CN113382001A - Communication encryption method and related device - Google Patents
Communication encryption method and related device Download PDFInfo
- Publication number
- CN113382001A CN113382001A CN202110643775.0A CN202110643775A CN113382001A CN 113382001 A CN113382001 A CN 113382001A CN 202110643775 A CN202110643775 A CN 202110643775A CN 113382001 A CN113382001 A CN 113382001A
- Authority
- CN
- China
- Prior art keywords
- communication
- string
- public key
- client
- key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0442—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a communication encryption method and a communication encryption device, which are applied to a client, wherein the client comprises the following steps: the method comprises a client service layer and a client network layer, wherein a handshake public key is stored in a client in advance, and the communication public key and the number are determined based on the handshake public key, and the method comprises the following steps: the client service layer initiates a communication request to the server, and the encryption request comprises: common parameters and service parameters; the client network layer determines a first request message based on the communication public key, the number and the communication request, wherein the first request message is a ciphertext and is sent to the server, and the server responds to the communication request based on the first request message; and receiving a response message of the server, wherein the response message is a ciphertext. In the process, the first request message is a ciphertext, and the response message returned by the server is also the ciphertext, so that the packet capturing cannot read out related data, the acquired response message cannot analyze out the related data, and the safety of the communication process is improved.
Description
Technical Field
The present invention relates to the field of internet technologies, and in particular, to a communication encryption method and a related apparatus.
Background
With the rapid development of network technology, more and more clients and mobile terminals need to perform frequent network communication, and the problem of communication security becomes more important.
At present, the mainstream interface communication protocol is HTTPS, and various different network environments can be passed through in the communication process, and transmitted data may encounter packet capture and data interception, man-in-the-middle attacks, and even counterfeit requests to illegally obtain resource data, so that the security of the transmitted data in the communication process cannot be guaranteed.
Disclosure of Invention
In view of the above problems, the present invention provides a communication encryption method and a related apparatus, for solving the problem that the security of the transmitted data cannot be guaranteed in the communication process due to the fact that the transmitted data may encounter packet capturing and data interception, even a fake request illegally acquires resource data, through various different network environments in the communication process, and the specific scheme is as follows:
a communication encryption method is applied to a client, and the client comprises: the method comprises a client service layer and a client network layer, wherein a handshake public key is stored in the client in advance, and the communication public key and the number are determined based on the handshake public key, and the method comprises the following steps:
the client service layer initiates a communication request to a server, wherein the communication request comprises: common parameters and service parameters;
the client network layer determines a first request message based on the communication public key, the number and the communication request, wherein the first request message is a ciphertext, and the first request message includes: a first string, a second string, a third string, and a fourth string;
sending the first request message to the server, and enabling the server to respond to the communication request based on the first request message;
and receiving a response message of the server, wherein the response message is a cipher text.
Optionally, in the method described above, a handshake public key is pre-stored in the client, and the communication public key and the number are determined based on the handshake public key, including:
determining the second request message based on the handshake public key, the second request message including: a fifth string, a sixth string, a seventh string, and an eighth string;
sending the second request message to the server, enabling the server to determine the communication public key and the serial number for the second request message, encrypting the communication public key and the serial number, and returning the encrypted communication public key and the encrypted serial number to the client;
and the client network layer receives the encrypted communication public key and the encrypted serial number and decrypts the encrypted communication public key and the encrypted serial number to obtain the communication public key and the encrypted serial number.
Optionally, in the foregoing method, the second request packet is determined based on the handshake public key, where the second request packet includes: a fifth string, a sixth string, a seventh string, and an eighth string, comprising:
generating a first key and a first vector based on the handshake public key;
encrypting the public parameter based on the first key to obtain a fifth character string, encrypting the first key based on the handshake public key to obtain a sixth character string, encrypting the first vector based on the handshake public key to obtain a seventh character string, and taking 0 as an eighth character string.
Optionally, in the method, the client network layer determines a first request packet based on the communication public key, the number, and the communication request, where the first request packet is a ciphertext, and the first request packet includes: the first character string, the second character string, the third character string and the fourth character string include:
generating a second key and a second vector based on the communication public key;
encrypting the public parameter and the service parameter based on the second key to obtain a first character string, encrypting the second key based on the communication public key to obtain a second character string, encrypting the second vector based on the communication public key to obtain a third character string, and taking the serial number as a fourth character string.
A communication encryption method is applied to a server side, and the server side comprises: the method comprises the following steps that:
the server network layer receives a first request message, verifies a fourth character string in the first request message, and determines a communication private key based on the fourth character string under the condition that the verification is passed, wherein the first request message comprises: a first string, a second string, a third string, and a fourth string;
decrypting the second character string based on the communication private key to obtain a second key, decrypting the first character string based on the second key to obtain a public parameter and a service parameter, and sending the service parameter to a service layer of a server;
the service layer of the service end returns a response result to the network layer of the service end based on the service parameter;
and the server network layer determines a response message based on the response result and the fourth character string and sends the response message to the client.
Optionally, in the method, determining, by the server network layer, a response packet based on the response result and the fourth character string includes:
encrypting the response result based on the second key to obtain a ninth character string;
and taking the ninth character string and the fourth character string as the response message.
The above method, optionally, further includes:
and updating the second key under the condition that the first request message is processed.
A communication encryption apparatus applied to a client, the client comprising: the client service layer and the client network layer, a handshake public key is stored in the client in advance, and the communication public key and the number are determined based on the handshake public key, the device comprises:
a request initiating module, configured to initiate, by the client service layer, a communication request to a server, where the communication request includes: common parameters and service parameters;
a first determining module, configured to determine, by the client network layer, a first request packet based on the communication public key, the number, and the communication request, where the first request packet is a ciphertext, and the first request packet includes: a first string, a second string, a third string, and a fourth string;
a sending module, configured to send the first request packet to the server, so that the server responds to the communication request based on the first request packet;
and the receiving module is used for receiving a response message of the server, wherein the response message is a ciphertext.
The above apparatus, optionally, the first determining module includes:
a generating unit configured to generate a second key and a second vector based on the communication public key;
and the encryption unit is used for encrypting the public parameters and the service parameters based on the second secret key to obtain a first character string, encrypting the second secret key based on the communication public key to obtain a second character string, encrypting the second vector based on the communication public key to obtain a third character string, and taking the serial number as a fourth character string.
A communication encryption device is applied to a server side, and the server side comprises: the device comprises a service end service layer and a service end network layer, and comprises:
a receiving and determining module, configured to receive, by the server network layer, a first request packet, verify a fourth character string in the first request packet, and determine, based on the fourth character string, a communication private key when the verification is passed, where the first request packet includes: a first string, a second string, a third string, and a fourth string;
the decryption and sending module is used for decrypting the second character string based on the communication private key to obtain a second key, decrypting the first character string based on the second key to obtain a public parameter and a service parameter, and sending the service parameter to a service layer of a server;
the return module is used for returning a response result to the service end network layer by the service end service layer based on the service parameter;
and the second determining module is used for determining a response message by the network layer of the server based on the response result and the fourth character string and sending the response message to the client.
Compared with the prior art, the invention has the following advantages:
the invention discloses a communication encryption method and a communication encryption device, which are applied to a client, wherein the client comprises the following steps: the method comprises a client service layer and a client network layer, wherein a handshake public key is stored in a client in advance, and the communication public key and the number are determined based on the handshake public key, and the method comprises the following steps: the client service layer initiates a communication request to the server, and the encryption request comprises: common parameters and service parameters; the client network layer determines a first request message based on the communication public key, the number and the communication request, wherein the first request message is a ciphertext and is sent to the server, and the server responds to the communication request based on the first request message; and receiving a response message of the server, wherein the response message is a ciphertext. In the process, the first request message is a ciphertext, and the response message returned by the server is also the ciphertext, so that the packet capturing cannot read out related data, the acquired response message cannot analyze out the related data, and the safety of the communication process is improved.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
Fig. 1 is a flowchart of a communication encryption method according to an embodiment of the present invention;
fig. 2 is another flowchart of a communication encryption method according to an embodiment of the present invention;
fig. 3 is an interaction diagram of a communication encryption method according to an embodiment of the present invention;
FIG. 4 is a block diagram of a communication encryption apparatus according to the present invention;
fig. 5 is a block diagram of another structure of a communication encryption apparatus according to the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The invention discloses a communication encryption method and a device, which are applied to the communication process of a client and a server, in the prior art, as the client and the server pass through various different network environments in the communication process, the client and the server may encounter packet capturing and data interception and even counterfeit requests to illegally obtain resource data, so that the communication safety can not be ensured, in order to solve the problems, the invention provides a communication encryption method which is applied to the client, and the client comprises the following steps: the embodiment of the invention discloses a client service layer and a client network layer, which realize the stripping of the client service layer and the client network layer, wherein the client service layer only processes service related logic, the client network layer is in full-time communication with the server network layer, a plurality of back-end services corresponding to the client network layer all use a uniform data communication protocol, and the client network layer can be an independent so packet or an encapsulated http client. For example: the client initiates a call request 'time now' the access parameters of the network layer are the specific address and the request parameter 'time now', and after the processing according to the protocol, the client sends 'ASDFGH' to the target address.
The client stores a handshake public key in advance, preferably, in the embodiment of the present invention, the handshake public key is a 0 RSA public key corresponding to the 0 RSA public key, preferably, the 0 RSA public key is stored in a png file according to a special format of the png file, the 0 RSA public key is a special public key, and is written in the client file, and meanwhile, the client does not permanently fail at the server, and the 0 RAS public key cannot call other service interfaces, and can only be processed by acquiring and updating public key interfaces. The communication public key and the number are determined based on the handshake public key, where the number is used to identify the communication public key, and the communication public key is used in a communication process with the server. The specific determination process of the communication public key and the number is as follows:
the client network layer needs to decode png pictures built in the App to obtain the RSA public key information No. 0, then randomly generate a first key1 and a first vector iv1 encrypted by AES, and store the keys and the first vector in a memory, wherein the first key and the first vector are valid during the current session; encrypting client public parameters by using the first key to obtain a fifth character string d1, encrypting the first key1 into a sixth character string k1 based on the handshake public key, encrypting the first vector iv1 into a seventh character string i1 based on the handshake public key, assigning the number 0 of the handshake public key to an eighth character string v1 to obtain a requested JSON format message (second request message) { "i 1": a "public key handshake encrypted first vector", "k 1": a "handshake public key encrypted first key", "d 1": a "client public parameter encrypted by a first key", "v 1": 0 "}, initiating an http request, wherein the requested API name can be getHttpUpdateInfo;
after the network layer of the server side obtains the request of the getHttpUpdateInfo interface, no actual service processing is carried out, a corresponding number handshake private key stored by the server side is obtained according to the eighth character string v1 in the interface parameters, a first key used by the current session of the client side is obtained based on the handshake private key to decrypt i1 and k1 in the interface parameters, the communication public key and the number of the current server side are encrypted into a tenth character string d1 by using the first key, and the tenth character string d1 is assembled into a JSON format as follows: { "v 1": 0, d1, a latest RSA public key and number information encrypted by using a client AES key, and returning the latest RSA public key and the number information to the client, wherein the communication public key is the latest encrypted public key of the current server, the number has a corresponding relationship with the communication, and the corresponding relationship is given in advance;
after receiving the second cross string d1, the client network layer decrypts the first key reserved in the memory to obtain the communication public key and the serial number, and stores the communication public key and the serial number in the memory, wherein the stored data is valid all the time before the APP is closed; if the APP is finished, the number and the communication public key stored in the memory need to be cleared. Preferably, the determination of said communication public key and said number only occurs in the case of a first start of the client APP.
In the embodiment of the invention, the first key is effective only when the HTTP request is initiated once, a new first key needs to be regenerated when the HTTP request is initiated each time, the first key cannot be reused, and data is destroyed after the HTTP request is ended.
The execution flow of the encryption method is shown in fig. 1, and comprises the following steps:
s101, the client service layer initiates a communication request to a server, and the communication request comprises: common parameters and service parameters;
in the embodiment of the invention, the client service layer assembles the parameters and the public parameters of the service request, calls the interface of the network layer and initiates the communication request with the server.
S102, the client network layer determines a first request message based on the communication public key, the number and the communication request, wherein the first request message is a cipher text, and the first request message comprises: a first string, a second string, a third string, and a fourth string;
in the embodiment of the invention, the network layer of the client side firstly checks whether the communication public key which is not 0 exists in the memory, if not, the communication public key is determined again, if so, the network layer of the client side reads the communication public key and the number in the memory, and then the key2 and the vector iv2 encrypted by AES are randomly generated and stored in the memory, and the current session period is effective; the client public parameters and the service parameters are encrypted by using the second key to obtain a first character string d2, the second key2 is encrypted into a second character string k2 by using the communication public key, the second vector iv2 is encrypted into a third character string i2 by using the communication public key, and the number is assigned to a fourth character string v2 to obtain a requested JSON format message (first request message) { "i 2": the second vector encrypted by the communication public key "," k ": the second key encrypted by the communication public key", "d 2": the client public parameters and the service parameters encrypted by the second key "," v2 ": the actual number of the communication public key stored in the memory" }, and an http request is initiated.
In the embodiment of the invention, the second key is effective only when the HTTP request is initiated once, a new second key needs to be regenerated when the HTTP request is initiated each time, the second key cannot be reused, and data is destroyed after the HTTP request is ended.
Further, the communication public key and the serial number are not persisted in the client, and are only stored when the APP is started, and the memory data is destroyed when the APP is closed.
S103, sending the first request message to the server, and enabling the server to respond to the communication request based on the first request message;
in the embodiment of the present invention, the first request packet is sent to the server, and the server responds to the communication request based on the first request packet to obtain a response packet, and sends the response packet to the client.
And S104, receiving a response message of the server, wherein the response message is a cipher text.
In the embodiment of the invention, the client receives the response message, in order to ensure the transmission safety, the response message is a ciphertext, after the client network layer receives the response message, the communication private key corresponding to the current session stored in the memory is determined based on the actual number of the current communication public key, the service data responded by the server is obtained based on the decryption of the communication private key, and the service data is delivered to the client service layer for subsequent logic processing.
The invention discloses a communication encryption method and a communication encryption device, which are applied to a client, wherein the client comprises the following steps: the method comprises a client service layer and a client network layer, wherein a handshake public key is stored in a client in advance, and the communication public key and the number are determined based on the handshake public key, and the method comprises the following steps: the client service layer initiates a communication request to the server, and the encryption request comprises: common parameters and service parameters; the client network layer determines a first request message based on the communication public key, the number and the communication request, wherein the first request message is a ciphertext and is sent to the server, and the server responds to the communication request based on the first request message; and receiving a response message of the server, wherein the response message is a ciphertext. In the process, the first request message is a ciphertext, and the response message returned by the server is also the ciphertext, so that the packet capturing cannot read out related data, the acquired response message cannot analyze out the related data, and the safety of the communication process is improved.
The invention provides a communication encryption method, which is applied to a server side, wherein the server side comprises the following steps: the execution flow of the method is shown in fig. 2, and includes the steps of:
s201, the server network layer receives a first request packet, verifies a fourth character string in the first request packet, and determines a communication private key based on the fourth character string when the verification is passed, where the first request packet includes: a first string, a second string, a third string, and a fourth string;
in the embodiment of the invention, a service end separates a service end service layer from a service end network layer, the service end service layer only focuses on processing service data according to parameters, the service end network layer is responsible for protocol coding, decoding and analyzing and converting messages, the service end network layer can be realized as a gateway, can be in a jar packet form or an abstract Servlet or interceptor, after receiving a first request message of a client, the service end network layer verifies a fourth character string in the first request message, wherein the fourth character string stores a number of a communication public key, firstly checks that the number v is not 0, and reads a communication private key corresponding to the number if the check is passed.
S202, decrypting the second character string based on the communication private key to obtain a second key, decrypting the first character string based on the second key to obtain a public parameter and a service parameter, and sending the service parameter to a service layer of a server;
in this embodiment of the present invention, the server network layer decrypts the second character string based on the communication private key to obtain a second key2, decrypts the first character string based on the second key to obtain a public parameter and a service parameter, and sends the public parameter and the service parameter to the server network layer.
S203, the service layer of the service end returns a response result to the network layer of the service end based on the service parameter;
in the embodiment of the invention, after receiving the public parameter and the service parameter, the service layer of the service end responds to the first request message based on the service parameter to obtain a response result, and the response result is delivered to the service layer of the service end.
S204, the network layer of the server determines a response message based on the response result and the fourth character string, and sends the response message to the client.
In the embodiment of the present invention, the response result returned by the network layer of the server is encrypted into the ninth character string d2 by regenerating the corresponding communication key, and the response client side uses the following JSON packet (response packet): { "v 2": the actual number of the communication public key stored in the memory, the d2, and the response result encrypted by the encryption key regenerated by the client are used, and the response message is sent to the client.
The invention discloses a communication encryption method, which is applied to a server side, wherein the server side comprises the following steps: the method comprises the following steps: the server network layer receives a first request message, verifies a fourth character string in the first request message, and determines a communication private key based on the fourth character string under the condition that the verification is passed, wherein the first request message comprises: a first string, a second string, a third string, and a fourth string; decrypting the second character string based on the communication private key to obtain a second key, decrypting the first character string based on the second key to obtain a public parameter and a service parameter, and sending the service parameter to a service layer of a server; the service layer of the service end returns a response result to the network layer of the service end based on the service parameter; and the server network layer determines a response message based on the response result and the fourth character string, and sends the response message to the client, wherein in the process, the first request message is a ciphertext, and the response message returned by the server is also the ciphertext, so that the packet capture cannot read out related data, the acquired response message cannot analyze the related data, and the safety of the communication process is improved.
In the embodiment of the invention, the functions of the server and the client are the same, but the logic is the reverse. For example, the network layer of the server receives an ASDFGH message from the client, and resolves the ASDFGH message into a specific parameter "time now". The service layer of the service end inputs the parameters as the current time, returns to the parameters of 3 months and 10 days in 2021 years after being processed according to the service logic, which is the output parameters of the service layer, and the network layer of the service end converts the parameters of 3 months and 10 days in 2021 years returned by the service layer into QWERT (QWERT) according to the protocol and returns the QWERT (response message) to the client.
Based on the above communication encryption method, when the client APP is started, the interaction flow between the client and the server is as shown in fig. 3, and the communication process respectively occurs to a client service layer, a client network layer, a server service layer, and a server network, and the client service layer initiates a service request, where the service request parameter may be { "username": "user 001", "password: "pass 001", the client network layer reads the local public key () No. 0 from the file, generates a random AES encryption key and vector, constructs network initialization request data (), updates the latest public key request, and preconditions pre-condition: the RSA public key is required to be updated only when the client is started every time, the life cycle is that the APP is resident in the memory after being opened, and the effect is also achieved when the background is called. The method comprises the steps that a server network layer detects a public key label, obtains a corresponding private key (), decrypts an AES encrypted key and a vector (), obtains a latest RSA public key number in a current system at the server service layer, encrypts the latest RSA public key and the latest RSA public key number () by using an AES key and a vector of a client, sends the encrypted latest public key and the encrypted number to the client network layer, decrypts data by using the AES key of a current session, stores the data into a memory (), regenerates a random AES encryption key and a random AES vector () of a new session, encrypts a service parameter by using the new AES key to initiate a service request for D, and initiates a request to the server every time by using the process (process), the AES key needs to be regenerated, and the life cycle is effective in a current HTTP request session. The method comprises the steps that a server network layer decrypts a new AES key () by using a corresponding RSA private key, decrypts real request data () by using the AES key, and sends service request plaintext data to the server network layer, the server network sends service response data to the server network layer based on the service request plaintext, the server network layer sends a ciphertext encrypted by using the AES key of a current session to a client network layer, and the client network layer decrypts the service data () by using the current AES key and sends the service data back to the client service layer for service processing. As shown in fig. 3, the interface communication protocol is in JSON format, and the update public key interface packet is as follows: {
"v": 0// identify the RSA public key currently 0
"k": 'ssaa'// AES key encrypted with RSA public key
"i": "adww"// AES vector encrypted with RSA public key
"d": "xxzzdsad"// AES Key encrypted base64 ciphertext
}
Remarking: no. 0 public key has no job processing no matter what value is transmitted, and can be used as equipment information.
The service parameter interface messages are as follows:
{
v8// the server returns the latest RSA public key No. 8 at present
"k": "22 swe"// AES key encrypted with RSA public key
"i": "42 sa"// AES vector encrypted with RSA public key
"d": "sadasd"// AES Key encrypted base64 ciphertext
}
In the embodiment of the invention, the simplified processing flow of the process is as follows:
a client service layer: giving a clear text to a client network layer;
a client network layer: receiving a client service layer plaintext, sending a ciphertext to a server, receiving the server ciphertext, and sending the client service layer plaintext to the client service layer plaintext;
a service end network layer: receiving a client ciphertext and sending the client ciphertext to a service layer plaintext of a server;
a service layer of a server: receiving the plaintext of the network layer of the service end and giving the plaintext to the network layer of the service end;
a service end network layer: and processing the plaintext of the service layer of the server and replying the ciphertext to the client.
Based on the above communication encryption method, an embodiment of the present invention further provides a communication encryption apparatus, where the apparatus is applied to a client, and the client includes: a client service layer and a client network layer, where a handshake public key is pre-stored in the client, and the communication public key and the number are determined based on the handshake public key, and a structural block diagram of the device is shown in fig. 4, and includes:
a request initiating module 301, a first determining module 302, a sending module 303 and a receiving module 304.
Wherein the content of the first and second substances,
the request initiating module 301 is configured to initiate, by the client service layer, a communication request to a server, where the communication request includes: common parameters and service parameters;
the first determining module 302 is configured to determine, by the client network layer, a first request packet based on the communication public key, the number, and the communication request, where the first request packet is a ciphertext, and the first request packet includes: a first string, a second string, a third string, and a fourth string;
the sending module 303 is configured to send the first request packet to the server, so that the server responds to the communication request based on the first request packet;
the receiving module 304 is configured to receive a response packet of the server, where the response packet is a ciphertext.
The invention discloses a communication encryption device, which is applied to a client, wherein the client comprises: the client service layer and the client network layer, the client stores the handshake public key in advance, and determines the communication public key and the number based on the handshake public key, the device includes: the client service layer initiates a communication request to the server, and the encryption request comprises: common parameters and service parameters; the client network layer determines a first request message based on the communication public key, the number and the communication request, wherein the first request message is a ciphertext and is sent to the server, and the server responds to the communication request based on the first request message; and receiving a response message of the server, wherein the response message is a ciphertext. In the process, the first request message is a ciphertext, and the response message returned by the server is also the ciphertext, so that the packet capturing cannot read out related data, the acquired response message cannot analyze out the related data, and the safety of the communication process is improved.
In this embodiment of the present invention, the first determining module 302 includes:
a generating unit 305 and an encrypting unit 306.
Wherein the content of the first and second substances,
the generating unit 305 is configured to generate a second key and a second vector based on the communication public key;
the encrypting unit 306 is configured to encrypt the public parameter and the service parameter based on the second key to obtain a first character string, encrypt the second key based on the communication public key to obtain a second character string, encrypt the second vector based on the communication public key to obtain a third character string, and use the serial number as a fourth character string.
Based on the above communication encryption method, in an embodiment of the present invention, a communication encryption apparatus is further provided, which is applied to a server side, where the server side includes: a structural block diagram of the device is shown in fig. 5, and the device includes:
a receiving and determining module 401, a decrypting and sending module 402, a returning module 403 and a second determining module 404.
Wherein the content of the first and second substances,
the receiving and determining module 401 is configured to receive a first request packet by the server network layer, verify a fourth character string in the first request packet, and determine a communication private key based on the fourth character string when the verification is passed, where the first request packet includes: a first string, a second string, a third string, and a fourth string;
the decryption and sending module 402 is configured to decrypt the second character string based on the communication private key to obtain a second key, decrypt the first character string based on the second key to obtain a public parameter and a service parameter, and send the service parameter to a service layer of a service end;
the returning module 403 is configured to return, by the service layer, a response result to the service network layer based on the service parameter;
the second determining module 404 is configured to determine, by the server network layer, a response packet based on the response result and the fourth character string, and send the response packet to the client.
The invention discloses a communication encryption device, which is applied to a server side, wherein the server side comprises: the device comprises a service end service layer and a service end network layer, and comprises: the server network layer receives a first request message, verifies a fourth character string in the first request message, and determines a communication private key based on the fourth character string under the condition that the verification is passed, wherein the first request message comprises: a first string, a second string, a third string, and a fourth string; decrypting the second character string based on the communication private key to obtain a second key, decrypting the first character string based on the second key to obtain a public parameter and a service parameter, and sending the service parameter to a service layer of a server; the service layer of the service end returns a response result to the network layer of the service end based on the service parameter; and the server network layer determines a response message based on the response result and the fourth character string, and sends the response message to the client, wherein in the process, the first request message is a ciphertext, and the response message returned by the server is also the ciphertext, so that the packet capture cannot read out related data, the acquired response message cannot analyze the related data, and the safety of the communication process is improved.
It should be noted that, in the present specification, the embodiments are all described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments may be referred to each other. For the device-like embodiment, since it is basically similar to the method embodiment, the description is simple, and for the relevant points, reference may be made to the partial description of the method embodiment.
Finally, it should also be noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
The above detailed description is provided for a communication encryption method and apparatus provided by the present invention, and a specific example is applied in the present text to explain the principle and the implementation of the present invention, and the description of the above embodiment is only used to help understanding the method and the core idea of the present invention; meanwhile, for a person skilled in the art, according to the idea of the present invention, there may be variations in the specific embodiments and the application scope, and in summary, the content of the present specification should not be construed as a limitation to the present invention.
Claims (10)
1. A communication encryption method applied to a client, the client comprising: the method comprises a client service layer and a client network layer, wherein a handshake public key is stored in the client in advance, and the communication public key and the number are determined based on the handshake public key, and the method comprises the following steps:
the client service layer initiates a communication request to a server, wherein the communication request comprises: common parameters and service parameters;
the client network layer determines a first request message based on the communication public key, the number and the communication request, wherein the first request message is a ciphertext, and the first request message includes: a first string, a second string, a third string, and a fourth string;
sending the first request message to the server, and enabling the server to respond to the communication request based on the first request message;
and receiving a response message of the server, wherein the response message is a cipher text.
2. The method of claim 1, wherein a handshake public key is pre-stored in the client, and the determining the communication public key and the number based on the handshake public key comprises:
determining the second request message based on the handshake public key, the second request message including: a fifth string, a sixth string, a seventh string, and an eighth string;
sending the second request message to the server, enabling the server to determine the communication public key and the serial number for the second request message, encrypting the communication public key and the serial number, and returning the encrypted communication public key and the encrypted serial number to the client;
and the client network layer receives the encrypted communication public key and the encrypted serial number and decrypts the encrypted communication public key and the encrypted serial number to obtain the communication public key and the encrypted serial number.
3. The method of claim 2, wherein determining the second request message based on the handshake public key comprises: a fifth string, a sixth string, a seventh string, and an eighth string, comprising:
generating a first key and a first vector based on the handshake public key;
encrypting the public parameter based on the first key to obtain a fifth character string, encrypting the first key based on the handshake public key to obtain a sixth character string, encrypting the first vector based on the handshake public key to obtain a seventh character string, and taking 0 as an eighth character string.
4. The method of claim 1, wherein the client network layer determines a first request packet based on the public communication key, the number, and the communication request, wherein the first request packet is a ciphertext, and wherein the first request packet comprises: the first character string, the second character string, the third character string and the fourth character string include:
generating a second key and a second vector based on the communication public key;
encrypting the public parameter and the service parameter based on the second key to obtain a first character string, encrypting the second key based on the communication public key to obtain a second character string, encrypting the second vector based on the communication public key to obtain a third character string, and taking the serial number as a fourth character string.
5. A communication encryption method is applied to a server side, and the server side comprises: the method comprises the following steps that:
the server network layer receives a first request message, verifies a fourth character string in the first request message, and determines a communication private key based on the fourth character string under the condition that the verification is passed, wherein the first request message comprises: a first string, a second string, a third string, and a fourth string;
decrypting the second character string based on the communication private key to obtain a second key, decrypting the first character string based on the second key to obtain a public parameter and a service parameter, and sending the service parameter to a service layer of a server;
the service layer of the service end returns a response result to the network layer of the service end based on the service parameter;
and the server network layer determines a response message based on the response result and the fourth character string and sends the response message to the client.
6. The method of claim 5, wherein the determining, by the server network layer, a response packet based on the response result and the fourth string comprises:
encrypting the response result based on the second key to obtain a ninth character string;
and taking the ninth character string and the fourth character string as the response message.
7. The method of claim 5, further comprising:
and updating the second key under the condition that the first request message is processed.
8. A communication encryption apparatus, applied to a client, the client comprising: the client service layer and the client network layer, a handshake public key is stored in the client in advance, and the communication public key and the number are determined based on the handshake public key, the device comprises:
a request initiating module, configured to initiate, by the client service layer, a communication request to a server, where the communication request includes: common parameters and service parameters;
a first determining module, configured to determine, by the client network layer, a first request packet based on the communication public key, the number, and the communication request, where the first request packet is a ciphertext, and the first request packet includes: a first string, a second string, a third string, and a fourth string;
a sending module, configured to send the first request packet to the server, so that the server responds to the communication request based on the first request packet;
and the receiving module is used for receiving a response message of the server, wherein the response message is a ciphertext.
9. The apparatus of claim 8, wherein the first determining module comprises:
a generating unit configured to generate a second key and a second vector based on the communication public key;
and the encryption unit is used for encrypting the public parameters and the service parameters based on the second secret key to obtain a first character string, encrypting the second secret key based on the communication public key to obtain a second character string, encrypting the second vector based on the communication public key to obtain a third character string, and taking the serial number as a fourth character string.
10. A communication encryption apparatus, applied to a server, the server comprising: the device comprises a service end service layer and a service end network layer, and comprises:
a receiving and determining module, configured to receive, by the server network layer, a first request packet, verify a fourth character string in the first request packet, and determine, based on the fourth character string, a communication private key when the verification is passed, where the first request packet includes: a first string, a second string, a third string, and a fourth string;
the decryption and sending module is used for decrypting the second character string based on the communication private key to obtain a second key, decrypting the first character string based on the second key to obtain a public parameter and a service parameter, and sending the service parameter to a service layer of a server;
the return module is used for returning a response result to the service end network layer by the service end service layer based on the service parameter;
and the second determining module is used for determining a response message by the network layer of the server based on the response result and the fourth character string and sending the response message to the client.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110643775.0A CN113382001B (en) | 2021-06-09 | 2021-06-09 | Communication encryption method and related device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110643775.0A CN113382001B (en) | 2021-06-09 | 2021-06-09 | Communication encryption method and related device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113382001A true CN113382001A (en) | 2021-09-10 |
| CN113382001B CN113382001B (en) | 2023-02-07 |
Family
ID=77573142
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110643775.0A Active CN113382001B (en) | 2021-06-09 | 2021-06-09 | Communication encryption method and related device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113382001B (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114401102A (en) * | 2021-11-29 | 2022-04-26 | 南威软件股份有限公司 | HTTP request parameter encryption scheme based on cryptographic algorithm |
| CN115225352A (en) * | 2022-06-30 | 2022-10-21 | 厦门职行力信息科技有限公司 | Hybrid encryption method and system |
| CN115473731A (en) * | 2022-09-09 | 2022-12-13 | 北京融和友信科技股份有限公司 | Method for obfuscating HTTP network protocol interface address |
Citations (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JPH1020783A (en) * | 1996-06-28 | 1998-01-23 | Meteoola Syst Kk | Random number generating device, random number generating system and cipher communication system |
| JPH1093547A (en) * | 1996-09-13 | 1998-04-10 | Canon Inc | Communication equipment, system and method |
| JP2001101082A (en) * | 1999-07-29 | 2001-04-13 | Xaxon R & D Corp | Identification key by ic chip or the like and duplication preventing method and secrecy managing method for file using the same identification key and related device |
| US6754820B1 (en) * | 2001-01-30 | 2004-06-22 | Tecsec, Inc. | Multiple level access system |
| US20060005026A1 (en) * | 2004-06-09 | 2006-01-05 | Samsung Electronics Co., Ltd. | Method and apparatus for secure communication reusing session key between client and server |
| CN101986596A (en) * | 2010-10-21 | 2011-03-16 | 无锡江南信息安全工程技术中心 | Key management mechanism |
| CN102833253A (en) * | 2012-08-29 | 2012-12-19 | 五八同城信息技术有限公司 | Method and server for establishing safe connection between client and server |
| WO2015184812A1 (en) * | 2014-11-06 | 2015-12-10 | 中兴通讯股份有限公司 | Method for logging in to cloud terminal, cloud terminal, cloud server and cloud system |
| CN105307165A (en) * | 2015-10-10 | 2016-02-03 | 中国民生银行股份有限公司 | Communication method based on mobile application, server and client |
| CN106412897A (en) * | 2016-10-08 | 2017-02-15 | 西安瀚炬网络科技有限公司 | WiFi authentication method based on server |
| CN110138765A (en) * | 2019-05-10 | 2019-08-16 | 腾讯科技(深圳)有限公司 | Data processing method and device |
| US20200007320A1 (en) * | 2017-03-15 | 2020-01-02 | Alibaba Group Holding Limited | Key Encryption Methods, Apparatuses, and Systems |
-
2021
- 2021-06-09 CN CN202110643775.0A patent/CN113382001B/en active Active
Patent Citations (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JPH1020783A (en) * | 1996-06-28 | 1998-01-23 | Meteoola Syst Kk | Random number generating device, random number generating system and cipher communication system |
| JPH1093547A (en) * | 1996-09-13 | 1998-04-10 | Canon Inc | Communication equipment, system and method |
| JP2001101082A (en) * | 1999-07-29 | 2001-04-13 | Xaxon R & D Corp | Identification key by ic chip or the like and duplication preventing method and secrecy managing method for file using the same identification key and related device |
| US6754820B1 (en) * | 2001-01-30 | 2004-06-22 | Tecsec, Inc. | Multiple level access system |
| US20060005026A1 (en) * | 2004-06-09 | 2006-01-05 | Samsung Electronics Co., Ltd. | Method and apparatus for secure communication reusing session key between client and server |
| CN101986596A (en) * | 2010-10-21 | 2011-03-16 | 无锡江南信息安全工程技术中心 | Key management mechanism |
| CN102833253A (en) * | 2012-08-29 | 2012-12-19 | 五八同城信息技术有限公司 | Method and server for establishing safe connection between client and server |
| WO2015184812A1 (en) * | 2014-11-06 | 2015-12-10 | 中兴通讯股份有限公司 | Method for logging in to cloud terminal, cloud terminal, cloud server and cloud system |
| CN105307165A (en) * | 2015-10-10 | 2016-02-03 | 中国民生银行股份有限公司 | Communication method based on mobile application, server and client |
| CN106412897A (en) * | 2016-10-08 | 2017-02-15 | 西安瀚炬网络科技有限公司 | WiFi authentication method based on server |
| US20200007320A1 (en) * | 2017-03-15 | 2020-01-02 | Alibaba Group Holding Limited | Key Encryption Methods, Apparatuses, and Systems |
| CN110138765A (en) * | 2019-05-10 | 2019-08-16 | 腾讯科技(深圳)有限公司 | Data processing method and device |
Non-Patent Citations (2)
| Title |
|---|
| 李航: "《计算机网络管理与安全技术》", 31 December 2003 * |
| 杨璐: "一种改进SSL/TLS协议的通信加密方案", 《中国新通信》 * |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114401102A (en) * | 2021-11-29 | 2022-04-26 | 南威软件股份有限公司 | HTTP request parameter encryption scheme based on cryptographic algorithm |
| CN115225352A (en) * | 2022-06-30 | 2022-10-21 | 厦门职行力信息科技有限公司 | Hybrid encryption method and system |
| CN115225352B (en) * | 2022-06-30 | 2024-04-23 | 厦门职行力信息科技有限公司 | Hybrid encryption method and system |
| CN115473731A (en) * | 2022-09-09 | 2022-12-13 | 北京融和友信科技股份有限公司 | Method for obfuscating HTTP network protocol interface address |
| CN115473731B (en) * | 2022-09-09 | 2023-09-19 | 北京融和友信科技股份有限公司 | Method for confusing HTTP network protocol interface address |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113382001B (en) | 2023-02-07 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN113382001B (en) | Communication encryption method and related device | |
| CN110691087B (en) | Access control method, device, server and storage medium | |
| WO2018000886A1 (en) | Application program communication processing system, apparatus, method, and client terminal, and server terminal | |
| CN110401629B (en) | Authorization activation method and related device | |
| CN108243176B (en) | Data transmission method and device | |
| CN105306211B (en) | A kind of identity identifying method of client software | |
| CN109510802B (en) | Authentication method, device and system | |
| CN110933078B (en) | H5 unregistered user session tracking method | |
| CN107517194B (en) | Return source authentication method and device of content distribution network | |
| CN105491073B (en) | Data downloading method, device and system | |
| CN110213247B (en) | Method and system for improving safety of pushed information | |
| CN111130798B (en) | Request authentication method and related equipment | |
| US8099602B2 (en) | Methods for integrating security in network communications and systems thereof | |
| CN113382002B (en) | Data request method, request response method, data communication system, and storage medium | |
| CN112738117A (en) | Data transmission method, device and system, storage medium and electronic device | |
| CN107094156A (en) | A kind of safety communicating method and system based on P2P patterns | |
| CN104579657A (en) | Method and device for identity authentication | |
| CN108768928B (en) | Information acquisition method, terminal and server | |
| CN113204772A (en) | Data processing method, device, system, terminal, server and storage medium | |
| CN114390524B (en) | Method and device for realizing one-key login service | |
| CN112738101B (en) | Message processing method and device | |
| US20240064143A1 (en) | Methods, mediums, and systems for verifying devices in an encrypted messaging system | |
| US11888822B1 (en) | Secure communications to multiple devices and multiple parties using physical and virtual key storage | |
| CN103812843B (en) | Method for authenticating and system based on WebService applications | |
| US11658955B1 (en) | Methods, mediums, and systems for verifying devices in an encrypted messaging system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |