CN112653698B - Communication method and device - Google Patents
Communication method and device Download PDFInfo
- Publication number
- CN112653698B CN112653698B CN202011531735.9A CN202011531735A CN112653698B CN 112653698 B CN112653698 B CN 112653698B CN 202011531735 A CN202011531735 A CN 202011531735A CN 112653698 B CN112653698 B CN 112653698B
- Authority
- CN
- China
- Prior art keywords
- key
- ciphertext
- application
- request message
- server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0435—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/16—Implementing security features at a particular protocol layer
- H04L63/168—Implementing security features at a particular protocol layer above the transport layer
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Mobile Radio Communication Systems (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
Abstract
The application discloses a communication method and a device, wherein the method is applied to a first application program of a client, and the method comprises the following steps: generating a request message; the request message comprises a first ciphertext, an application identifier of a first application program and a first transaction code corresponding to a first trigger operation; the first ciphertext is encrypted by a first key; sending a request message to the server so that the server obtains a first secret key according to the application identifier and the first transaction code; the first key is used to decrypt the first ciphertext. Therefore, in the communication method provided by the embodiment of the application, the client and the server may obtain the first key through the mapping relationship between the application identifier of the first application, the first transaction code, and the first key, and encrypt and decrypt the request message. Therefore, the request message is encrypted and decrypted through the secret key of the application layer, the safety of the request message in transmission is enhanced, extra communication is not needed, and the influence on the communication efficiency is small.
Description
Technical Field
The present application relates to the field of communications, and in particular, to a communication method and apparatus.
Background
In an API (Application Programming Interface) service of an open platform, a transmission channel of data may be monitored, intercepted, tampered, and the like. At present, in order to improve the security of data transmission, a dynamic key can be used to encrypt a communication message.
However, when the dynamic key is used to encrypt the transmission data, the client and the server need to perform a handshake operation before transmitting the data each time, which reduces the communication efficiency. Therefore, how to improve the security of the key without affecting the communication efficiency becomes a technical problem to be solved urgently in the field.
Disclosure of Invention
In order to solve the above technical problem, the present application provides a communication method and apparatus for improving security of a key in an interface service that provides data or functions to an external network.
In order to achieve the above object, the embodiments of the present application provide the following technical solutions:
the embodiment of the application provides a communication method, which is applied to a first application program of a client, and comprises the following steps:
generating a request message according to a first trigger operation acted on the first application program; the request message comprises a first ciphertext, an application identifier of a first application program and a first transaction code corresponding to a first trigger operation; the first ciphertext is encrypted by a first key;
sending the request message to a server so that the server obtains the first secret key according to the application identifier and the first transaction code; the first key is used to decrypt the first ciphertext.
Optionally, the server stores a first mapping relationship between the first key, the application identifier, and the first transaction code;
the client stores a second mapping relation among the first secret key, the application identifier and the first transaction code; the first mapping relationship is the same as the second mapping relationship.
Optionally, when the first key changes, the first mapping relationship and the second mapping relationship are updated synchronously.
Optionally, the first ciphertext comprises:
plaintext request information, a timestamp, and a random number;
the timestamp and nonce are used to prevent replay of the request message.
Optionally, the method further comprises:
receiving a response message sent by a server; the response message includes a second ciphertext; the second ciphertext is encrypted using the first key.
An embodiment of the present application further provides a communication apparatus, where the apparatus is applied to a first application program of a client, and the apparatus includes:
a generation module, configured to generate a request message according to a first trigger operation acting on the first application; the request message comprises a first ciphertext, an application identifier of a first application program and a first transaction code corresponding to a first trigger operation; the first ciphertext is encrypted by a first key;
a sending module, configured to send the request message to a server, so that the server obtains the first key according to the application identifier and the first transaction code; the first key is used to decrypt the first ciphertext.
Optionally, the server stores a first mapping relationship between the first key, the application identifier, and the first transaction code;
the client stores a second mapping relation among the first secret key, the application identifier and the first transaction code; the first mapping relationship is the same as the second mapping relationship.
Optionally, when the first key changes, the first mapping relationship and the second mapping relationship are updated synchronously.
Optionally, the first ciphertext comprises:
plaintext request information, a timestamp, and a random number;
the timestamp and nonce are used to prevent replay of the request message.
Optionally, the apparatus further comprises:
the receiving module is used for receiving a response message sent by the server; the response message includes a second ciphertext; the second ciphertext is encrypted using the first key.
According to the technical scheme, the method has the following beneficial effects:
the embodiment of the application provides a communication method and a communication device, wherein the method is applied to a first application program of a client, and comprises the following steps: generating a request message according to a first trigger operation acting on a first application program; the request message comprises a first ciphertext, an application identifier of a first application program and a first transaction code corresponding to a first trigger operation; the first ciphertext is encrypted by a first key; sending a request message to the server so that the server obtains a first secret key according to the application identifier and the first transaction code; the first key is used to decrypt the first ciphertext. Therefore, in the communication method provided by the embodiment of the application, the client and the server may obtain the first key through the mapping relationship between the application identifier of the first application, the first transaction code, and the first key, and encrypt and decrypt the request message. Therefore, the request message is encrypted and decrypted through the secret key of the application layer, the safety of the request message in transmission is enhanced, extra communication is not needed, and the influence on the communication efficiency is small.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings needed to be used in the description of the embodiments or the prior art will be briefly introduced below, and it is obvious that the drawings in the following description are some embodiments of the present application, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
Fig. 1 is a schematic flowchart of a communication method according to an embodiment of the present disclosure;
fig. 2 is a schematic flow chart of another communication method according to an embodiment of the present application;
fig. 3 is a schematic structural diagram of a communication device according to an embodiment of the present application.
Detailed Description
In order to help better understand the scheme provided by the embodiment of the present application, before describing the method provided by the embodiment of the present application, a scenario of an application of the scheme of the embodiment of the present application is described.
As can be seen from the above description, in an API service of an open platform, a transmission channel of data may be intercepted, tampered, and the like. It should be noted that the API interface service in the embodiment of the present application refers to an interface service that provides data or functions to an external network, and may be implemented based on multiple protocols or forms. For example, an interface service provided in the form of REST (Representational State Transfer) is characterized by performing data exchange using JSON (JavaScript Object Notation) format based on HTTP protocol (hypertext Transfer protocol). The interface service provided in the form of Simple Object Access Protocol (SOAP) is characterized by being based on HTTP Protocol and performing data exchange in an Extensible Markup Language (XML) format, and the embodiment of the present application is not limited herein. In the embodiment of the present application, the API interface service has a big characteristic of stateless access, and directly initiates a service request, unlike a common Web (World Wide Web, global area network or World Wide Web) page, which requires a user name and a password for login.
At present, in order to improve the security of data transmission, a dynamic key can be used to encrypt a communication message. However, when the dynamic key is used to encrypt the transmission data, the client and the server need to perform a handshake operation before transmitting the data each time, which reduces the communication efficiency. Therefore, how to improve the security of the key without affecting the communication efficiency becomes a technical problem to be solved urgently in the field.
In order to solve the above problem, an embodiment of the present application provides a communication method and apparatus, where the method is applied to a first application program of a client, and the method includes: generating a request message according to a first trigger operation acting on a first application program; the request message comprises a first cryptograph, an application identifier of a first application program and a first transaction code corresponding to a first trigger operation; the first ciphertext is encrypted by a first key; sending a request message to a server so that the server obtains a first secret key according to the application identifier and the first transaction code; the first key is used to decrypt the first ciphertext. Therefore, in the communication method provided by the embodiment of the application, the client and the server may obtain the first key through the mapping relationship between the application identifier of the first application, the first transaction code, and the first key, and encrypt and decrypt the request message. Therefore, the request message is encrypted and decrypted through the secret key of the application layer, the safety of the request message in transmission is enhanced, extra communication is not needed, and the influence on the communication efficiency is small.
In order to make the aforementioned objects, features and advantages of the present application more comprehensible, embodiments accompanying the drawings are described in detail below.
Referring to fig. 1, a schematic flowchart of a communication method according to an embodiment of the present application is shown. As shown in fig. 1, the communication method provided in the embodiment of the present application is applied to a first application program of a client, and includes the following steps S101 to S102:
s101: generating a request message according to a first trigger operation acting on a first application program; the request message comprises a first cryptograph, an application identifier of a first application program and a first transaction code corresponding to a first trigger operation; the first ciphertext is encrypted by a first key.
S102: sending a request message to the server so that the server obtains a first secret key according to the application identifier and the first transaction code; the first key is used to decrypt the first ciphertext.
In the embodiment of the application, the server stores a first mapping relation among a first secret key, an application identifier and a first transaction code; the client stores a second mapping relation among the first secret key, the application identifier and the first transaction code; the first mapping relationship is the same as the second mapping relationship. It can be understood that, in the embodiment of the present application, the client obtains the first key through the application identifier of the first application program, the first transaction code and the first key corresponding to the first trigger operation, and the second mapping relationship between the application identifier and the first transaction code, so that the first plaintext is encrypted by using the first key to obtain the first ciphertext. The server side in the embodiment of the application also stores a first mapping relation which is the same as the second mapping relation, and the server side can obtain the first key through the first mapping relation between the first transaction corresponding to the application identifier of the first application and the first trigger operation obtained from the request message and the first key, the application identifier and the first transaction code, so as to decrypt the first ciphertext and obtain the first plaintext.
In order to further improve the security of the communication method provided in the embodiment of the present application, the first key in the embodiment of the present application may be changed. When the first key is changed, the first mapping relation and the second mapping relation are synchronously updated. In order not to affect the normal communication performance of the client and the server, as a possible implementation manner, when the communication capability of the client and the server is left, the first key may be changed, and the first mapping relationship and the second mapping relationship may be updated synchronously. As another possible implementation manner, a fixed time may be set to change the first key, and the first mapping relationship and the second mapping relationship are updated synchronously, which is not limited herein.
In order to prevent the man-in-the-middle from intercepting the request message and maliciously replaying the intercepted request message, thereby causing the server in the application to repeatedly execute the instruction contained in the request message, the first ciphertext provided by the embodiment of the application may include the plaintext request information, the timestamp and the random number. As a possible implementation manner, in the embodiment itself, the plaintext request information R, the timestamp ts, the random number n, the first key appKey, the application identification appId of the first application, the actual transmission request E, and AES (Advanced Encryption Standard). Then the actual request message is E = AES (R + ts + n, appKey) + appId + first transaction code. AES (A, B) indicates advanced encryption of A using B.
It will be appreciated that a timestamp is a number or other form of data representing time, the purpose of which is to indicate when the message was sent. And the server judges whether the message is a replayed message or not by comparing the time of actually receiving the message with the sending time represented by the time stamp. As a possible implementation, when the actual reception time is greater than the transmission time Δ t represented by the timestamp, the message is judged to be a replay message. As one example, Δ t may be 60s. The random number is generated by using a random number algorithm, and the main characteristics of the random number are that the random number cannot be predicted and cannot be repeated in a long time. Since the retransmitted message will contain the same random number, when a message containing the same random number is received, it can be judged that the message is a replay message.
In an embodiment of the present application, the method provided in the embodiment of the present application further includes: receiving a response message sent by a server; the response message includes the second ciphertext; the second ciphertext is encrypted using the first key. Referring to fig. 2, this figure is a schematic flowchart of another communication method provided in the embodiment of the present application. As shown in fig. 2, step 1 is to initiate a request for an application, a plaintext portion in the request message includes appId and a first transaction code, and a ciphertext portion includes a ciphertext obtained by encrypting plaintext request information R, a timestamp ts, and a random number n by using an AES algorithm and a first key appKey. And step 2, the server side decrypts the request, acquires the first secret key appKey to decrypt the first ciphertext to obtain plaintext request information R, a timestamp ts and a random number n. And step 3, the server side verifies whether decryption is successful, and compares whether the combination of (appKey, ts, n) is unique. And step 4, responding by the server, encrypting the plaintext response message by using appKey by the server, and sending the encrypted plaintext response message to the client.
In summary, in the communication method provided by the embodiment of the present application, the client and the server may obtain the first key through the mapping relationship between the first application identifier, the first transaction code, and the first key, and encrypt and decrypt the request message. Therefore, the request message is encrypted and decrypted through the secret key of the application layer, the safety of the request message in transmission is enhanced, extra communication is not needed, and the influence on the communication efficiency is small.
According to the communication method provided by the embodiment, the embodiment of the application also provides a communication device. Referring to fig. 3, a schematic structural diagram of a communication device according to an embodiment of the present application is shown. As shown in fig. 3, the communication apparatus provided in an embodiment of the present application includes: a generating module 100, configured to generate a request message according to a first trigger operation acting on a first application; the request message comprises a first ciphertext, an application identifier of a first application program and a first transaction code corresponding to a first trigger operation; the first ciphertext is encrypted by a first key. A sending module 200, configured to send a request message to a server, so that the server obtains a first key according to the application identifier and the first transaction code; the first key is used to decrypt the first ciphertext.
As a possible implementation manner, the server stores a first mapping relationship of the first key, the application identifier and the first transaction code; the client stores a second mapping relation among the first secret key, the application identifier and the first transaction code; the first mapping relationship is the same as the second mapping relationship.
As a possible implementation, when the first key changes, the first mapping relationship and the second mapping relationship are updated synchronously.
As a possible implementation, the first ciphertext includes: plaintext request information, a timestamp, and a random number; the time stamp and the random number are used to prevent replay of the request message.
As a possible implementation, the apparatus further comprises: the receiving module is used for receiving a response message sent by the server; the response message includes the second ciphertext; the second ciphertext is encrypted using the first key.
In summary, in the communication apparatus provided in the embodiment of the present application, the client and the server may obtain the first key through the mapping relationship between the first application identifier, the first transaction code, and the first key, and encrypt and decrypt the request message. Therefore, the request message is encrypted and decrypted through the secret key of the application layer, the safety of the request message in transmission is enhanced, extra communication is not needed, and the influence on the communication efficiency is small.
From the above description of the embodiments, it is clear to those skilled in the art that all or part of the steps in the method of the above embodiments may be implemented by software plus a necessary general hardware platform. Based on such understanding, the technical solutions of the present application may be essentially or partially implemented in the form of a software product, which may be stored in a storage medium, such as a ROM/RAM, a magnetic disk, an optical disk, etc., and includes several instructions for enabling a computer device (which may be a personal computer, a server, or a network communication device such as a media gateway, etc.) to execute the method of the embodiments or some parts of the embodiments of the present application.
It should be noted that, in the present specification, the embodiments are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments may be referred to each other. The method disclosed by the embodiment corresponds to the system disclosed by the embodiment, so that the description is simple, and the relevant points can be referred to the system part for description.
It should also be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising a … …" does not exclude the presence of another identical element in a process, method, article, or apparatus that comprises the element.
The previous description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the present application. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the application. Thus, the present application is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.
Claims (8)
1. A method of communication, the method being applied to a first application program at a client, the method comprising:
generating a request message according to a first trigger operation acting on the first application program; the request message comprises a first ciphertext, an application identifier of a first application program and a first transaction code corresponding to a first trigger operation; the first ciphertext is encrypted by a first key;
sending the request message to a server so that the server obtains the first secret key according to the application identifier and the first transaction code; the first key is used for decrypting the first ciphertext;
the server stores a first mapping relation among the first secret key, the application identifier and the first transaction code; the client stores a second mapping relation among the first secret key, the application identifier and the first transaction code; the first mapping relationship is the same as the second mapping relationship.
2. The method of claim 1, wherein the first mapping relationship and the second mapping relationship are updated synchronously when the first key changes.
3. The method of claim 1, wherein the first ciphertext comprises:
plaintext request information, a timestamp, and a random number;
the timestamp and nonce are used to prevent replay of the request message.
4. The method of claim 1, further comprising:
receiving a response message sent by a server; the response message includes a second ciphertext; the second ciphertext is encrypted using the first key.
5. A communications apparatus, wherein the apparatus is applied to a first application of a client, the apparatus comprising:
a generation module, configured to generate a request message according to a first trigger operation acting on the first application; the request message comprises a first ciphertext, an application identifier of a first application program and a first transaction code corresponding to a first trigger operation; the first ciphertext is encrypted by a first key;
a sending module, configured to send the request message to a server, so that the server obtains the first key according to the application identifier and the first transaction code; the first key is used for decrypting the first ciphertext; the server stores a first mapping relation among the first secret key, the application identifier and the first transaction code; the client stores a second mapping relation among the first secret key, the application identifier and the first transaction code; the first mapping relationship is the same as the second mapping relationship.
6. The apparatus of claim 5, wherein the first mapping relationship and the second mapping relationship are updated synchronously when the first key changes.
7. The apparatus of claim 5, wherein the first ciphertext comprises:
plaintext request information, a timestamp, and a random number;
the timestamp and nonce are used to prevent replay of the request message.
8. The apparatus of claim 5, further comprising:
the receiving module is used for receiving a response message sent by the server; the response message includes a second ciphertext; the second ciphertext is encrypted using the first key.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011531735.9A CN112653698B (en) | 2020-12-22 | 2020-12-22 | Communication method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011531735.9A CN112653698B (en) | 2020-12-22 | 2020-12-22 | Communication method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112653698A CN112653698A (en) | 2021-04-13 |
| CN112653698B true CN112653698B (en) | 2023-02-28 |
Family
ID=75359236
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011531735.9A Active CN112653698B (en) | 2020-12-22 | 2020-12-22 | Communication method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112653698B (en) |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104468095A (en) * | 2014-11-28 | 2015-03-25 | 华为技术有限公司 | Data transmission method and device |
| CN105915342A (en) * | 2016-07-01 | 2016-08-31 | 广州爱九游信息技术有限公司 | Application program communication processing system, an application program communication processing device, an application program communication processing apparatus and an application program communication processing method |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105635039B (en) * | 2014-10-27 | 2019-01-04 | 阿里巴巴集团控股有限公司 | A kind of secure communication of network method and communication device |
-
2020
- 2020-12-22 CN CN202011531735.9A patent/CN112653698B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104468095A (en) * | 2014-11-28 | 2015-03-25 | 华为技术有限公司 | Data transmission method and device |
| CN105915342A (en) * | 2016-07-01 | 2016-08-31 | 广州爱九游信息技术有限公司 | Application program communication processing system, an application program communication processing device, an application program communication processing apparatus and an application program communication processing method |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112653698A (en) | 2021-04-13 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US7539866B2 (en) | Method of cryptographing wireless data and apparatus using the method | |
| TW548535B (en) | Security system | |
| US11303431B2 (en) | Method and system for performing SSL handshake | |
| CN111245802B (en) | Data transmission security control method, server and terminal | |
| CN107342861B (en) | Data processing method, device and system | |
| JPH1127252A (en) | Key management system, key management device, information ciphering device, information decoder and program recording medium | |
| JP2008503778A (en) | Method for transmitting sync ML synchronization data | |
| KR20070029864A (en) | Method and apparatus for securely transmitting and receiving data in peer to peer | |
| KR20050065986A (en) | System and method for processing message security for web services | |
| CN102100031A (en) | Apparatus and method for providing a security service in a user interface | |
| US10218681B2 (en) | Home network controlling apparatus and method to obtain encrypted control information | |
| CN111970109B (en) | Data transmission method and system | |
| Bali et al. | Lightweight authentication for MQTT to improve the security of IoT communication | |
| CN109218334B (en) | Data processing method, device, access control equipment, authentication server and system | |
| US20170317836A1 (en) | Service Processing Method and Apparatus | |
| CN110311892A (en) | A kind of data capture method and server | |
| CN113347143A (en) | Identity authentication method, device, equipment and storage medium | |
| CN112653698B (en) | Communication method and device | |
| WO2023116266A1 (en) | Communication encryption method, system, and device | |
| CN116055141A (en) | Data security transmission method, system, device and storage medium | |
| JP2011223601A (en) | Method and apparatus for delivering keys | |
| CN112738560A (en) | Video data transmission method, receiving method, server and client | |
| CN110784480A (en) | Data transmission method, system, equipment and storage medium | |
| CN111865565B (en) | Key management method, intelligent device, server and mobile terminal | |
| CN114006697A (en) | Encrypted communication method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |