CN117294541A - Multiple encryption method, system, equipment and medium for anti-ticket-brushing of ticket business system - Google Patents
Multiple encryption method, system, equipment and medium for anti-ticket-brushing of ticket business system Download PDFInfo
- Publication number
- CN117294541A CN117294541A CN202311591324.2A CN202311591324A CN117294541A CN 117294541 A CN117294541 A CN 117294541A CN 202311591324 A CN202311591324 A CN 202311591324A CN 117294541 A CN117294541 A CN 117294541A
- Authority
- CN
- China
- Prior art keywords
- client
- server
- key
- algorithm
- parameter
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 51
- 238000004422 calculation algorithm Methods 0.000 claims abstract description 183
- 239000013598 vector Substances 0.000 claims abstract description 86
- 238000012795 verification Methods 0.000 claims description 60
- 238000004891 communication Methods 0.000 claims description 31
- 238000004364 calculation method Methods 0.000 claims description 19
- 238000004590 computer program Methods 0.000 claims description 12
- 230000032683 aging Effects 0.000 claims description 8
- 230000002159 abnormal effect Effects 0.000 claims description 3
- 230000001680 brushing effect Effects 0.000 abstract description 11
- 230000005540 biological transmission Effects 0.000 description 7
- 230000006870 function Effects 0.000 description 5
- 230000006399 behavior Effects 0.000 description 4
- 230000001550 time effect Effects 0.000 description 4
- 230000008878 coupling Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 238000010586 diagram Methods 0.000 description 3
- 238000012545 processing Methods 0.000 description 3
- 206010000117 Abnormal behaviour Diseases 0.000 description 2
- 244000035744 Hura crepitans Species 0.000 description 2
- 230000002265 prevention Effects 0.000 description 2
- 238000012216 screening Methods 0.000 description 2
- 238000003491 array Methods 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 235000019800 disodium phosphate Nutrition 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0478—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload applying multiple layers of encryption, e.g. nested tunnels or encrypting the content with a first key and then with at least a second key
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0435—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/061—Network architectures or network communication protocols for network security for supporting key management in a packet data network for key exchange, e.g. in peer-to-peer networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/08—Protocols specially adapted for terminal emulation, e.g. Telnet
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0618—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
- H04L9/0631—Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/40—Network security protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/08—Randomization, e.g. dummy operations or using noise
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2463/00—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
- H04L2463/102—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying security measure for e-commerce
Abstract
The invention discloses a multiple encryption method, a system, equipment and a medium for preventing ticket brushing of a ticket business system, wherein the method comprises the following steps: the client logs in the server; constructing a virtual machine at a client; the client side sends a key negotiation request to the server side based on the virtual machine, and the server side carries out encryption exchange on the first DH algorithm parameter between the server side and the client side based on an exclusive or key exchange algorithm so as to send the first DH algorithm parameter from the server side to the client side; the client generates a second DH algorithm parameter, an AES key and an initial vector locally according to the first DH algorithm parameter, and performs encryption exchange on the second DH algorithm parameter between the client and the server based on an exclusive or key exchange algorithm so as to send the second DH algorithm parameter from the client to the server; the server generates the same secret key and vector as the client according to the second DH algorithm parameter; the server returns a negotiation completion message to the client. The invention prevents illegal users from brushing tickets through the cooperation of multiple encryption.
Description
Technical Field
The invention relates to the technical field of information security, in particular to a multiple encryption method, a multiple encryption system, multiple encryption equipment and multiple encryption media for anti-ticket brushing of a ticket system.
Background
The existing ticketing system has the following problems that firstly, a code logic is opened based on a client constructed by a browser, so that the code logic is easy to acquire and crack. And the client side based on the browser is not used, the cross-platform capability is poor, the client side software is required to be independently installed, and the user experience is poor. 2. When the client and the server perform AES key pairing in communication transmission, the keys need to be generated and distributed in advance, so that the keys are difficult to update dynamically, and the security is low; or even if the key can be updated dynamically, the dynamically generated key is easily intercepted and broken during transmission.
Therefore, aiming at the problems that the ticket purchasing safety of the ticket system in the prior art is low and the ticket brushing behavior is easy to occur, no effective solution is proposed.
Disclosure of Invention
The embodiment of the invention provides a multiple encryption method, a multiple encryption system, multiple encryption equipment and multiple encryption media for preventing ticket brushing of a ticket service system, and aims to solve the problems that ticket purchasing safety of the ticket service system is low and ticket brushing is easy to occur in the prior art method.
In a first aspect, an embodiment of the present invention provides a multiple encryption method for anti-brushing tickets in a ticketing system, where the method includes:
the client logs in the server through login verification;
The client requests the server to acquire a JavaScript virtual machine interpreter file and an opcode file, and constructs a JavaScript virtual machine environment on the client so as to encrypt the client locally;
the client sends a key negotiation request to the server based on a JavaScript virtual machine environment so as to acquire a first DH algorithm parameter;
the server side responds to a key negotiation request of the client side, generates a first DH algorithm parameter, and carries out encryption exchange on the first DH algorithm parameter between the server side and the client side based on an exclusive or key exchange algorithm so as to safely send the first DH algorithm parameter from the server side to the client side;
the client generates a second DH algorithm parameter, a symmetric encryption AES key and an initial vector in a local calculation mode according to the first DH algorithm parameter, and performs encryption exchange on the second DH algorithm parameter between the client and the server based on an exclusive-or key exchange algorithm so as to safely send the second DH algorithm parameter from the client to the server;
the server side calculates and generates a symmetric encryption AES key and an initial vector which are the same as the symmetric encryption AES key and the initial vector generated by the client side according to the second DH algorithm parameter so as to be used for encrypted communication, wherein the validity period of the symmetric encryption AES key and the initial vector is limited in the current login request period;
After the server generates the symmetric encryption AES key and the initial vector for encryption communication, key negotiation is completed, and a key negotiation completion message is returned to the client.
In a second aspect, the embodiment of the invention provides a multiple encryption system for preventing ticket brushing of a ticketing system, which comprises a client and a server,
the client establishes a JavaScript virtual machine environment on the client after logging in the server through login verification and requesting the server to acquire a JavaScript virtual machine interpreter file and an opcode file so as to encrypt the client locally;
the client sends a key negotiation request to the server based on a JavaScript virtual machine environment so as to acquire a first DH algorithm parameter;
the server side responds to a key negotiation request of the client side, generates a first DH algorithm parameter, and carries out encryption exchange on the first DH algorithm parameter between the server side and the client side based on an exclusive or key exchange algorithm so as to safely send the first DH algorithm parameter from the server side to the client side;
the client generates a second DH algorithm parameter, a symmetric encryption AES key and an initial vector in a local calculation mode according to the first DH algorithm parameter, and performs encryption exchange on the second DH algorithm parameter between the client and the server based on an exclusive-OR key exchange algorithm so as to safely send the second DH algorithm parameter from the client to the server;
The server side calculates and generates a symmetric encryption AES key and an initial vector which are the same as the symmetric encryption AES key and the initial vector generated by the client side according to the second DH algorithm parameter so as to be used for encrypted communication, wherein the validity period of the symmetric encryption AES key and the initial vector is limited in the current login request period;
after the server generates the symmetric encryption AES key and the initial vector for encryption communication, key negotiation is completed, and a key negotiation completion message is returned to the client.
In a third aspect, an embodiment of the present invention further provides a computer apparatus, which includes a memory, a processor, and a computer program stored on the memory and executable on the processor, where the processor implements the method described in the first aspect.
In a fourth aspect, embodiments of the present invention also provide a computer readable storage medium, wherein the computer readable storage medium stores a computer program, which when executed by a processor causes the processor to perform the method according to the first aspect.
The embodiment of the invention provides a multiple encryption method and a multiple encryption system for ticket brushing prevention of a ticket business system. The client logs in the server through login verification; the client requests the server to acquire a JavaScript virtual machine interpreter file and an opcode file, and constructs a JavaScript virtual machine environment on the client so as to encrypt the client locally; the client sends a key negotiation request to the server based on a JavaScript virtual machine environment to acquire a first DH algorithm parameter; the server side responds to a key negotiation request of the client side, generates a first DH algorithm parameter, and carries out encryption exchange on the first DH algorithm parameter between the server side and the client side based on an exclusive or key exchange algorithm so as to safely send the first DH algorithm parameter from the server side to the client side; the client generates a second DH algorithm parameter and symmetric encryption AES keys and initial vectors in a local computing mode according to the first DH algorithm parameter, and performs encryption exchange on the second DH algorithm parameter between the client and the server based on an exclusive or key exchange algorithm so as to safely send the second DH algorithm parameter from the client to the server; the server side calculates and generates a symmetric encryption AES key and an initial vector which are the same as the symmetric encryption AES key and the initial vector generated by the client side according to the second DH algorithm parameters so as to be used for encrypted communication, wherein the validity period of the symmetric encryption AES key and the initial vector is limited in the current login request period; after the server generates the symmetric encryption AES key and the initial vector for encrypting communication, the key negotiation is completed, and a message of the completion of the key negotiation is returned to the client.
In the method, firstly, a virtual machine is built at a client to realize encryption of local calculation codes, calculation logic and calculation parameters of the client, and the problem that the code logic of the browser client is easy to acquire is solved; then, in the JavaScript virtual machine environment, realizing one-to-one dynamic negotiation of the communication keys of the client and the server by using an exclusive OR key exchange algorithm and a DH key negotiation algorithm; through the cooperation application of the multiple encryption, the rings are mutually buckled, so that ticket swiping behaviors are prevented.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings required for the description of the embodiments will be briefly described below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 is a flow chart of a multiple encryption method for anti-ticket-brushing of a ticketing system according to an embodiment of the present invention;
fig. 2 is a schematic flow chart of key negotiation according to an embodiment of the present invention;
fig. 3 is a schematic block diagram of a computer device according to an embodiment of the present invention.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and fully with reference to the accompanying drawings, in which it is evident that the embodiments described are some, but not all embodiments of the invention. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
It should be understood that the terms "comprises" and "comprising," when used in this specification and the appended claims, specify the presence of stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof.
It is also to be understood that the terminology used in the description of the invention herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention. As used in this specification and the appended claims, the singular forms "a," "an," and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise.
It should be further understood that the term "and/or" as used in the present specification and the appended claims refers to any and all possible combinations of one or more of the associated listed items, and includes such combinations.
The embodiment provides a multiple encryption method for anti-brushing tickets of a ticketing system, and fig. 1 is a flow chart of the multiple encryption method for anti-brushing tickets of the ticketing system, as shown in fig. 1, and the method comprises steps S110-S170.
S110, the client logs in the server through login verification.
Preferably, in this embodiment, a user sends a login request to a server through a browser client, so that the server verifies the login request; and if the client receives the verification passing notification sent by the server, logging in the server.
Or the server side sends an inquiry request to the client side to confirm whether the client side needs to log in the server side or not, if so, the server side checks the login information of the user, and if the client side receives a verification passing notification sent by the server side, the client side logs in the server side. It should be noted that, the verified user login information includes: user name, user password, etc.
In an embodiment, the server performs conventional login verification on login information of the user, and further performs blacklist verification on the user. After the client receives the verification passing notification sent by the server, the server performs blacklist verification on the user information, if the user information is blacklist personnel through blacklist verification, the client cannot log in the server, and if the user information is not blacklist personnel through blacklist verification, the client logs in the server, wherein the blacklist comprises a limited user list and an abnormal operation list which are set in a self-defining mode. In addition, when the blacklist verification is carried out, the verification is carried out by combining information such as registered user information, equipment fingerprints, abnormal behavior acquisition, screening and the like.
After the above steps, if the conventional login check is not passed, or the login check is passed but the user is not passed the blacklist check, the login cannot be performed. If the login check and the blacklist check are passed, the login server can perform subsequent ticket purchasing and other operations.
S120, the client requests the server to acquire the JavaScript virtual machine interpreter file and the opcode file, and constructs a JavaScript virtual machine environment on the client so as to encrypt the client locally.
After the client logs in the server through login verification, the client requests the server to acquire the JavaScript virtual machine interpreter file and the opcode file, and constructs a JavaScript virtual machine environment on the client to carry out local encryption on the client, thereby solving the problem that local code logic of the client is easy to acquire and decrypt.
And S130, the client sends a key negotiation request to the server based on the JavaScript virtual machine environment so as to acquire the first DH algorithm parameter.
Fig. 2 is a schematic flow chart of key negotiation provided in the embodiment of the present invention, as shown in fig. 2, a client sends a key negotiation request to a server based on the JavaScript virtual machine environment constructed in step S120, so as to obtain a first DH algorithm parameter, where the first DH algorithm parameter includes a big prime number p, a primitive root g, and a server computing value a.
And S140, the server side responds to the key negotiation request of the client side, generates a first DH algorithm parameter, and performs encryption exchange on the first DH algorithm parameter between the server side and the client side based on an exclusive or key exchange algorithm so as to safely send the first DH algorithm parameter from the server side to the client side.
The server side responds to a key negotiation request of the client side, generates a large prime number p, a primitive root g and a private key random number a, and calculates to obtain a public key, namely a calculated value A of the server side according to the large prime number p, the primitive root g and the private key random number a.
Then, the server performs encryption exchange on the first DH algorithm parameter between the server and the client based on the exclusive OR key exchange algorithm, so as to safely send the first DH algorithm parameter from the server to the client.
In one embodiment, the server performs encryption exchange on the first DH algorithm parameter between the server and the client based on an xor key exchange algorithm, so as to securely send the first DH algorithm parameter from the server to the client, which comprises the following steps:
s141, the server acquires a key negotiation request sent by the client, and combines the first DH algorithm parameters into a first character string tServer according to a preset character string splicing rule.
S142, the server randomly generates a first XOR private key k1, and performs an exclusive OR operation on the first character string tServer and the first XOR private key k1 to obtain a first parameter S1.
S143, the server returns the first parameter S1 to the client.
S144, after the client acquires the first parameter S1, the second XOR private key k2 is randomly generated, and the first parameter S1 and the second XOR private key k2 are subjected to exclusive OR operation to obtain the second parameter S2.
And S145, the client sends the second parameter S2 to the server.
S146, the server acquires the second parameter S2, and performs exclusive-or decryption operation on the second parameter S2 through the first exclusive-or private key k1 to obtain a third parameter S3.
And S147, the server returns the third parameter S3 to the client.
S148, the client acquires the third parameter S3, and performs exclusive-or decryption operation on the third parameter S3 through the second XOR private key k2 to obtain a first character string tServer.
S149, the client performs reverse splitting on the first character string tServer according to a preset character string splicing rule to obtain a first DH algorithm parameter.
In this embodiment, the exclusive or key exchange algorithm is adopted to perform encryption exchange of DH algorithm parameters, so that protection can be further enhanced.
And S150, the client locally calculates and generates a second DH algorithm parameter, a symmetric encryption AES key and an initial vector according to the first DH algorithm parameter, and performs encryption exchange on the second DH algorithm parameter between the client and the server based on an exclusive or key exchange algorithm so as to safely send the second DH algorithm parameter from the client to the server.
As shown in fig. 2, after the client obtains the first DH algorithm parameter, a private key random number B is randomly generated, and a second DH algorithm parameter, that is, a calculated value B, is locally calculated according to the first DH algorithm parameter and the private key random number B, and a symmetric encrypted AES key and an initial vector are generated based on the first DH algorithm parameter and the private key random number B through the DH algorithm. In this embodiment, the symmetric encrypted AES key and the initial vector that are the same as those of the server are generated at the client, so that security problems that may be caused in the transmission process of the key itself can be reduced.
The client then performs an exclusive or key exchange algorithm to cryptographically exchange the second DH algorithm parameters between the client and the server, to securely send the second DH algorithm parameters from the client to the server. The specific steps of the client performing encryption exchange on the second DH algorithm parameter between the client and the server based on the xor key exchange algorithm to securely send the second DH algorithm parameter from the client to the server are the same as those described in steps S141-S149.
S160, the server side calculates and generates the symmetric encryption AES key and the initial vector which are the same as the symmetric encryption AES key and the initial vector generated by the client side according to the second DH algorithm parameters so as to be used for encrypted communication, wherein the validity period of the symmetric encryption AES key and the initial vector is limited to the current login request period.
As shown in fig. 2, the server calculates and generates the symmetric encrypted AES key and the initial vector which are the same as those generated by the client according to the large prime number p in the second DH algorithm parameter and the first DH algorithm parameter and the server private key random number a. In this embodiment, the symmetric encrypted AES key and the initial vector that are the same as those of the client are generated at the server, so that security problems that may be caused in the transmission process of the key itself can be reduced. And the key and the initial vector are shared by the client and the server one to one, which is different from the situation that a plurality of clients share the symmetric encryption key adopted in the prior art, and the scheme can effectively improve the security of the key.
It should be noted that, in order to improve the security level of the system, the validity period of each pair of AES key and initial vector is limited to the period of the current login request, and when the session ends, the key and initial vector also fail. On the next request, the symmetric encryption AES key and the initial vector will renegotiate the negotiation determination.
S170, after the server generates the symmetric encryption AES key and the initial vector for encryption communication, the key negotiation is completed, and a message of the completion of the key negotiation is returned to the client.
After the symmetric encryption AES key and the initial vector are generated through the steps, key negotiation is completed, and the server returns a key negotiation completion message to the client. Communication encryption of subsequent ticket purchasing, ticket checking and other business can be realized through the generated symmetric encryption AES key and the initial vector.
In one embodiment, after the server returns a message of completion of the key agreement to the client, steps S1701-S1703 are further included.
S1701, the client encrypts ticket booking information by adopting an AES encryption algorithm based on the generated symmetric encryption AES key and the initial vector to generate a digital signature, and sends a ticket booking request to the server.
S1702, the server acquires a ticket booking request, performs aging verification on a request time stamp, and verifies the digital signature. The verification range of the request time can be set according to actual conditions, and if the request time exceeds the set verification range during time-lapse verification, ticket booking operation is not performed.
S1703, after verification, the server executes ticket booking operation, encrypts the ticket booking result through the symmetric encryption AES key and the initial vector, and returns to the client.
In an embodiment, in order to further improve accuracy of the aging verification, thereby more accurately preventing the communication information from being intercepted and forged, before the service end performs the aging verification on the request timestamp, the method further includes the following steps:
s1, a client requests a server to acquire server time, and reads local time timC of the client;
s2, calculating to obtain a time difference timeDiff between the server time and the local time of the client according to the server time and the local time timeC of the client;
s3, when the client sends a request such as inquiring and ticket purchasing to the server and transmits a request time stamp, the time difference between the server and the client is corrected through the time difference timeDiff to ensure that the client and the server are at the same time point, so that the accuracy of time-effect verification of the request time stamp by the server is ensured.
In the step of S130-S170 key negotiation communication, a pair of keys and initial vectors which are consistent with each other are negotiated under the condition that a symmetric encryption key and an initial vector between a client and a server do not need to be transmitted through a DH key negotiation algorithm and an exclusive or key exchange algorithm, so that the problem that in the prior art, an AES key and an initial vector need to be generated and distributed in advance and are difficult to dynamically update or need to be transmitted between the client and the server after being dynamically generated and are easy to be intercepted is solved.
In the multiple encryption method for preventing ticket brushing of the ticket business system provided by the embodiment of the invention, a client logs in a server through login verification; the client requests the server to acquire a JavaScript virtual machine interpreter file and an opcode file, and constructs a JavaScript virtual machine environment on the client so as to encrypt the client locally; the client sends a key negotiation request to the server based on a JavaScript virtual machine environment to acquire a first DH algorithm parameter; the server side responds to a key negotiation request of the client side, generates a first DH algorithm parameter, and carries out encryption exchange on the first DH algorithm parameter between the server side and the client side based on an exclusive or key exchange algorithm so as to safely send the first DH algorithm parameter from the server side to the client side; the client generates a second DH algorithm parameter and symmetric encryption AES keys and initial vectors in a local computing mode according to the first DH algorithm parameter, and performs encryption exchange on the second DH algorithm parameter between the client and the server based on an exclusive or key exchange algorithm so as to safely send the second DH algorithm parameter from the client to the server; the server side calculates and generates a symmetric encryption AES key and an initial vector which are the same as the symmetric encryption AES key and the initial vector generated by the client side according to the second DH algorithm parameters so as to be used for encrypted communication, wherein the validity period of the symmetric encryption AES key and the initial vector is limited in the current login request period; after the server generates the symmetric encryption AES key and the initial vector for encrypting communication, the key negotiation is completed, and a message of the completion of the key negotiation is returned to the client. In the method, firstly, a virtual machine is built at a client to realize encryption of local calculation codes, calculation logic and calculation parameters of the client, and the problem that the code logic of the browser client is easy to acquire is solved; then, in the JavaScript virtual machine environment, realizing one-to-one dynamic negotiation of the communication keys of the client and the server by using an exclusive OR key exchange algorithm and a DH key negotiation algorithm; through the cooperation application of the multiple encryption, the rings are mutually buckled, so that ticket swiping behaviors are prevented.
The following specifically describes the practical application process of the multiple encryption method for ticket brushing prevention of the ticketing system by taking the ticket booking operation performed by the browser client as an example:
s1, after a browser client (H5 page) passes login verification and logs in a server, a user places a ticket.
S2, the client requests the server to obtain the JavaScript virtual machine interpreter file and the opcode file, and builds a JavaScript virtual machine sandbox environment on the client.
S3, the client performs abstract calculation on the message to be sent according to rules and abstract algorithm agreed with the server under the JavaScript virtual machine environment to obtain a characteristic value sign Block, wherein the message comprises key parameters for booking tickets, such as: play date, play period, ticket name, ticket code, ticket order information, timestamp, etc.
S4, according to the symmetric encryption AES key and the initial vector generated in the key negotiation process of the steps S130-S160 in the embodiment of the application, an AES encryption algorithm is adopted to encrypt the abstract feature value sign Block, a digital signature is generated, and a ticket booking request is sent to the server in an encrypted mode.
S5, the server side acquires a ticket booking request and performs time-effect verification on the request time stamp, wherein the verification range of the request time can be set according to actual conditions, and if the request time exceeds the set verification range during time-effect verification, ticket booking operation is not performed.
S6, the server checks the digital signature, wherein the specific check comprises the following steps: performing abstract calculation on the message according to rules agreed with the client to obtain a characteristic value sign block1; then decrypting the digital signature according to the symmetric encryption AES key and the initial vector generated in the key negotiation process to obtain a sign Block; and comparing the sign Block with the sign Block1, and if the sign Block is consistent with the sign Block1, passing the digital signature verification.
And S7, after passing the two checks, the server executes ticket booking operation, encrypts a ticket booking result through the symmetric encryption AES key and the initial vector, and returns the ticket booking result to the virtual machine client in an encrypted mode.
S8, decrypting the ticket booking result in the virtual machine, and sending the decrypted ticket booking information to a browser client (H5 page), so that the ticket booking result is displayed on the browser page.
The embodiment of the invention also provides a multiple encryption system for preventing ticket brushing of the ticket service system, which comprises a client and a server.
And the client logs in the server through login verification.
Preferably, in this embodiment, a user sends a login request to a server through a browser client, so that the server verifies the login request; and if the client receives the verification passing notification sent by the server, logging in the server.
Or the server side sends an inquiry request to the client side to confirm whether the client side needs to log in the server side or not, if so, the server side checks the login information of the user, and if the client side receives a verification passing notification sent by the server side, the client side logs in the server side. It should be noted that, the verified user login information includes: user name, user password, etc.
In an embodiment, the server performs conventional login verification on login information of the user, and further performs blacklist verification on the user. After the client receives the verification passing notification sent by the server, the server performs blacklist verification on the user information, if the user information is blacklist personnel through blacklist verification, the client cannot log in the server, and if the user information is not blacklist personnel through blacklist verification, the client logs in the server, wherein the blacklist comprises a limited user list and an abnormal operation list which are set in a self-defining mode. In addition, when the blacklist verification is carried out, the verification is carried out by combining information such as registered user information, equipment fingerprints, abnormal behavior acquisition, screening and the like.
After the above steps, if the conventional login check is not passed, or the login check is passed but the user is not passed the blacklist check, the login cannot be performed. If the login check and the blacklist check are passed, the login server can perform subsequent ticket purchasing and other operations.
Further, the client requests the server to acquire the JavaScript virtual machine interpreter file and the opcode file, and constructs a JavaScript virtual machine sandbox environment in the client so as to encrypt the client locally.
Specifically, after the client logs in the server through login verification, the client requests the server to obtain the JavaScript virtual machine interpreter file and the opcode file, and constructs a JavaScript virtual machine environment in the client to encrypt the client locally, thereby solving the problem that the local code logic of the client is easy to obtain and decrypt.
Still further, the client sends a key negotiation request to the server based on the JavaScript virtual machine environment to obtain the first DH algorithm parameters.
Fig. 2 is a schematic flow chart of key negotiation provided in the embodiment of the present invention, as shown in fig. 2, a client sends a key negotiation request to a server based on a constructed JavaScript virtual machine environment, so as to obtain a first DH algorithm parameter, where the first DH algorithm parameter includes a large prime number p, a primitive root g and a server calculated value a.
Then, the server side responds to the key negotiation request of the client side, generates a first DH algorithm parameter, and performs encryption exchange on the first DH algorithm parameter between the server side and the client side based on an exclusive or key exchange algorithm so as to safely send the first DH algorithm parameter from the server side to the client side.
Specifically, the server side responds to a key negotiation request of the client side, generates a large prime number p, a primitive root g and a private key random number a, and calculates to obtain a public key according to the large prime number p, the primitive root g and the private key random number a, namely a calculated value A of the server side.
Then, the server performs encryption exchange on the first DH algorithm parameter between the server and the client based on the exclusive OR key exchange algorithm, so as to safely send the first DH algorithm parameter from the server to the client.
In one embodiment, the server performs encryption exchange on the first DH algorithm parameter between the server and the client based on an xor key exchange algorithm, so as to securely send the first DH algorithm parameter from the server to the client, which comprises the following steps:
s141, the server acquires a key negotiation request sent by the client, and combines the first DH algorithm parameters into a first character string tServer according to a preset character string splicing rule.
S142, the server randomly generates a first XOR private key k1, and performs an exclusive OR operation on the first character string tServer and the first XOR private key k1 to obtain a first parameter S1.
S143, the server returns the first parameter S1 to the client.
S144, after the client acquires the first parameter S1, the second XOR private key k2 is randomly generated, and the first parameter S1 and the second XOR private key k2 are subjected to exclusive OR operation to obtain the second parameter S2.
And S145, the client sends the second parameter S2 to the server.
S146, the server acquires the second parameter S2, and performs exclusive-or decryption operation on the second parameter S2 through the first exclusive-or private key k1 to obtain a third parameter S3.
And S147, the server returns the third parameter S3 to the client.
S148, the client acquires the third parameter S3, and performs exclusive-or decryption operation on the third parameter S3 through the second XOR private key k2 to obtain a first character string tServer.
S149, the client performs reverse splitting on the first character string tServer according to a preset character string splicing rule to obtain a first DH algorithm parameter.
The encryption exchange of DH algorithm parameters is carried out by adopting the exclusive or key exchange algorithm, so that the protection can be further enhanced.
Next, the client generates a second DH algorithm parameter and a symmetric encryption AES key and an initial vector by local calculation according to the first DH algorithm parameter, and performs encryption exchange between the client and the server based on an exclusive-or key exchange algorithm to securely send the second DH algorithm parameter from the client to the server, and the server generates a symmetric encryption AES key and an initial vector identical to the symmetric encryption AES key and the initial vector generated by the client by calculation according to the second DH algorithm parameter, for encrypted communication, wherein the validity period of the symmetric encryption AES key and the initial vector is limited to only the current login request period.
Specifically, as shown in fig. 2, after the client obtains the first DH algorithm parameter, a private key random number B is randomly generated, and a second DH algorithm parameter, that is, a calculated value B, is locally calculated according to the first DH algorithm parameter and the private key random number B, and a symmetric encrypted AES key and an initial vector are generated based on the first DH algorithm parameter and the private key random number B through the DH algorithm. In this embodiment, the symmetric encrypted AES key and the initial vector that are the same as those of the server are generated at the client, so that security problems that may be caused in the transmission process of the key itself can be reduced.
The client then performs an exclusive or key exchange algorithm to cryptographically exchange the second DH algorithm parameters between the client and the server, to securely send the second DH algorithm parameters from the client to the server. The specific steps of the client performing encryption exchange on the second DH algorithm parameter between the client and the server based on the xor key exchange algorithm to securely send the second DH algorithm parameter from the client to the server are the same as those described in steps S141-S149.
After the server side safely acquires the second DH algorithm parameter, the symmetric encryption AES key and the initial vector which are the same as the symmetric encryption AES key and the initial vector generated by the client side are calculated and generated according to the second DH algorithm parameter, the large prime number p in the first DH algorithm parameter and the server side private key random number a. In this embodiment, the symmetric encrypted AES key and the initial vector that are the same as those of the client are generated at the server, so that security problems that may be caused in the transmission process of the key itself can be reduced. And the key and the initial vector are shared by the client and the server one to one, which is different from the situation that a plurality of clients share the symmetric encryption key adopted in the prior art, and the scheme can effectively improve the security of the key.
It should be noted that, in order to improve the security level of the system, the validity period of each pair of AES key and initial vector is limited to the period of the current login request, and when the session ends, the key and initial vector also fail. On the next request, the symmetric encryption AES key and the initial vector will renegotiate the negotiation determination.
And finally, after the server generates the symmetric encryption AES key and the initial vector for encryption communication, the server completes key negotiation and returns a key negotiation completion message to the client.
Specifically, after the symmetric encryption AES key and the initial vector are generated through the steps described above, key negotiation is completed, and the server returns a message of the completion of key negotiation to the client. Communication encryption of subsequent ticket purchasing, ticket checking and other business can be realized through the generated symmetric encryption AES key and the initial vector.
In one embodiment, after the server returns a message of completion of the key agreement to the client, steps S1701-S1703 are further included.
S1701, the client encrypts ticket booking information by adopting an AES encryption algorithm based on the generated symmetric encryption AES key and the initial vector to generate a digital signature, and sends a ticket booking request to the server.
S1702, the server acquires a ticket booking request, performs aging verification on a request time stamp, and verifies the digital signature. The verification range of the request time can be set according to actual conditions, and if the request time exceeds the set verification range during time-lapse verification, ticket booking operation is not performed.
S1703, after verification, the server executes ticket booking operation, encrypts the ticket booking result through the symmetric encryption AES key and the initial vector, and returns to the client.
In an embodiment, in order to further improve accuracy of the aging verification, thereby more accurately preventing the communication information from being intercepted and forged, before the service end performs the aging verification on the request timestamp, the method further includes the following steps:
s1, a client requests a server to acquire server time, and reads local time timC of the client;
s2, calculating to obtain a time difference timeDiff between the server time and the local time of the client according to the server time and the local time timeC of the client;
s3, when the client sends a request such as inquiring and ticket purchasing to the server and transmits a request time stamp, the time difference between the server and the client is corrected through the time difference timeDiff to ensure that the client and the server are at the same time point, so that the accuracy of time-effect verification of the request time stamp by the server is ensured.
In the key negotiation communication step, under the condition that a symmetric encryption key and an initial vector between a client and a server do not need to be transmitted by a DH key negotiation algorithm and an exclusive OR key exchange algorithm, a pair of mutually consistent keys and initial vectors are negotiated, so that the problems that in the prior art, an AES key and an initial vector need to be generated and distributed in advance and are difficult to dynamically update or are easy to intercept because the symmetric key needs to be transmitted between the client and the server after being dynamically generated are solved.
In the multiple encryption method of the ticket system anti-brushing ticket, which is provided by the embodiment of the invention, the client logs in the server through login verification; the client requests the server to acquire a JavaScript virtual machine interpreter file and an opcode file, and constructs a JavaScript virtual machine environment on the client so as to encrypt the client locally; the client sends a key negotiation request to the server based on a JavaScript virtual machine environment to acquire a first DH algorithm parameter; the server side responds to a key negotiation request of the client side, generates a first DH algorithm parameter, and carries out encryption exchange on the first DH algorithm parameter between the server side and the client side based on an exclusive or key exchange algorithm so as to safely send the first DH algorithm parameter from the server side to the client side; the client generates a second DH algorithm parameter and symmetric encryption AES keys and initial vectors in a local computing mode according to the first DH algorithm parameter, and performs encryption exchange on the second DH algorithm parameter between the client and the server based on an exclusive or key exchange algorithm so as to safely send the second DH algorithm parameter from the client to the server; the server side calculates and generates a symmetric encryption AES key and an initial vector which are the same as the symmetric encryption AES key and the initial vector generated by the client side according to the second DH algorithm parameters so as to be used for encrypted communication, wherein the validity period of the symmetric encryption AES key and the initial vector is limited in the current login request period; after the server generates the symmetric encryption AES key and the initial vector for encrypting communication, the key negotiation is completed, and a message of the completion of the key negotiation is returned to the client. In the method, firstly, a virtual machine is built at a client to realize encryption of local calculation codes, calculation logic and calculation parameters of the client, and the problem that the code logic of the browser client is easy to acquire is solved; then, in the JavaScript virtual machine environment, realizing one-to-one dynamic negotiation of the communication keys of the client and the server by using an exclusive OR key exchange algorithm and a DH key negotiation algorithm; through the cooperation application of the multiple encryption, the rings are mutually buckled, so that ticket swiping behaviors are prevented.
The multiple encryption method of ticket anti-swipe of ticketing system described above can be implemented in the form of a computer program that can be run on a computer device as shown in fig. 3.
Referring to fig. 3, fig. 3 is a schematic block diagram of a computer device according to an embodiment of the present invention. The computer device may be a multiple encryption method for performing anti-swipe of tickets by the ticketing system.
With reference to FIG. 3, the computer device 500 includes a processor 502, a memory, and a network interface 505, connected by a system bus 501, where the memory may include a storage medium 503 and an internal memory 504.
The storage medium 503 may store an operating system 5031 and a computer program 5032. The computer program 5032, when executed, causes the processor 502 to perform a multiple encryption method for ticketing protection, wherein the storage medium 503 may be a volatile storage medium or a non-volatile storage medium.
The processor 502 is used to provide computing and control capabilities to support the operation of the overall computer device 500.
The internal memory 504 provides an environment for the execution of a computer program 5032 in the storage medium 503, which computer program 5032, when executed by the processor 502, causes the processor 502 to perform a multiple encryption method of ticketing protection.
The network interface 505 is used for network communication, such as providing for transmission of data information, etc. It will be appreciated by those skilled in the art that the architecture shown in fig. 3 is merely a block diagram of some of the architecture relevant to the present inventive arrangements and is not limiting of the computer device 500 to which the present inventive arrangements may be implemented, and that a particular computer device 500 may include more or fewer components than shown, or may combine some of the components, or have a different arrangement of components.
The processor 502 is configured to execute a computer program 5032 stored in a memory, so as to implement the corresponding functions in the multiple encryption method for anti-ticket-brushing of the ticketing system.
Those skilled in the art will appreciate that the embodiment of the computer device shown in fig. 3 is not limiting of the specific construction of the computer device, and in other embodiments, the computer device may include more or less components than those shown, or certain components may be combined, or a different arrangement of components. For example, in some embodiments, the computer device may include only a memory and a processor, and in such embodiments, the structure and function of the memory and the processor are consistent with the embodiment shown in fig. 3, and will not be described again.
It should be appreciated that in an embodiment of the invention, the processor 502 may be a central processing unit (Central Processing Unit, CPU), the processor 502 may also be other general purpose processors, digital signal processors (Digital Signal Processor, DSPs), application specific integrated circuits (Application Specific Integrated Circuit, ASICs), off-the-shelf programmable gate arrays (Field-Programmable Gate Array, FPGAs) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, or the like. Wherein the general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
In another embodiment of the invention, a computer-readable storage medium is provided. The computer readable storage medium may be a volatile or nonvolatile computer readable storage medium. The computer readable storage medium stores a computer program which when executed by a processor implements the steps included in the above-described multiple encryption method for anti-ticket-brushing of a ticketing system.
It will be clearly understood by those skilled in the art that, for convenience and brevity of description, specific working procedures of the apparatus, device and unit described above may refer to corresponding procedures in the foregoing method embodiments, which are not repeated herein. Those of ordinary skill in the art will appreciate that the elements and algorithm steps described in connection with the embodiments disclosed herein may be embodied in electronic hardware, in computer software, or in a combination of the two, and that the elements and steps of the examples have been generally described in terms of function in the foregoing description to clearly illustrate the interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.
In the several embodiments provided by the present invention, it should be understood that the disclosed apparatus, device and method may be implemented in other manners. For example, the apparatus embodiments described above are merely illustrative, and for example, the division of the units is merely a logical function division, there may be another division manner in actual implementation, or units having the same function may be integrated into one unit, for example, multiple units or components may be combined or may be integrated into another system, or some features may be omitted, or not performed. In addition, the coupling or direct coupling or communication connection shown or discussed with each other may be an indirect coupling or communication connection via some interfaces, devices, or elements, or may be an electrical, mechanical, or other form of connection.
The units described as separate units may or may not be physically separate, and units shown as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the embodiment of the present invention.
In addition, each functional unit in the embodiments of the present invention may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit. The integrated units may be implemented in hardware or in software functional units.
The integrated units, if implemented in the form of software functional units and sold or used as stand-alone products, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present invention is essentially or part of what contributes to the prior art, or all or part of the technical solution may be embodied in the form of a software product stored in a computer-readable storage medium, comprising several instructions for causing a computer device (which may be a personal computer, a server, a network device, etc.) to perform all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned computer-readable storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a magnetic disk, an optical disk, or other various media capable of storing program codes.
While the invention has been described with reference to certain preferred embodiments, it will be understood by those skilled in the art that various changes and substitutions of equivalents may be made and equivalents will be apparent to those skilled in the art without departing from the scope of the invention. Therefore, the protection scope of the invention is subject to the protection scope of the claims.
Claims (10)
1. A multiple encryption method for anti-ticket-brushing of a ticketing system, the method comprising:
the client logs in the server through login verification;
the client requests the server to acquire a JavaScript virtual machine interpreter file and an opcode file, and constructs a JavaScript virtual machine environment on the client so as to encrypt the client locally;
the client sends a key negotiation request to the server based on a JavaScript virtual machine environment so as to acquire a first DH algorithm parameter;
the server side responds to a key negotiation request of the client side, generates a first DH algorithm parameter, and carries out encryption exchange on the first DH algorithm parameter between the server side and the client side based on an exclusive or key exchange algorithm so as to safely send the first DH algorithm parameter from the server side to the client side;
The client generates a second DH algorithm parameter, a symmetric encryption AES key and an initial vector in a local calculation mode according to the first DH algorithm parameter, and performs encryption exchange on the second DH algorithm parameter between the client and the server based on an exclusive-or key exchange algorithm so as to safely send the second DH algorithm parameter from the client to the server;
the server side calculates and generates a symmetric encryption AES key and an initial vector which are the same as the symmetric encryption AES key and the initial vector generated by the client side according to the second DH algorithm parameter so as to be used for encrypted communication, wherein the validity period of the symmetric encryption AES key and the initial vector is limited in the current login request period;
after the server generates the symmetric encryption AES key and the initial vector for encryption communication, key negotiation is completed, and a key negotiation completion message is returned to the client.
2. The method of claim 1, wherein the client logs in to the server through a log-in check, comprising:
the client sends a login request to the server so that the server verifies the login request;
And if the client receives the verification passing notification sent by the server, logging in the server.
3. The method according to claim 2, wherein after the client receives the verification passing notification sent by the server, the method further comprises:
and the server performs blacklist verification on the user information, if the user information is blacklist personnel through blacklist verification, the server cannot log in, and if the user information is not blacklist personnel through blacklist verification, the server logs in, wherein the blacklist comprises a limited user list and an abnormal operation list which are set in a self-defining mode.
4. The method of claim 1, wherein the performing an exclusive-or key exchange algorithm based on which the first DH algorithm parameters are cryptographically exchanged between the server and the client to securely send the first DH algorithm parameters from the server to the client comprises:
the server acquires a key negotiation request sent by the client, and combines the first DH algorithm parameters into a first character string according to a preset character string splicing rule;
The server randomly generates a first XOR private key, and performs exclusive OR operation on the first character string and the first XOR private key to obtain a first parameter;
the server returns the first parameter to the client;
the client randomly generates a second XOR private key, and performs exclusive OR operation on the first parameter and the second XOR private key to obtain a second parameter;
the client sends the second parameter to the server;
the server acquires the second parameter, and performs exclusive-or decryption operation on the second parameter through the first exclusive-or private key to obtain a third parameter;
the server returns the third parameter to the client;
the client acquires the third parameter, and carries out exclusive-or decryption operation on the third parameter through the second exclusive-or private key to obtain the first character string;
and the client performs reverse splitting on the first character string according to the preset character string splicing rule to obtain the first DH algorithm parameter.
5. The method of claim 1, wherein the server generates the same symmetric encryption AES key and initial vector as the client-generated symmetric encryption AES key and initial vector based on the second DH algorithm parameter calculation, comprising:
And the server acquires the second DH algorithm parameter, and performs parameter calculation according to the second DH algorithm parameter, the large prime number and the random number in the first DH algorithm parameter to obtain the symmetric encryption AES key and the initial vector.
6. The method of claim 1, wherein after the server returns a key agreement complete message to the client, the method comprises:
the client encrypts ticket booking information by adopting an AES encryption algorithm based on the generated symmetric encryption AES key and the initial vector to generate a digital signature, and sends a ticket booking request to the server;
the server acquires a ticket booking request, performs aging verification on a request time stamp, and verifies the digital signature;
after verification, the server executes ticket booking operation, encrypts ticket booking results through the symmetric encryption AES key and the initial vector, and returns to the client.
7. The method of claim 6, wherein prior to the service side aging the request timestamp, the method further comprises:
the client requests the server to acquire server time and reads local time of the client;
According to the server time and the client local time, calculating to obtain a time difference between the server time and the client local time;
when the client sends a request to the server and transmits a request time stamp, the time difference between the server and the client is corrected through the time difference, so that the client and the server are ensured to be at the same time point.
8. A multiple encryption system for ticket anti-brushing of ticket service system is characterized in that the system comprises a client and a server,
the client establishes a JavaScript virtual machine environment on the client after logging in the server through login verification and requesting the server to acquire a JavaScript virtual machine interpreter file and an opcode file so as to encrypt the client locally;
the client sends a key negotiation request to the server based on a JavaScript virtual machine environment so as to acquire a first DH algorithm parameter;
the server side responds to a key negotiation request of the client side, generates a first DH algorithm parameter, and carries out encryption exchange on the first DH algorithm parameter between the server side and the client side based on an exclusive or key exchange algorithm so as to safely send the first DH algorithm parameter from the server side to the client side;
The client generates a second DH algorithm parameter, a symmetric encryption AES key and an initial vector in a local calculation mode according to the first DH algorithm parameter, and performs encryption exchange on the second DH algorithm parameter between the client and the server based on an exclusive-OR key exchange algorithm so as to safely send the second DH algorithm parameter from the client to the server;
the server side calculates and generates a symmetric encryption AES key and an initial vector which are the same as the symmetric encryption AES key and the initial vector generated by the client side according to the second DH algorithm parameter so as to be used for encrypted communication, wherein the validity period of the symmetric encryption AES key and the initial vector is limited in the current login request period;
after the server generates the symmetric encryption AES key and the initial vector for encryption communication, key negotiation is completed, and a key negotiation completion message is returned to the client.
9. A computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor implements the method of any one of claims 1 to 7 when executing the computer program.
10. A computer readable storage medium, characterized in that the computer readable storage medium stores a computer program which, when executed by a processor, implements the method according to any of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311591324.2A CN117294541B (en) | 2023-11-27 | 2023-11-27 | Multiple encryption method, system, equipment and medium for anti-ticket-brushing of ticket business system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311591324.2A CN117294541B (en) | 2023-11-27 | 2023-11-27 | Multiple encryption method, system, equipment and medium for anti-ticket-brushing of ticket business system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN117294541A true CN117294541A (en) | 2023-12-26 |
| CN117294541B CN117294541B (en) | 2024-04-16 |
Family
ID=89248448
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311591324.2A Active CN117294541B (en) | 2023-11-27 | 2023-11-27 | Multiple encryption method, system, equipment and medium for anti-ticket-brushing of ticket business system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117294541B (en) |
Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101621377A (en) * | 2009-03-26 | 2010-01-06 | 常熟理工学院 | Trusted access method under virtual computing environment |
| EA201101235A1 (en) * | 2011-08-24 | 2013-03-29 | Открытое Акционерное Общество "Инфотекс" | METHOD OF PROTECTED DATA EXCHANGE DURING ELECTRONIC AUCTION AND SYSTEM FOR ITS IMPLEMENTATION |
| CN103414558A (en) * | 2013-07-17 | 2013-11-27 | 电子科技大学 | XEN cloud platform-based virtual machine block device isolation method |
| CN109347809A (en) * | 2018-09-25 | 2019-02-15 | 北京计算机技术及应用研究所 | A kind of application virtualization safety communicating method towards under autonomous controllable environment |
| CN112422530A (en) * | 2020-11-04 | 2021-02-26 | 无锡沐创集成电路设计有限公司 | Security protection method for server-side secret key in TLS (transport layer security) handshaking process and password equipment |
| CN114363013A (en) * | 2021-12-15 | 2022-04-15 | 武汉大学 | Supervision-friendly block chain content privacy protection system, message sending method and query method |
| CN114500055A (en) * | 2022-01-27 | 2022-05-13 | 建信金融科技有限责任公司 | Password verification method and device, electronic equipment and storage medium |
| CN115174267A (en) * | 2022-09-02 | 2022-10-11 | 深圳星云智联科技有限公司 | TLS protocol negotiation method, equipment and medium |
| CN115396177A (en) * | 2022-08-23 | 2022-11-25 | 成都三零瑞通移动通信有限公司 | Encrypted communication method for realizing efficient communication of web end based on WASM |
| CN115396095A (en) * | 2022-08-29 | 2022-11-25 | 深圳市证通电子股份有限公司 | SM 9-based virtual machine rapid authentication method for Openstack platform |
-
2023
- 2023-11-27 CN CN202311591324.2A patent/CN117294541B/en active Active
Patent Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101621377A (en) * | 2009-03-26 | 2010-01-06 | 常熟理工学院 | Trusted access method under virtual computing environment |
| EA201101235A1 (en) * | 2011-08-24 | 2013-03-29 | Открытое Акционерное Общество "Инфотекс" | METHOD OF PROTECTED DATA EXCHANGE DURING ELECTRONIC AUCTION AND SYSTEM FOR ITS IMPLEMENTATION |
| CN103414558A (en) * | 2013-07-17 | 2013-11-27 | 电子科技大学 | XEN cloud platform-based virtual machine block device isolation method |
| CN109347809A (en) * | 2018-09-25 | 2019-02-15 | 北京计算机技术及应用研究所 | A kind of application virtualization safety communicating method towards under autonomous controllable environment |
| CN112422530A (en) * | 2020-11-04 | 2021-02-26 | 无锡沐创集成电路设计有限公司 | Security protection method for server-side secret key in TLS (transport layer security) handshaking process and password equipment |
| CN114363013A (en) * | 2021-12-15 | 2022-04-15 | 武汉大学 | Supervision-friendly block chain content privacy protection system, message sending method and query method |
| CN114500055A (en) * | 2022-01-27 | 2022-05-13 | 建信金融科技有限责任公司 | Password verification method and device, electronic equipment and storage medium |
| CN115396177A (en) * | 2022-08-23 | 2022-11-25 | 成都三零瑞通移动通信有限公司 | Encrypted communication method for realizing efficient communication of web end based on WASM |
| CN115396095A (en) * | 2022-08-29 | 2022-11-25 | 深圳市证通电子股份有限公司 | SM 9-based virtual machine rapid authentication method for Openstack platform |
| CN115174267A (en) * | 2022-09-02 | 2022-10-11 | 深圳星云智联科技有限公司 | TLS protocol negotiation method, equipment and medium |
Non-Patent Citations (2)
| Title |
|---|
| BENEDIKT PITTL; STEFAN STARFLINGER; WERNER MACH; ERICH SCHIKUTA: "Bazaar-Contract: A Smart Contract for Binding Multi-Round Bilateral Negotiations on Cloud Markets", 2019 7TH INTERNATIONAL CONFERENCE ON FUTURE INTERNET OF THINGS AND CLOUD (FICLOUD) * |
| 杨?;王明华;潘俊臣;胡冲;: "基于浏览器WebAssembly技术的即时通信加密通信系统的设计与研究", 网络空间安全, no. 08 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN117294541B (en) | 2024-04-16 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109309565B (en) | Security authentication method and device | |
| CN109728909B (en) | Identity authentication method and system based on USBKey | |
| JP6399382B2 (en) | Authentication system | |
| CN109660343A (en) | Token updating method, device, computer equipment and storage medium | |
| CN110890962B (en) | Authentication key negotiation method, device, storage medium and equipment | |
| CN104641592A (en) | Method and system for a certificate-less authentication encryption (CLAE) | |
| CN108243176B (en) | Data transmission method and device | |
| JP5206992B2 (en) | Authentication system, authentication device, terminal device, authentication method, and program | |
| CN113806772A (en) | Information encryption transmission method and device based on block chain | |
| CN110505055B (en) | External network access identity authentication method and system based on asymmetric key pool pair and key fob | |
| CN108199847B (en) | Digital security processing method, computer device, and storage medium | |
| JP2022521525A (en) | Cryptographic method for validating data | |
| CN105827395A (en) | Network user authentication method | |
| CN111130798A (en) | Request authentication method and related equipment | |
| CN111010399A (en) | Data transmission method and device, electronic equipment and storage medium | |
| CN113411187B (en) | Identity authentication method and system, storage medium and processor | |
| CN110519222B (en) | External network access identity authentication method and system based on disposable asymmetric key pair and key fob | |
| CN110365472B (en) | Quantum communication service station digital signature method and system based on asymmetric key pool pair | |
| CN115276978A (en) | Data processing method and related device | |
| CN111740995B (en) | Authorization authentication method and related device | |
| CN104394532A (en) | Anti-brute force safe log-in method for mobile terminal | |
| CN116743470A (en) | Service data encryption processing method and device | |
| CN117294541B (en) | Multiple encryption method, system, equipment and medium for anti-ticket-brushing of ticket business system | |
| CN113545004A (en) | Authentication system with reduced attack surface | |
| CN112769759B (en) | Information processing method, information gateway, server and medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |