CN115442074A - Data interaction method for iOS mobile terminal and server back-end - Google Patents
Data interaction method for iOS mobile terminal and server back-end Download PDFInfo
- Publication number
- CN115442074A CN115442074A CN202210916893.9A CN202210916893A CN115442074A CN 115442074 A CN115442074 A CN 115442074A CN 202210916893 A CN202210916893 A CN 202210916893A CN 115442074 A CN115442074 A CN 115442074A
- Authority
- CN
- China
- Prior art keywords
- data
- public key
- server
- mobile terminal
- ios mobile
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0442—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0435—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0618—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
- H04L9/0631—Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention discloses a data interaction method of an IOS mobile terminal and a server back end, relating to the technical field of the Internet; the method comprises the following steps: s10, generating a certificate file; s20, the RSA public key is placed at a server side, and the updating state of the RSA public key is checked firstly when the APP is started; s30, obtaining a public key file of the asymmetric encryption RSA through the step S20, and encrypting the AES secret key by using the RSA public key; s40, the server back end acquires the request data of the IOS mobile end and returns the encrypted data to the IOS mobile end; s50, data interaction between the IOS mobile terminal and the rear end of the server is carried out by calling a service interaction interface provided by the rear end of the server; s60, analyzing the response data of each service interface obtained in the step S50, and applying the data to a scene corresponding to the IOS mobile terminal; the invention has the beneficial effects that: by encrypting the transmitted data and the secret key, plaintext transmission of data interaction between the server and the back end is avoided, and data security is ensured.
Description
Technical Field
The invention relates to the technical field of internet, in particular to a data interaction method of an iOS mobile terminal and a server back end.
Background
The IOS is a mobile operating system developed by apple inc, with the IOS client running on the IOS system. The existing interaction method of the IOS client and the HTML page generally realizes data interaction of the IOS client and the HTML page based on JavaScript core.
In the prior art, the following problems generally exist in relation to data interaction between an IOS mobile terminal and a server backend: firstly, if the application of the current iOS mobile terminal does not verify the transmitted data of the certificate, the data is easy to be subjected to packet capturing; and secondly, when the application of the current iOS mobile terminal is in data interactive transmission with the rear end of the server, the application is not encrypted and is easy to crack.
Disclosure of Invention
In order to overcome the defects of the prior art, the invention provides a data interaction method of an iOS mobile terminal and a server back end, which avoids plaintext transmission of data interaction between the iOS mobile terminal and the server back end by encrypting transmitted data and a secret key, and ensures data safety.
The technical scheme adopted by the invention for solving the technical problems is as follows: in a method of data interaction between an IOS mobile and a server backend, the improvement comprising the steps of:
s10, generating a certificate file, and starting an IOS mobile terminal to set a certificate verification mode to prevent the package from being seized;
s20, the RSA public key is placed at the server side, the updating state of the RSA public key is checked firstly when the APP is started, if the APP is updated, the APP is downloaded and updated, and if the APP is not updated, an interface for data interaction with the server side is called normally;
s30, obtaining a public key file of the asymmetric encryption RSA through the step S20, generating a random number with a fixed length as an encryption and decryption secret key of the symmetric encryption AES, encrypting the content of the request body by using a symmetric encryption AES mode, and encrypting the AES secret key by using an asymmetric encryption RSA public key through the obtained public key file of the RSA;
s40, through the step S30, the back end of the server acquires the request data of the IOS mobile terminal, and finally, the back end of the server encrypts the data needing to be returned in a mirror mode through verification and analysis and returns the encrypted data to the IOS mobile terminal;
s50, performing data interaction between the IOS mobile terminal and the server back end by calling a service interaction interface provided by the server back end, encrypting parameters of the mobile terminal by the step S30, and responding the server back end to the data by the step S40;
and S60, analyzing the response data of each service interface obtained in the step S50, so as to apply the data to a scene corresponding to the IOS mobile terminal.
Further, step S10 includes the following steps:
s101, generating a public key certificate format file cer of a hypertext transfer security protocol https through a certificate file issued by a certificate authority, named as certificate, and putting the file on a root of an iOS mobile terminal development project xcdeoe project;
s102, converting a public key certificate file into binary NSData format data by using a binary data NSData instantiation method dataWithContentsOfFile;
s103, if a plurality of public key certificates exist, generating data in a plurality of binary data formats through the steps S101 and S102;
s104, initializing a certificate mode through a certificate verification mode AFSecurityPolicy, and defining the obtained initialization object as securityPolicy;
s105, setting the value of whether the certificate instance object securityPolicy opens the certificate verification attribute allowaInvalCertificates as true, and indicating that the self-built certificate needs to be verified;
s106, whether the value of the domain name attribute validatesdominName of the certificate instance object securityPolicy is verified is false, which indicates that the domain name is not verified in the certificate domain field;
s107, setting the value of a certificate data parameter pineddcertificates of a certificate instance object securityPolicy, and assigning binary data NSData generated in the steps S101-S103 to the upper part;
and S108, assigning the obtained certificate instance object securityPolicy to a network request single instance AFHTTPSessionsManager, thereby realizing the security verification of the certificate when the iOS mobile terminal calls the server terminal interface.
Further, in step S30, the service parameters included in the requestor object content include a request source src, a current application version number version, and a current device unique identifier deviceId.
Further, step S20 includes the following steps:
s201, defining necessary conditions, wherein the necessary conditions comprise an encryption key, an encryption length sizes, a displacement padding and a mode model of the symmetric encryption AES;
s202, generating a public key file of the asymmetric encryption RSA, encrypting the public key file by the AES in the step S201, and storing the public key file in a server;
s203, when the APP is started, whether the identification of the RSA public key file needs to be downloaded is checked, if yes, a server side is called to download an RSA public key interface, and the public key output in the step S202 is downloaded;
s204, defining the identifier of the public key to be updated, returning the identifier of the public key to be updated to the IOS mobile terminal in the interface of the current calling server terminal when the public key is updated, packaging, intercepting and analyzing the state at the uniform interface by the IOS mobile terminal, updating the identifier of the RSA public key to be downloaded if the state is detected, and downloading the public key output in the step S202 first and then executing the next time when the server terminal interface is called for network request next time;
s205, when the APP obtains the public key through the downloading in the step S202, the RSA public key is obtained through the decryption of the secret key agreed in the step S201.
Further, step S30 includes the following steps:
s301, defining a method for generating a random character string as- (NSString) (-getRandowMtrigingWithLength (NSInteger) length;
s302, circulating through a circulating method for, taking the length h of the step S301 as the maximum circulating frequency, obtaining the value of a random number in the circulation through a random number method arc4random to be defined as a, then obtaining the random value of each circulation by taking the remainder of a, splicing the random values through a string splicing method string ByAppendingString, and finally outputting a random string;
s303, when the IOS mobile terminal calls the server interface to acquire data, firstly generating a random character string with a certain random length by the random number acquiring method getRandomStringWithLength in the step S301, and using the random character string as a symmetric encryption AES secret key AESKey for symmetrically encrypting the requested parameters;
s304, when a network request is made, converting the requested parameters into JSON character strings in a data exchange format, and encrypting the request body character strings by using a symmetric encryption mode AES through the obtained random secret key to obtain encrypted request body content;
s305, through the public key of the obtained asymmetric encryption RSA, the obtained random secret key AESKey is subjected to asymmetric encryption through the public key, and the output value is checkKey;
s306, performing sha256 signature on the parameters of the request to output a signature value sign for the server to verify the legal line of the request;
s307, the obtained request body content generated by the request parameters, the obtained checkKey after asymmetric encryption and the signature value sign signed by sha256 are used as final request parameters and sent to a server background through a network request.
Further, the step S40 includes the following steps:
s401, the server back end obtains request parameters of the IOS mobile end, and signs, checkkeys and contents which are sent by the IOS mobile end through a network request are obtained through analysis;
s402, verifying the legality of the network request through the obtained signature value sign, and directly returning error information to the IOS mobile terminal if the network request is not legal;
s403, if the signature is legal, resolving a randomly generated secret key (checkKey) of AES symmetric encryption through an RSA private key of asymmetric encryption to obtain an actual AES secret key;
s404, resolving the unencrypted value of the content of the requester through the AES secret key obtained in the step S403 and the symmetric decryption algorithm of the AES;
s405, obtaining the actual service parameters of the request through S404, and according to the actual data needing response of the service parameter activity;
s406, encrypting the response data obtained in the step S405 by taking the original AES secret key obtained by the IOS mobile terminal as a secret key through AES symmetric encryption, and encrypting the response data;
encrypting the AES secret key through an RSA asymmetric encryption algorithm; and responds these data to the IOS mobile terminal together with the signature sign.
Further, the step S50 includes the following steps:
s501, according to the actual service requirement of the IOS mobile terminal, the back end of the server provides a relevant service interface for the IOS mobile terminal to call;
s502, processing the relevant parameters of the IOS mobile terminal and calling a corresponding service interface to perform data interaction with the rear end of the server through the step S30;
s503, through the step S40, the server back end performs interface security verification, data analysis and interface data response according to the corresponding service interface, and responds the data to the IOS mobile terminal through the corresponding interface.
Further, the step S60 includes the following steps:
s601, verifying the legality of the returned data by acquiring the signature value sign of the response data, giving a prompt if the returned data is verified to be illegal, and continuing if the returned data is legal;
s602, acquiring a response body resData of response data, and decrypting the resData by using a random AES secret key generated when the service interface is called, wherein the obtained data is actual service data which is responded to the IOS mobile terminal by the service interface at the rear end of the server;
and S603, returning the decrypted data to an actual scene caller through the acquired service data, and displaying the data by the scene caller according to service requirements.
The invention has the beneficial effects that: in an IOS mobile terminal development APP, a certificate is verified in an added certificate verification mode, and packet capture is prevented through verification of the certificate; by encrypting the transmitted data and the secret key, plaintext transmission of data interaction between the server and the back end is avoided, and data safety is ensured.
Drawings
Fig. 1 is a schematic flowchart of a data interaction method between an iOS mobile terminal and a server backend according to the present invention.
Detailed Description
The invention is further illustrated with reference to the following figures and examples.
The conception, the specific structure, and the technical effects produced by the present invention will be clearly and completely described below in conjunction with the embodiments and the accompanying drawings to fully understand the objects, the features, and the effects of the present invention. It is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all embodiments, and those skilled in the art can obtain other embodiments without inventive effort based on the embodiments of the present invention, and all embodiments are within the protection scope of the present invention. In addition, all the connection/connection relations referred to in the patent do not mean that the components are directly connected, but mean that a better connection structure can be formed by adding or reducing connection auxiliary components according to specific implementation conditions. All technical characteristics in the invention can be interactively combined on the premise of not conflicting with each other.
Referring to fig. 1, the present invention discloses a data interaction method between an IOS mobile terminal and a server backend, which is characterized in that the method comprises the following steps:
s10, generating a certificate file, and starting an IOS mobile terminal to set a certificate verification mode to prevent the package from being seized;
in this embodiment, the step S10 includes the following steps:
s101, generating a public key certificate format file cer of a hypertext transfer security protocol https through a certificate file issued by a certificate authority, named as certificate, and putting the file on a root of an iOS mobile terminal development project xcdeoe project;
s102, converting a public key certificate file into binary NSData format data by using a binary data NSData instantiation method dataWithContentsOfFile;
s103, if a plurality of public key certificates exist, generating data in a plurality of binary data formats through the steps S101 and S102;
s104, initializing a certificate mode through a certificate verification mode AFSecurityPolicy, and defining the obtained initialization object as securityPolicy;
s105, setting the value of whether the certificate instance object securityPolicy opens the certificate verification attribute allowaInvalCertificates as true, and indicating that the self-built certificate needs to be verified;
s106, setting whether the value of the certificate instance object securityPolicy for verifying the domain name attribute validatesDomainName as false, and indicating that the domain name is not required to be verified in the certificate domain field;
s107, setting the value of a certificate data parameter pineddcertificates of a certificate instance object securityPolicy, and assigning binary data NSData generated in the steps S101-S103 to the upper part;
and S108, assigning the obtained certificate instance object securityPolicy to a network request single instance AFHTTPSessionsManager, thereby realizing the security verification of the certificate when the iOS mobile terminal calls the server terminal interface.
S20, the RSA public key is placed at the server side, the updating state of the RSA public key is checked firstly when the APP is started, if the APP is updated, the RSA public key is downloaded and updated, and if the APP is not updated, an interface for data interaction with the server side is called normally;
in step S20, the method includes the steps of:
s201, determining necessary conditions, wherein the necessary conditions comprise an encryption key, an encryption length sizes, displacement padding and a mode model of the symmetric encryption AES;
s202, generating a public key file of the asymmetric encryption RSA, encrypting the public key file through the AES in the step S201, and storing the public key file on a server;
s203, when the APP is started, whether the identifier of the RSA public key file needs to be downloaded is checked, if so, a server side is called to download the RSA public key interface, and the public key output in the step S202 is downloaded;
s204, defining the identifier of the public key to be updated, returning the identifier of the public key to be updated to the IOS mobile terminal in the interface of the current calling server terminal when the public key is updated, packaging, intercepting and analyzing the state at the uniform interface by the IOS mobile terminal, updating the identifier of the RSA public key to be downloaded if the state is detected, and downloading the public key output in the step S202 first and then executing the next time when the server terminal interface is called for network request next time;
s205, when the APP obtains the public key through the downloading in the step S202, the RSA public key is obtained through the decryption of the secret key agreed in the step S201.
S30, obtaining a public key file of the asymmetric encryption RSA through the step S20, generating a random number with a fixed length as an encryption and decryption secret key of the symmetric encryption AES, encrypting the content of the request body by using a symmetric encryption AES mode, and encrypting the AES secret key by using an asymmetric encryption RSA public key through the obtained public key file of the RSA;
in step S30, the service parameters included in the request object content include a request source src, a current application version number version, and a current device unique identifier deviceId.
Step S30 includes the following steps:
s301, defining a method for generating a random character string as- (NSString) () getRandowmStringWithLength (NSInteger) length;
s302, circulating through a circulating method for, taking the length h of the step S301 as the maximum circulating frequency, obtaining a value of a random number in the circulation through a random number method arc4random as a, then obtaining a random value of each circulation by taking the remainder of a, splicing the random values through a string splicing method stringByAppendingString, and finally outputting a random string;
s303, when the IOS mobile terminal calls the server interface to acquire data, firstly generating a random character string with a certain random length by the random number acquiring method getRandomStringWithLength in the step S301, and using the random character string as a symmetric encryption AES secret key AESKey for symmetrically encrypting the requested parameters;
s304, when a network request is made, converting the requested parameters into JSON character strings in a data exchange format, and encrypting the request body character strings by using a symmetric encryption mode AES through the obtained random secret key to obtain encrypted request body content;
s305, through the public key of the obtained asymmetric encryption RSA, the obtained random secret key AESKey is subjected to asymmetric encryption through the public key, and the output value is checkKey;
s306, performing sha256 signature on the parameters of the request to output a signature value sign for the server to verify the legal line of the request;
s307, the obtained request body content generated by the request parameters, the obtained checkKey after asymmetric encryption and the signature value sign signed by sha256 are used as final request parameters and sent to a server background through a network request.
S40, through the step S30, the back end of the server acquires the request data of the IOS mobile terminal, and finally, the back end of the server encrypts the data needing to be returned in a mirror mode through verification and analysis and returns the encrypted data to the IOS mobile terminal;
the step S40 includes the following steps:
s401, the server back end obtains request parameters of the IOS mobile end, and signs, checkkeys and contents which are sent by the IOS mobile end through a network request are obtained through analysis;
s402, verifying the legality of the network request through the obtained signature value sign, and directly returning error information to the IOS mobile terminal if the legality is not legal;
s403, if the signature is legal, resolving a randomly generated secret key (checkKey) of AES symmetric encryption through an RSA private key of asymmetric encryption to obtain an actual AES secret key;
s404, analyzing the unencrypted value of the content of the request body by the AES secret key obtained in the step S403 and the symmetric decryption algorithm of the AES;
s405, obtaining the actual service parameters of the request through S404, and according to the actual data needing response of the service parameter activity;
s406, encrypting the response data obtained in the step S405 by taking the original AES secret key obtained by the IOS mobile terminal as a secret key through AES symmetric encryption, and encrypting the response data;
encrypting the AES secret key through an RSA asymmetric encryption algorithm; and responds these data to the IOS mobile terminal together with the signature sign.
S50, data interaction between the IOS mobile terminal and the server back end is carried out by calling a service interaction interface provided by the server back end, parameter encryption of the mobile terminal is carried out through the step S30, and response of the server back end to the data is realized through the step S40;
the step S50 includes the steps of:
s501, according to actual service requirements of the IOS mobile terminal, the back end of the server provides a relevant service interface for the IOS mobile terminal to call;
s502, processing the relevant parameters of the IOS mobile terminal and calling a corresponding service interface to perform data interaction with the back end of the server through the step S30;
s503, through the step S40, the rear end of the server conducts interface security verification, data analysis and interface data response according to the corresponding service interface, and responds the data to the IOS mobile terminal through the corresponding interface.
And S60, analyzing the response data of each service interface obtained in the step S50, so as to apply the data to a scene corresponding to the IOS mobile terminal.
The step S60 includes the steps of:
s601, verifying the legality of the returned data by acquiring the signature value sign of the response data, giving a prompt if the returned data is verified to be illegal, and continuing if the returned data is legal;
s602, acquiring a response body resData of response data, and decrypting the resData by using a random AES secret key generated when the service interface is called, wherein the obtained data is actual service data which is responded to the IOS mobile terminal by the service interface at the rear end of the server;
and S603, returning the decrypted data to an actual scene calling party through the acquired service data, and displaying the data by the scene calling party according to service requirements.
Based on the scheme, in the IOS mobile terminal development APP, the certificate is added for verification, and the certificate is verified to prevent packet capture; by encrypting the transmitted data and the secret key, plaintext transmission of data interaction between the server and the back end is avoided, and data safety is ensured; in addition, the service parameters are encrypted through a symmetric algorithm, the keys symmetrically encrypted are encrypted through an asymmetric encryption algorithm, and the request validity is verified through a signature, so that the safety of front-end and back-end interaction is improved; the problem of the data interaction security at two ends when the IOS mobile terminal calls the rear-end interface of the server is solved, and the potential safety hazards such as packet capturing and cracking are prevented.
While the preferred embodiments of the present invention have been illustrated and described, it will be understood by those skilled in the art that various changes in form and details may be made therein without departing from the spirit and scope of the invention as defined by the appended claims.
Claims (8)
1. A data interaction method of an IOS mobile terminal and a server back-end is characterized by comprising the following steps:
s10, generating a certificate file, and starting a certificate verification mode set by the IOS mobile terminal to prevent a packet from being grabbed;
s20, the RSA public key is placed at the server side, the updating state of the RSA public key is checked firstly when the APP is started, if the APP is updated, the RSA public key is downloaded and updated, and if the APP is not updated, an interface for data interaction with the server side is called normally;
s30, obtaining a public key file of the asymmetric encryption RSA through the step S20, generating a random number with a fixed length as an encryption and decryption secret key of the symmetric encryption AES, encrypting the content of the request body by using a symmetric encryption AES mode, and encrypting the AES secret key by using an asymmetric encryption RSA public key through the obtained public key file of the RSA;
s40, through the step S30, the back end of the server acquires the request data of the IOS mobile terminal, and finally, the back end of the server encrypts the data needing to be returned in a mirror mode through verification and analysis and returns the encrypted data to the IOS mobile terminal;
s50, data interaction between the IOS mobile terminal and the server back end is carried out by calling a service interaction interface provided by the server back end, parameter encryption of the mobile terminal is carried out through the step S30, and response of the server back end to the data is realized through the step S40;
and S60, analyzing the response data of each service interface obtained in the step S50, so as to apply the data to a scene corresponding to the IOS mobile terminal.
2. The method of claim 1, wherein the step S10 includes the following steps:
s101, generating a public key certificate format file cer of a hypertext transfer security protocol https through a certificate file issued by a certificate authority, named as certificate, and putting the file on a root of an iOS mobile terminal development project xcdeoe project;
s102, converting a public key certificate file into binary NSData format data by using a binary data NSData instantiation method dataWithContentsOfFile;
s103, if a plurality of public key certificates exist, generating data in a plurality of binary data formats through the steps S101 and S102;
s104, initializing a certificate mode through a certificate verification mode AFSecurityPolicy, and defining the obtained initialization object as securityPolicy;
s105, setting the value of whether the certificate instance object securityPolicy opens the certificate verification attribute allowaInvalCertificates as true, and indicating that the self-built certificate needs to be verified;
s106, setting whether the value of the certificate instance object securityPolicy for verifying the domain name attribute validatesDomainName as false, and indicating that the domain name is not required to be verified in the certificate domain field;
s107, setting the value of a certificate data parameter pineddcertificates of a certificate instance object securityPolicy, and assigning binary data NSData generated in the steps S101-S103 to the upper part;
and S108, assigning the obtained certificate instance object securityPolicy to a network request single instance AFHTTPSessionsManager, thereby realizing the security verification of the certificate when the iOS mobile terminal calls the server terminal interface.
3. The method of claim 2, wherein the step S20 comprises the following steps:
s201, determining necessary conditions, wherein the necessary conditions comprise an encryption key, an encryption length sizes, displacement padding and a mode model of the symmetric encryption AES;
s202, generating a public key file of the asymmetric encryption RSA, encrypting the public key file by the AES in the step S201, and storing the public key file in a server;
s203, when the APP is started, whether the identifier of the RSA public key file needs to be downloaded is checked, if so, a server side is called to download the RSA public key interface, and the public key output in the step S202 is downloaded;
s204, defining the identifier of the public key to be updated, returning the identifier of the public key to be updated to the IOS mobile terminal in the interface of the current calling server terminal when the public key is updated, packaging, intercepting and analyzing the state at the uniform interface by the IOS mobile terminal, updating the identifier of the RSA public key to be downloaded if the state is detected, and downloading the public key output in the step S202 first and then executing the next time when the server terminal interface is called for network request next time;
s205, when the APP obtains the public key through the downloading in the step S202, the RSA public key is obtained through the decryption of the secret key agreed in the step S201.
4. The method as claimed in claim 3, wherein in step S30, the service parameters included in the request object content include request source src, current application version number version, and current device unique identifier deviceId.
5. The method of claim 3, wherein the step S30 comprises the following steps:
s301, defining a method for generating a random character string as- (NSString) (-getRandowMtrigingWithLength (NSInteger) length;
s302, circulating through a circulating method for, taking the length h of the step S301 as the maximum circulating frequency, obtaining the value of a random number in the circulation through a random number method arc4random to be defined as a, then obtaining the random value of each circulation by taking the remainder of a, splicing the random values through a string splicing method string ByAppendingString, and finally outputting a random string;
s303, when the IOS mobile terminal calls the server interface to acquire data, firstly generating a random character string with a certain random length by the random number acquiring method getRandomStringWithLength in the step S301, and using the random character string as a symmetric encryption AES secret key AESKey for symmetrically encrypting the requested parameters;
s304, when a network request is made, converting the requested parameters into JSON character strings in a data exchange format, and encrypting the request body character strings by using a symmetric encryption mode AES through the obtained random secret key to obtain encrypted request body content;
s305, through the public key of the obtained asymmetric encryption RSA, the obtained random secret key AESKey is subjected to asymmetric encryption through the public key, and the output value is checkKey;
s306, performing sha256 signature on the parameters of the request to output a signature value sign for the server to verify the legal line of the request;
s307, the obtained request body content generated by the request parameters, the obtained checkKey after asymmetric encryption and the signature value sign signed by sha256 are used as final request parameters and sent to a server background through a network request.
6. The method of claim 3, wherein the step S40 comprises the following steps:
s401, the server back end obtains request parameters of the IOS mobile end, and signs, checkkeys and contents which are sent by the IOS mobile end through a network request are obtained through analysis;
s402, verifying the legality of the network request through the obtained signature value sign, and directly returning error information to the IOS mobile terminal if the network request is not legal;
s403, if the signature is legal, resolving a randomly generated secret key (checkKey) of AES symmetric encryption through an RSA private key of asymmetric encryption to obtain an actual AES secret key;
s404, analyzing the unencrypted value of the content of the request body by the AES secret key obtained in the step S403 and the symmetric decryption algorithm of the AES;
s405, obtaining the actual service parameters of the request through S404, and according to the actual data needing response of the service parameter activity;
s406, encrypting the response data obtained in the step S405 by taking the original AES secret key obtained by the IOS mobile terminal as a secret key through AES symmetric encryption, and encrypting the response data;
encrypting the AES secret key through an RSA asymmetric encryption algorithm; and responds these data to the IOS mobile terminal with a signature sign.
7. The method of claim 3, wherein the step S50 comprises the following steps:
s501, according to actual service requirements of the IOS mobile terminal, the back end of the server provides a relevant service interface for the IOS mobile terminal to call;
s502, processing the relevant parameters of the IOS mobile terminal and calling a corresponding service interface to perform data interaction with the rear end of the server through the step S30;
s503, through the step S40, the server back end performs interface security verification, data analysis and interface data response according to the corresponding service interface, and responds the data to the IOS mobile terminal through the corresponding interface.
8. The method of claim 5, wherein the step S60 comprises the following steps:
s601, verifying the legality of the returned data by acquiring the signature value sign of the response data, giving a prompt if the returned data is verified to be illegal, and continuing if the returned data is legal;
s602, by acquiring a response body resData of response data and decrypting the resData by using a random AES secret key generated when the service interface is called, the obtained data is actual service data which is responded to the IOS mobile terminal by the service interface at the rear end of the server;
and S603, returning the decrypted data to an actual scene calling party through the acquired service data, and displaying the data by the scene calling party according to service requirements.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210916893.9A CN115442074A (en) | 2022-08-01 | 2022-08-01 | Data interaction method for iOS mobile terminal and server back-end |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210916893.9A CN115442074A (en) | 2022-08-01 | 2022-08-01 | Data interaction method for iOS mobile terminal and server back-end |
Publications (1)
Publication Number | Publication Date |
---|---|
CN115442074A true CN115442074A (en) | 2022-12-06 |
Family
ID=84243377
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202210916893.9A Pending CN115442074A (en) | 2022-08-01 | 2022-08-01 | Data interaction method for iOS mobile terminal and server back-end |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN115442074A (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN117176347A (en) * | 2023-11-02 | 2023-12-05 | 深圳市亲邻科技有限公司 | Mobile application certificate verification method and system |
-
2022
- 2022-08-01 CN CN202210916893.9A patent/CN115442074A/en active Pending
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN117176347A (en) * | 2023-11-02 | 2023-12-05 | 深圳市亲邻科技有限公司 | Mobile application certificate verification method and system |
CN117176347B (en) * | 2023-11-02 | 2024-02-06 | 深圳市亲邻科技有限公司 | Mobile application certificate verification method and system |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US20200068394A1 (en) | Authentication of phone caller identity | |
US7899185B2 (en) | Real privacy management authentication system | |
JP2020064668A5 (en) | ||
CN114024710B (en) | Data transmission method, device, system and equipment | |
CN109067739B (en) | Communication data encryption method and device | |
CN109302369B (en) | Data transmission method and device based on key verification | |
EP3633949A1 (en) | Method and system for performing ssl handshake | |
WO2020102974A1 (en) | Data access method, data access apparatus, and mobile terminal | |
CN113382002B (en) | Data request method, request response method, data communication system, and storage medium | |
CN105262592A (en) | Data interaction method and API interface | |
CN113204772A (en) | Data processing method, device, system, terminal, server and storage medium | |
CN115150821A (en) | Offline package transmission and storage method and device | |
CN115442074A (en) | Data interaction method for iOS mobile terminal and server back-end | |
EP3242444A1 (en) | Service processing method and device | |
CN111049789A (en) | Domain name access method and device | |
CN109450643B (en) | Signature verification method realized on Android platform based on native service | |
CN114650181B (en) | E-mail encryption and decryption method, system, equipment and computer readable storage medium | |
CN110572366B (en) | Network data transmission method and device, electronic equipment and storage medium | |
CN111049798B (en) | Information processing method and device and computer readable storage medium | |
CN109902515B (en) | True data verification method and system | |
CN113381853A (en) | Method and device for generating random password and authenticating client | |
CN115996126B (en) | Information interaction method, application device, auxiliary platform and electronic device | |
CN113993126B (en) | Called terminal interface pulling method, device, equipment and storage medium | |
CN113850591A (en) | Method for verifying authenticity of payment two-dimensional code based on encryption and digital signature algorithm | |
CN115913519A (en) | Data encryption transmission method and device based on image and electronic equipment |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination |