CN109962767A - A kind of safety communicating method - Google Patents

A kind of safety communicating method Download PDF

Info

Publication number
CN109962767A
CN109962767A CN201711417537.8A CN201711417537A CN109962767A CN 109962767 A CN109962767 A CN 109962767A CN 201711417537 A CN201711417537 A CN 201711417537A CN 109962767 A CN109962767 A CN 109962767A
Authority
CN
China
Prior art keywords
key
encryption
value field
field
message
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201711417537.8A
Other languages
Chinese (zh)
Inventor
郭晋宇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Aisino Corp
Original Assignee
Aisino Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Aisino Corp filed Critical Aisino Corp
Priority to CN201711417537.8A priority Critical patent/CN109962767A/en
Publication of CN109962767A publication Critical patent/CN109962767A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/045Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply hybrid encryption, i.e. combination of symmetric and asymmetric encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/123Applying verification of the received information received data contents, e.g. message integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/14Session management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0822Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key

Abstract

The present invention provides a kind of safety communicating methods, it include: to be utilized respectively first key and second the first preset content of key pair carries out encryption and generate first value field and second is examined to examine value field, first code key is the encryption key after public key encryption, and the second code key is the encryption key after the corresponding private key decryption of the public key;If described first examines value field to examine value field identical with described second, session key is generated;It is utilized respectively third key and the 4th the second preset content of key pair carries out encryption and generates third inspection value field and the 4th inspection value field, third code key is the session key after the encryption keys, and the 4th code key is the session key after the encryption key decryption;If the third examines value field to examine value field identical with the described 4th, communicated using the session key.The present invention can ensure the communication security in communication process.

Description

A kind of safety communicating method
Technical field
The present invention relates to internet security technical fields, and in particular to a kind of safety communicating method.
Background technique
With the fast development of mobile Internet tide, more and more scenes and service by being transferred on line under line, Therefore how the data interaction demand for also having expedited the emergence of a large amount of mobile client and server-side guarantees data security at the same time Transmitting between the ends become a urgent problem needed to be solved.Although some APP productions are completed with https agreement at present The transmitting of data, this to a certain extent ensure that the safety of data transmission, but itself solve or channel security Problem can not set foot in the safety of the message content of transmission;On the other hand, due to the purchase, deployment and application of https certificate For exploitation increase certain workload and difficulty, therefore in the market overwhelming majority APP and server still use it is traditional Http communication protocol, this is exposed to transmitting message arbitrarily in the form of plaintext in unsafe network environment very much, black Visitor even slightly experienced developer can obtain these message datas by packet capturing, so as to intercept, usurp easily Change or resets message to realize the unlawful profit-makings behaviors such as it steals user information, fake user is operated, gains user's wealth by cheating.
It can be seen that most important to Content of Communication progress safety encryption, existing some message encryption means have following It is several: one, using asymmetric cryptography, that is, public key encryption is used, private key decryption, such case encryption/decryption speed is slow, and server-side If encrypting its message for issuing client, needs each client to generate a pair of public and private key, safeguard and update at high cost; Two, using symmetric cryptography, i.e. client and server-side carries out encryption and decryption, this way encryption/decryption speed using the same key Fastly, but all there is the risk being stolen in the transmission of the key and preservation;Three, the certain fields of message are carried out using hash algorithm Signature, this can only guarantee the integrality of message, and recipient is allowed to know that message is not tampered with, and not can guarantee message content It is stolen by others.
It would therefore be highly desirable to need a kind of more safety and perfect mode to guarantee the Content of Communication peace of client and server-side Entirely.
Summary of the invention
In view of the above technical problems, the present invention provides the safety communicating method that a kind of pair of Content of Communication is encrypted.
The technical solution adopted by the present invention are as follows:
The embodiment of the present invention provides a kind of safety communicating method, comprising: is utilized respectively first key and the second key pair One preset content, which encrypt, generates the first inspection value field and the second inspection value field, and the first code key is adding after public key encryption Key, the second code key are the encryption key after the corresponding private key decryption of the public key;If described first examines value field and institute It is identical to state the second inspection value field, then generates session key;It is utilized respectively third key and the 4th the second preset content of key pair It carries out encryption and generates third inspection value field and the 4th inspection value field, third code key is the session after the encryption keys Key, the 4th code key are the session key after the encryption key decryption;If the third examines value field and the 4th inspection It is identical to test value field, then is communicated using the session key.
Optionally, close using the session if the third examines value field to examine value field identical with the described 4th Key carries out communication and specifically includes: being added the whole needed in the message sent or critical field using the session key It is close;All message field (MFLD)s splice according to preset rules and obtain the first preset characters finally splicing the session key String;According to the first preset characters string, the second preset characters string is generated;According to the first preset characters string and the second predetermined word Symbol string, is communicated.
Optionally, according to the first preset characters string, generating the second preset characters string includes: to calculate first preset characters The cryptographic Hash of string, and cryptographic Hash calculated is filled into the sign field in message;By in the message in addition to sign field Other fields according to the preset rules carry out splice and obtain the second preset characters string finally splicing the session key.
Optionally, according to the first preset characters string and the second preset characters string, carrying out communication includes: described in calculating The cryptographic Hash of second preset characters string;If the cryptographic Hash of the first preset characters string and the Kazakhstan for stating the second preset characters string Uncommon value is consistent, then encrypted message field (MFLD) is decrypted using the session key.
Optionally, the public key and private key are updated according to the preset update cycle;The encryption and decryption of the session key Using 3DES, AES and SM4 algorithm;The encryption and decryption of the encryption key uses RSA, SM2 algorithm.
Optionally, the encryption and decryption of the message field (MFLD) uses 3DES, AES and SM4 algorithm.
Optionally, described first examine value field, described second that value field, the third is examined to examine value field and described 4th examines the byte number of value field for 8 0x00.
Optionally, the cryptographic Hash is obtained by one-way hash function.
Optionally, it is described according to preset rules carry out splicing include sorting from small to large according to parameter name ASCII character, use The format of URL key-value pair is spliced.
Safety communicating method provided in an embodiment of the present invention encrypts encryption key using public key, then utilizes private Encryption key is decrypted in key, using encryption key come encryption and decryption session key, and verifies, is verifying to session key Encryption and decryption is carried out to the message field (MFLD) in communication process using the session key after qualification and signature prolongs label, by this asymmetric Encrypt the mixed encryption method that combines with symmetric cryptography, can play two class cryptographic algorithms to from the advantages of, evade respective Deficiency guarantees confidentiality and integrity of the data in transmission process, communication message can be prevented to be stolen in transmission process With distort.
Detailed description of the invention
Fig. 1 is the flow diagram that the session key of safety communicating method provided in an embodiment of the present invention determines;
Fig. 2 is the specific example figure that the session key of safety communicating method provided in an embodiment of the present invention determines;
Fig. 3 is the process signal of safety communicating method provided in an embodiment of the present invention communicated using session key Figure;
Fig. 4 is the specific example of safety communicating method provided in an embodiment of the present invention communicated using session key Figure.
Specific embodiment
To keep the technical problem to be solved in the present invention, technical solution and advantage clearer, below in conjunction with attached drawing and tool Body embodiment is described in detail.
Safety communicating method provided by the invention, for the secure communication between server-side and client, client can be extremely It is less 1.
In the present invention, server-side is for generating and session key and public and private key used in the communication process of client It is right, wherein session key is sent to corresponding client according to the solicited message that each client is sent, which is used for Encryption and decryption is carried out to business datum involved in communication process;The public key of public private key pair can be pre-assigned to each client, phase The private key answered then is stored in server-side, such as is stored in the associated server of server-side, what public key was used to generate client Encryption key is encrypted, and private key is then decrypted encryption key.Specifically, pseudo-random number generator can be used in server-side The random number for generating certain length, as session key KEY, for example, the random number that client generates 16 bytes is bright as KEY Text changes into 32 hexadecimal characters [0-9A-F], carries out encryption for the message that client sends it and terminates to from service The message of receipts is decrypted;And the message sent for server-side to it carries out encryption and carries out to from the received message of client Decryption.Symmetric cryptographic technique can be used to carry out encryption and decryption to the message sent in communication process using session key, the present invention is not Specific symmetric cryptographic algorithm is limited, the safety recognized extensively it is preferable to employ the world is secure as 3DES, AES and SM4 are calculated Method etc., and the length of the random number of the certain length should meet cryptographic algorithm requirement used;Message is added in the present invention Decryption can be and carry out encryption and decryption to whole messages, is also possible to the key in message or is related to the need for confidentiality such as privacy Field carries out encryption and decryption.The public key of the public private key pair of generation can be generated certificate and is preset in each client-side program by server-side, Such as public key can be sent to client by way of interface, the encryption key KEK generated for client to it adds Close, then server-side goes decryption to obtain this KEK using corresponding private key, to carry out subsequent communication process.Public private key pair Asymmetric cryptographic algorithm can be used, and asymmetric cryptographic algorithm can be used, the encryption key that client generates is carried out plus solved It is close, the unlimited fixture body asymmetric cryptographic algorithm of the present invention, the safety recognized extensively it is preferable to employ the world it is secure as RSA, SM2 algorithm etc..It in embodiments of the present invention, is guarantee key safety, server-side generation public private key pair should have certain Update mechanism needs to be updated according to the preset update cycle, the specific update cycle can determine according to the actual situation, The present invention does not do and particularly limits.
In the present invention, client for generates and the communication process of server-side used in encryption key, the encryption is close The session key that key is used to generate server-side carries out encryption and decryption.Specifically, pseudo-random number generator can be used to generate for client The random number of certain length turns as encryption key KEK for example, client generates the random number of 16 bytes as KEK plaintext At 32 hexadecimal characters [0-9A-F], the session key that it is generated is encrypted to server-side, to guarantee server-side Session key is passed to client by safety, and session key is decrypted for client.Symmetric cryptographic technique can be used The encryption key is utilized to carry out encryption and decryption to session key, the unlimited fixture body symmetric cryptographic algorithm of the present invention, it is preferable to employ states Secure such as 3DES, AES and SM4 algorithm of the safety that border recognizes extensively, and the length of the random number of the certain length Cryptographic algorithm requirement used should be met.
In the present invention, for client to during server-side queued session key KEY, client is sent to the report of server-side Text and server-side are returned in the message of client and should be all sent to comprising check value checkvalue field, value in client In the message of server-side for using encryption key KEK to a certain character string that both ends are appointed encrypted as a result, server-side After obtaining encryption key KEK, by carrying out comparison encryption result and field after similarly encrypting to above-mentioned agreement character string Whether content unanimously determines whether message is tampered, if being tampered, the KEK is invalid;Client is returned in server-side Field checkvalue value in message be session key KEY to a certain character string that both ends are appointed encrypted as a result, Client after obtaining session key KEY, by above-mentioned agreement character string carry out similarly encrypt after comparison encryption result with Whether the field contents unanimously determine whether message is tampered, if being tampered, the KEY is invalid.In addition, in the present invention, After client and server-side begin to use determining session key KEY to carry out message encryption, message should include signature sign word Section, value are to splice to every other field according to certain rule, and affix session key KEY forms final character string, The cryptographic Hash that can be used one-way hash function that the character string is calculated, both ends are after receiving message to message field (MFLD) with same The mode of sample calculates cryptographic Hash, and compare with the sign field in message, determines whether message is tampered with this.
Server-side and client specifically communicate the safety communicating method that can be provided through the invention.Hereinafter, to the present invention The safety communicating method of offer is introduced.
Fig. 1 is the flow diagram that the session key of safety communicating method provided in an embodiment of the present invention determines.Such as Fig. 1 institute Show, safety communicating method provided by the invention the following steps are included:
S110, it is utilized respectively first key and second the first preset content of key pair carries out encryption and generates the first test value word Section and second examines value field, and the first code key is the encryption key after public key encryption, and the second code key is the corresponding private of the public key Encryption key after key decryption.
If S120, described first examine value field to examine value field identical with described second, session key is generated.
S130, it is utilized respectively third key and the 4th the second preset content of key pair carries out encryption and generates third test value word Section and the 4th examines value field, and third code key is the session key after the encryption keys, and the 4th code key is the encryption Session key after key decryption.
If S140, the third examine value field to examine value field identical with the described 4th, the session key is utilized It is communicated.
Above-mentioned steps step S110 to S140 is used to determine session used in the symmetrical encryption and decryption in subsequent packet communication Key KEY.Asymmetric arithmetic generation, the unlimited fixture body asymmetric cryptography of the present invention can be used in public key and private key in above-mentioned steps Algorithm, it is preferable to employ secure such as RSA, SM2 algorithms of safety that the world recognizes extensively;In addition, public key and private key can It is updated according to the preset update cycle, to ensure communication security;Session key and encryption key can pass through presetting digit capacity Generating random number, such as the random number of 16 bytes is used in plain text, to change into 32 hexadecimal character [0-9A- as KEY and KEK F], symmetric cryptographic technique can be used to carry out encryption and decryption for the encryption and decryption of session key and the encryption and decryption of encryption key, and the present invention is not Specific symmetric cryptographic algorithm is limited, the safety recognized extensively it is preferable to employ the world is secure as 3DES, AES and SM4 are calculated Method etc..Described first examines value field, described second that value field, the third is examined to examine value field and the 4th test value The byte number of field can be 8 0x00.
In a specific example, above-mentioned steps S110 to S140 can be by the process that client and server-side are shaken hands come real It is existing, as shown in Fig. 2, determining that session key may particularly include following steps by the handshake procedure of client and server-side:
Step 1: client generates the random number of certain digit, i.e. encryption key with pseudo-random number generator first The length of KEK, random number are determined by the symmetric cryptographic algorithm that client and server-side are arranged, such as use the random number of 16 bytes In plain text as KEY and KEK, 32 hexadecimal characters [0-9A-F] are changed into.
Step 2: client carries out asymmetric encryption to KEK with the public key certificate that server-side is built into client, encryption is calculated Method is reached an agreement on by client and server-side, such as 3DES encryption algorithm can be used;Then client recycles KEK to preset one section Content carries out encryption and generates test value checkvalue field, which is that client is consulted to decide with server-side, and such as 8 0x00。
Step 3: checkvalue field and KEK ciphertext and other Optional Fields that client generates step 2 are sent out Give server-side.
Step 4: server-side carries out received KEK ciphertext using its corresponding private key for being handed down to the public key of client Decryption obtains KEK in plain text, then adopts and carries out encryption generation test value to the one section of content appointed with KEK in a like fashion Checkvalue field.
Step 5: server-side compares the checkvalue field of their own calculating and receives from client Whether checkvalue field is identical, if it is different, then indicating message, there are error of transmission or the risks being tampered, therefore terminate This process;If identical, continue next step.
Step 6: in the mode similar with step 1, server-side generated with pseudo-random number generator certain digit with The length of machine number, i.e. session key KEY, random number is determined by the symmetric cryptographic algorithm that client and server-side are arranged, such as is made The random number of 16 bytes is used in plain text, to change into 32 hexadecimal characters [0-9A-F] as KEY and KEK.
Step 7: server-side carries out symmetric cryptography to KEY using the KEK got from client, Encryption Algorithm is by client End is reached an agreement on server-side, such as 3DES encryption algorithm can be used;Then encryption generation is carried out to preset one section of content with KEY again Test value checkvalue field, the content are that client is consulted to decide with server-side, such as 8 0x00.
Step 8: checkvalue field and KEY ciphertext and other Optional Fields that server-side generates step 7 are sent out Give client.
Step 9: the KEK that client is generated using it is decrypted to obtain KEY in plain text to KEY ciphertext, then using identical Mode with KEY to the one section of content appointed carry out encryption generate test value checkvalue field, for example, by using 3DES into Row encryption.
Step 10: client compares the checkvalue field of their own calculating and receives from server-side Whether checkvalue field is identical, if it is different, then indicating message, there are error of transmission or the risks being tampered, therefore terminate This process;If identical, continue next step.
Step 11: client is finally obtained the symmetric cryptography session key that message encryption and decryption is used by shaking hands, visitor Family end saves the session key, for use in subsequent communications.
Further, as shown in figure 3, step S140 may particularly include:
S141, the whole needed in the message sent or critical field are encrypted using the session key.
S142, all message field (MFLD)s are subjected to splicing according to preset rules and obtain the finally splicing the session key One preset characters string.
S143, according to the first preset characters string, generate the second preset characters string.
S144, according to the first preset characters string and the second preset characters string, communicated.
Further, step S143 is specifically included: calculating the cryptographic Hash of the first preset characters string, and will be calculated Cryptographic Hash is filled into the sign field in message;By other fields in the message in addition to sign field according to the default rule It then carries out splicing and obtains the second preset characters string finally splicing the session key.
Further, step S144 is specifically included: calculating the cryptographic Hash of the second preset characters string;If described first is pre- If the cryptographic Hash of character string is consistent with the cryptographic Hash for stating the second preset characters string, then using the session key to encrypted Message field (MFLD) be decrypted.
Above-mentioned steps S141 to S144 is used to be communicated using the session key that step S110 to S140 is determined.Step The cryptographic Hash of S143 and S144 can be obtained by one-way hash function, and the present invention is not intended to limit the specific calculation of one-way hash function Method, it is preferable to employ secure such as MD5, SHA-1, SHA-256 and SM3 algorithms of safety that the world recognizes extensively.Step 3DES, AES and SM4 can be used to the algorithm that message field (MFLD) is encrypted and decrypted using session key in S141 and step S144 Algorithm.It is described according to preset rules carry out splicing include sorting from small to large according to parameter name ASCII character, use URL key-value pair Format spliced.
In a specific example, client and server-side can be realized using the session key of above-mentioned steps determination each other it Between message communication, client and server-side carry out message encryption and decryption to guarantee confidentiality, by report by session key KEY Text section splices and does signature and prolong label to ensure message integrality, as shown in figure 4, carrying out communication using session key can be specific The following steps are included:
First step, client need to send business datum to server-side, and client in step S140 using obtaining at this time KEY in message whole or critical field encrypt, cipher mode is consulted to decide with server-side, for example, can be used 3DES Encryption Algorithm;Then client will need all message field (MFLD)s sent to splice according to preset rules, such as according to parameter name ASCII character sorts (lexcographical order) from small to large, uses format (the i.e. key1=value1&key2=of URL key-value pair Value2 ...) it is spliced into character string stringA, and finally splice KEY in stringA and obtain a certain character string such as StringSignTemp character string, then calculates cryptographic Hash to the character string, and used hash algorithm is determined with server-side negotiation It is fixed, such as operation is carried out to stringSignTemp using SHA-256 algorithm, and increase sign field in messages, by operation As a result and the cryptographic Hash of calculating is filled into the value of sign field.
Second step, by treated, service message is sent to server-side to client.
Third step, server-side receive client send service message and by message in addition to sign field other fields Spliced and calculated the cryptographic Hash sign of spliced character string in a manner of identical with first step.
Whether four steps, server-side compare the cryptographic Hash value of its calculating and the message cryptographic Hash value that receives from client Unanimously, if it is inconsistent, indicating the possible loading error occurring of message or being tampered, therefore, it is considered that this time communicating in vain, mistake is returned to False information terminates process;Otherwise, next step is gone to.
5th step, server-side are prolonged label to message and are passed through, therefore are decrypted with message field (MFLD) of the KEY to encryption, thus The clear data that client wants will be sent to server-side has been obtained, has this time been communicated successfully.
Further, it should be noted that above-mentioned steps are clients to server-side transmission business datum, if server-side has industry The process that business data need to be sent to client, communication process and client to server-side transmission business datum is completely the same, is It avoids repeating, this is discussed in detail in omission.
Embodiment described above, only a specific embodiment of the invention, to illustrate technical solution of the present invention, rather than It is limited, scope of protection of the present invention is not limited thereto, although having carried out with reference to the foregoing embodiments to the present invention detailed Illustrate, those skilled in the art should understand that: anyone skilled in the art the invention discloses In technical scope, it can still modify to technical solution documented by previous embodiment or variation can be readily occurred in, or Person's equivalent replacement of some of the technical features;And these modifications, variation or replacement, do not make corresponding technical solution Essence is detached from the spirit and scope of technical solution of the embodiment of the present invention, should be covered by the protection scope of the present invention.Therefore, The protection scope of the present invention shall be subject to the protection scope of the claims.

Claims (9)

1. a kind of safety communicating method characterized by comprising
It is utilized respectively first key and second the first preset content of key pair carries out encryption and generates the first inspection value field and second Value field is examined, the first code key is the encryption key after public key encryption, and the second code key is after the corresponding private key of the public key is decrypted Encryption key;
If described first examines value field to examine value field identical with described second, session key is generated;
It is utilized respectively third key and the 4th the second preset content of key pair carries out encryption and generates third inspection value field and the 4th Value field is examined, third code key is the session key after the encryption keys, and the 4th code key is the encryption key decryption Session key afterwards;
If the third examines value field to examine value field identical with the described 4th, communicated using the session key.
2. safety communicating method according to claim 1, which is characterized in that if the third examines value field and described the Four examine value field identical, then carry out communication using the session key and specifically include:
The whole needed in the message sent or critical field are encrypted using the session key;
All message field (MFLD)s splice according to preset rules and obtain the first predetermined word finally splicing the session key Symbol string;
According to the first preset characters string, the second preset characters string is generated;
According to the first preset characters string and the second preset characters string, communicated.
3. safety communicating method according to claim 2, which is characterized in that according to the first preset characters string, generate second Preset characters string includes:
The cryptographic Hash of the first preset characters string is calculated, and cryptographic Hash calculated is filled into the sign field in message;
Other fields in the message in addition to sign field are subjected to splicing according to the preset rules and are finally splicing institute It states session key and obtains the second preset characters string.
4. safety communicating method according to claim 2, which is characterized in that according to the first preset characters string and Two preset characters strings, carrying out communication includes:
Calculate the cryptographic Hash of the second preset characters string;
If the cryptographic Hash of the first preset characters string is consistent with the cryptographic Hash for stating the second preset characters string, described in Encrypted message field (MFLD) is decrypted in session key.
5. safety communicating method according to claim 1, which is characterized in that the public key and private key are according to preset update Period is updated;
The encryption and decryption of the session key uses 3DES, AES and SM4 algorithm;The encryption and decryption of the encryption key uses RSA, SM2 Algorithm.
6. safety communicating method according to claim 1, which is characterized in that the encryption and decryption of the message field (MFLD) uses 3DES, AES and SM4 algorithm.
7. safety communicating method according to claim 1, which is characterized in that described first examines value field, described second Examine value field, the third that value field and the described 4th is examined to examine the byte number of value field for 8 0x00.
8. safety communicating method according to claim 3, which is characterized in that the cryptographic Hash is obtained by one-way hash function It arrives.
9. safety communicating method according to claim 2, which is characterized in that it is described according to preset rules carry out splicing include It sorts from small to large according to parameter name ASCII character, the format using URL key-value pair is spliced.
CN201711417537.8A 2017-12-25 2017-12-25 A kind of safety communicating method Pending CN109962767A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201711417537.8A CN109962767A (en) 2017-12-25 2017-12-25 A kind of safety communicating method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201711417537.8A CN109962767A (en) 2017-12-25 2017-12-25 A kind of safety communicating method

Publications (1)

Publication Number Publication Date
CN109962767A true CN109962767A (en) 2019-07-02

Family

ID=67020569

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201711417537.8A Pending CN109962767A (en) 2017-12-25 2017-12-25 A kind of safety communicating method

Country Status (1)

Country Link
CN (1) CN109962767A (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111339508A (en) * 2020-02-28 2020-06-26 北京达佳互联信息技术有限公司 Shared password analysis method and device, electronic equipment and storage medium
CN112311544A (en) * 2020-12-31 2021-02-02 飞天诚信科技股份有限公司 Method and system for communication between server and authenticator
CN117579392A (en) * 2024-01-16 2024-02-20 北京富通亚讯网络信息技术有限公司 Reliable data transmission method, device, equipment and medium based on encryption processing

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1534935A (en) * 2003-03-31 2004-10-06 华为技术有限公司 Key distribution method based on preshared key
CN1906886A (en) * 2004-01-08 2007-01-31 国际商业机器公司 Establishing a secure context for communicating messages between computer systems
CN102387152A (en) * 2011-11-03 2012-03-21 北京锐安科技有限公司 Preset-key-based symmetric encryption communication method
CN106060073A (en) * 2016-07-07 2016-10-26 北京信长城技术研究院 Channel key negotiation method
CN106603485A (en) * 2016-10-31 2017-04-26 美的智慧家居科技有限公司 Secret key negotiation method and device
US20170126642A1 (en) * 2015-10-15 2017-05-04 Pkware, Inc. Systems and Methods for Smartkey Information Management
CN106712932A (en) * 2016-07-20 2017-05-24 腾讯科技(深圳)有限公司 Secret key management method, device and system

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1534935A (en) * 2003-03-31 2004-10-06 华为技术有限公司 Key distribution method based on preshared key
CN1906886A (en) * 2004-01-08 2007-01-31 国际商业机器公司 Establishing a secure context for communicating messages between computer systems
CN102387152A (en) * 2011-11-03 2012-03-21 北京锐安科技有限公司 Preset-key-based symmetric encryption communication method
US20170126642A1 (en) * 2015-10-15 2017-05-04 Pkware, Inc. Systems and Methods for Smartkey Information Management
CN106060073A (en) * 2016-07-07 2016-10-26 北京信长城技术研究院 Channel key negotiation method
CN106712932A (en) * 2016-07-20 2017-05-24 腾讯科技(深圳)有限公司 Secret key management method, device and system
CN106603485A (en) * 2016-10-31 2017-04-26 美的智慧家居科技有限公司 Secret key negotiation method and device

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111339508A (en) * 2020-02-28 2020-06-26 北京达佳互联信息技术有限公司 Shared password analysis method and device, electronic equipment and storage medium
CN112311544A (en) * 2020-12-31 2021-02-02 飞天诚信科技股份有限公司 Method and system for communication between server and authenticator
CN112311544B (en) * 2020-12-31 2021-03-16 飞天诚信科技股份有限公司 Method and system for communication between server and authenticator
WO2022142717A1 (en) * 2020-12-31 2022-07-07 飞天诚信科技股份有限公司 Method and system for communication between server and authenticator
CN117579392A (en) * 2024-01-16 2024-02-20 北京富通亚讯网络信息技术有限公司 Reliable data transmission method, device, equipment and medium based on encryption processing
CN117579392B (en) * 2024-01-16 2024-04-16 北京富通亚讯网络信息技术有限公司 Reliable data transmission method, device, equipment and medium based on encryption processing

Similar Documents

Publication Publication Date Title
Aumasson Serious cryptography: a practical introduction to modern encryption
CN107040373B (en) Mutual authentication method and authentication device
CN110166242B (en) Message transmission method and device
CN108200028B (en) Method and system for safely acquiring trusted data of server by using block chain
Satapathy et al. A Comprehensive Survey on SSL/TLS and their Vulnerabilities
US11374975B2 (en) TLS integration of post quantum cryptographic algorithms
CN106850566B (en) Method and device for verifying data consistency
EP3476078B1 (en) Systems and methods for authenticating communications using a single message exchange and symmetric key
CN110198295A (en) Safety certifying method and device and storage medium
CN113268715A (en) Software encryption method, device, equipment and storage medium
CN107800675A (en) A kind of data transmission method, terminal and server
US11153074B1 (en) Trust framework against systematic cryptographic
CN109962767A (en) A kind of safety communicating method
CN115913672B (en) Electronic file encryption transmission method, system, terminal equipment and computer medium
CN108449756A (en) A kind of system of network cryptographic key updating, method and device
CN109150512A (en) A kind of data encryption, decryption method, system and data encryption, decryption device
CN109005184A (en) File encrypting method and device, storage medium, terminal
CN114629646A (en) Safe transmission method and system based on mixed quantum key encapsulation and negotiation
CN114338648A (en) SFTP multi-terminal file secure transmission method and system based on state cryptographic algorithm
CN105635114B (en) A kind of password method of calibration and system
CN109889344A (en) The transmission method and computer readable storage medium of terminal, data
CN113259100A (en) TEE-based federal recommendation method, device, equipment and medium
CN114666040A (en) Radio frequency identification authentication system and method based on quantum cryptography network
Dang Recommendation for existing application-specific key derivation functions
Bowne Hands-On Cryptography with Python: Leverage the power of Python to encrypt and decrypt data

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20190702

RJ01 Rejection of invention patent application after publication