is consulted to decide with server-side, for example, can be used 3DES
Encryption Algorithm;Then client will need all message field (MFLD)s sent to splice according to preset rules, such as according to parameter name
ASCII character sorts (lexcographical order) from small to large, uses format (the i.e. key1=value1&key2=of URL key-value pair
Value2 ...) it is spliced into character string stringA, and finally splice KEY in stringA and obtain a certain character string such as
StringSignTemp character string, then calculates cryptographic Hash to the character string, and used hash algorithm is determined with server-side negotiation
It is fixed, such as operation is carried out to stringSignTemp using SHA-256 algorithm, and increase sign field in messages, by operation
As a result and the cryptographic Hash of calculating is filled into the value of sign field.
Second step, by treated, service message is sent to server-side to client.
Third step, server-side receive client send service message and by message in addition to sign field other fields
Spliced and calculated the cryptographic Hash sign of spliced character string in a manner of identical with first step.
Whether four steps, server-side compare the cryptographic Hash value of its calculating and the message cryptographic Hash value that receives from client
Unanimously, if it is inconsistent, indicating the possible loading error occurring of message or being tampered, therefore, it is considered that this time communicating in vain, mistake is returned to
False information terminates process;Otherwise, next step is gone to.
5th step, server-side are prolonged label to message and are passed through, therefore are decrypted with message field (MFLD) of the KEY to encryption, thus
The clear data that client wants will be sent to server-side has been obtained, has this time been communicated successfully.
Further, it should be noted that above-mentioned steps are clients to server-side transmission business datum, if server-side has industry
The process that business data need to be sent to client, communication process and client to server-side transmission business datum is completely the same, is
It avoids repeating, this is discussed in detail in omission.
Embodiment described above, only a specific embodiment of the invention, to illustrate technical solution of the present invention, rather than
It is limited, scope of protection of the present invention is not limited thereto, although having carried out with reference to the foregoing embodiments to the present invention detailed
Illustrate, those skilled in the art should understand that: anyone skilled in the art the invention discloses
In technical scope, it can still modify to technical solution documented by previous embodiment or variation can be readily occurred in, or
Person's equivalent replacement of some of the technical features;And these modifications, variation or replacement, do not make corresponding technical solution
Essence is detached from the spirit and scope of technical solution of the embodiment of the present invention, should be covered by the protection scope of the present invention.Therefore,
The protection scope of the present invention shall be subject to the protection scope of the claims.
Claims (9)
1. a kind of safety communicating method characterized by comprising
It is utilized respectively first key and second the first preset content of key pair carries out encryption and generates the first inspection value field and second
Value field is examined, the first code key is the encryption key after public key encryption, and the second code key is after the corresponding private key of the public key is decrypted
Encryption key;
If described first examines value field to examine value field identical with described second, session key is generated;
It is utilized respectively third key and the 4th the second preset content of key pair carries out encryption and generates third inspection value field and the 4th
Value field is examined, third code key is the session key after the encryption keys, and the 4th code key is the encryption key decryption
Session key afterwards;
If the third examines value field to examine value field identical with the described 4th, communicated using the session key.
2. safety communicating method according to claim 1, which is characterized in that if the third examines value field and described the
Four examine value field identical, then carry out communication using the session key and specifically include:
The whole needed in the message sent or critical field are encrypted using the session key;
All message field (MFLD)s splice according to preset rules and obtain the first predetermined word finally splicing the session key
Symbol string;
According to the first preset characters string, the second preset characters string is generated;
According to the first preset characters string and the second preset characters string, communicated.
3. safety communicating method according to claim 2, which is characterized in that according to the first preset characters string, generate second
Preset characters string includes:
The cryptographic Hash of the first preset characters string is calculated, and cryptographic Hash calculated is filled into the sign field in message;
Other fields in the message in addition to sign field are subjected to splicing according to the preset rules and are finally splicing institute
It states session key and obtains the second preset characters string.
4. safety communicating method according to claim 2, which is characterized in that according to the first preset characters string and
Two preset characters strings, carrying out communication includes:
Calculate the cryptographic Hash of the second preset characters string;
If the cryptographic Hash of the first preset characters string is consistent with the cryptographic Hash for stating the second preset characters string, described in
Encrypted message field (MFLD) is decrypted in session key.
5. safety communicating method according to claim 1, which is characterized in that the public key and private key are according to preset update
Period is updated;
The encryption and decryption of the session key uses 3DES, AES and SM4 algorithm;The encryption and decryption of the encryption key uses RSA, SM2
Algorithm.
6. safety communicating method according to claim 1, which is characterized in that the encryption and decryption of the message field (MFLD) uses
3DES, AES and SM4 algorithm.
7. safety communicating method according to claim 1, which is characterized in that described first examines value field, described second
Examine value field, the third that value field and the described 4th is examined to examine the byte number of value field for 8 0x00.
8. safety communicating method according to claim 3, which is characterized in that the cryptographic Hash is obtained by one-way hash function
It arrives.
9. safety communicating method according to claim 2, which is characterized in that it is described according to preset rules carry out splicing include
It sorts from small to large according to parameter name ASCII character, the format using URL key-value pair is spliced.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711417537.8A CN109962767A (en) | 2017-12-25 | 2017-12-25 | A kind of safety communicating method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711417537.8A CN109962767A (en) | 2017-12-25 | 2017-12-25 | A kind of safety communicating method |
Publications (1)
Publication Number | Publication Date |
---|---|
CN109962767A true CN109962767A (en) | 2019-07-02 |
Family
ID=67020569
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201711417537.8A Pending CN109962767A (en) | 2017-12-25 | 2017-12-25 | A kind of safety communicating method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109962767A (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111339508A (en) * | 2020-02-28 | 2020-06-26 | 北京达佳互联信息技术有限公司 | Shared password analysis method and device, electronic equipment and storage medium |
CN112311544A (en) * | 2020-12-31 | 2021-02-02 | 飞天诚信科技股份有限公司 | Method and system for communication between server and authenticator |
CN117579392A (en) * | 2024-01-16 | 2024-02-20 | 北京富通亚讯网络信息技术有限公司 | Reliable data transmission method, device, equipment and medium based on encryption processing |
Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1534935A (en) * | 2003-03-31 | 2004-10-06 | 华为技术有限公司 | Key distribution method based on preshared key |
CN1906886A (en) * | 2004-01-08 | 2007-01-31 | 国际商业机器公司 | Establishing a secure context for communicating messages between computer systems |
CN102387152A (en) * | 2011-11-03 | 2012-03-21 | 北京锐安科技有限公司 | Preset-key-based symmetric encryption communication method |
CN106060073A (en) * | 2016-07-07 | 2016-10-26 | 北京信长城技术研究院 | Channel key negotiation method |
CN106603485A (en) * | 2016-10-31 | 2017-04-26 | 美的智慧家居科技有限公司 | Secret key negotiation method and device |
US20170126642A1 (en) * | 2015-10-15 | 2017-05-04 | Pkware, Inc. | Systems and Methods for Smartkey Information Management |
CN106712932A (en) * | 2016-07-20 | 2017-05-24 | 腾讯科技(深圳)有限公司 | Secret key management method, device and system |
-
2017
- 2017-12-25 CN CN201711417537.8A patent/CN109962767A/en active Pending
Patent Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1534935A (en) * | 2003-03-31 | 2004-10-06 | 华为技术有限公司 | Key distribution method based on preshared key |
CN1906886A (en) * | 2004-01-08 | 2007-01-31 | 国际商业机器公司 | Establishing a secure context for communicating messages between computer systems |
CN102387152A (en) * | 2011-11-03 | 2012-03-21 | 北京锐安科技有限公司 | Preset-key-based symmetric encryption communication method |
US20170126642A1 (en) * | 2015-10-15 | 2017-05-04 | Pkware, Inc. | Systems and Methods for Smartkey Information Management |
CN106060073A (en) * | 2016-07-07 | 2016-10-26 | 北京信长城技术研究院 | Channel key negotiation method |
CN106712932A (en) * | 2016-07-20 | 2017-05-24 | 腾讯科技(深圳)有限公司 | Secret key management method, device and system |
CN106603485A (en) * | 2016-10-31 | 2017-04-26 | 美的智慧家居科技有限公司 | Secret key negotiation method and device |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111339508A (en) * | 2020-02-28 | 2020-06-26 | 北京达佳互联信息技术有限公司 | Shared password analysis method and device, electronic equipment and storage medium |
CN112311544A (en) * | 2020-12-31 | 2021-02-02 | 飞天诚信科技股份有限公司 | Method and system for communication between server and authenticator |
CN112311544B (en) * | 2020-12-31 | 2021-03-16 | 飞天诚信科技股份有限公司 | Method and system for communication between server and authenticator |
WO2022142717A1 (en) * | 2020-12-31 | 2022-07-07 | 飞天诚信科技股份有限公司 | Method and system for communication between server and authenticator |
CN117579392A (en) * | 2024-01-16 | 2024-02-20 | 北京富通亚讯网络信息技术有限公司 | Reliable data transmission method, device, equipment and medium based on encryption processing |
CN117579392B (en) * | 2024-01-16 | 2024-04-16 | 北京富通亚讯网络信息技术有限公司 | Reliable data transmission method, device, equipment and medium based on encryption processing |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Aumasson | Serious cryptography: a practical introduction to modern encryption | |
CN107040373B (en) | Mutual authentication method and authentication device | |
CN110166242B (en) | Message transmission method and device | |
CN108200028B (en) | Method and system for safely acquiring trusted data of server by using block chain | |
Satapathy et al. | A Comprehensive Survey on SSL/TLS and their Vulnerabilities | |
US11374975B2 (en) | TLS integration of post quantum cryptographic algorithms | |
CN106850566B (en) | Method and device for verifying data consistency | |
EP3476078B1 (en) | Systems and methods for authenticating communications using a single message exchange and symmetric key | |
CN110198295A (en) | Safety certifying method and device and storage medium | |
CN113268715A (en) | Software encryption method, device, equipment and storage medium | |
CN107800675A (en) | A kind of data transmission method, terminal and server | |
US11153074B1 (en) | Trust framework against systematic cryptographic | |
CN109962767A (en) | A kind of safety communicating method | |
CN115913672B (en) | Electronic file encryption transmission method, system, terminal equipment and computer medium | |
CN108449756A (en) | A kind of system of network cryptographic key updating, method and device | |
CN109150512A (en) | A kind of data encryption, decryption method, system and data encryption, decryption device | |
CN109005184A (en) | File encrypting method and device, storage medium, terminal | |
CN114629646A (en) | Safe transmission method and system based on mixed quantum key encapsulation and negotiation | |
CN114338648A (en) | SFTP multi-terminal file secure transmission method and system based on state cryptographic algorithm | |
CN105635114B (en) | A kind of password method of calibration and system | |
CN109889344A (en) | The transmission method and computer readable storage medium of terminal, data | |
CN113259100A (en) | TEE-based federal recommendation method, device, equipment and medium | |
CN114666040A (en) | Radio frequency identification authentication system and method based on quantum cryptography network | |
Dang | Recommendation for existing application-specific key derivation functions | |
Bowne | Hands-On Cryptography with Python: Leverage the power of Python to encrypt and decrypt data |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20190702 |
|
RJ01 | Rejection of invention patent application after publication |