CN103973438A - Communication channel dynamic encryption method - Google Patents
Communication channel dynamic encryption method Download PDFInfo
- Publication number
- CN103973438A CN103973438A CN201410114900.9A CN201410114900A CN103973438A CN 103973438 A CN103973438 A CN 103973438A CN 201410114900 A CN201410114900 A CN 201410114900A CN 103973438 A CN103973438 A CN 103973438A
- Authority
- CN
- China
- Prior art keywords
- service end
- client
- scheme
- communication channel
- encipherment scheme
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Landscapes
- Computer And Data Communications (AREA)
Abstract
The invention relates to a communication channel dynamic encryption method. The method includes: respectively building key libraries at a service end and a client; by the client, randomly selecting a first encryption scheme to build a communication with the service end; by the service end, encrypting and verifying the authentication message transmitted by the client during communication building; by the service end, verifying and comparing the key library version number of the client to decide whether to update the key library of the client or not; by the service end, randomly distributing a second encryption scheme to encrypt the authentication, for logging in the service end, of the client; by the service end, randomly distributing a third encryption scheme to encrypt communication data. The communication channel dynamic encryption method has the advantages that each data interaction of the method is encrypted; before the service end distributes the third encryption scheme, only the encryption schemes are needed to be transmitted on channels instead of specific keys; after the service end distributes the third encryption scheme, the encryption schemes are bond to the conversion of both sides, and only the encrypted communication data needs to be transmitted.
Description
Technical field
The present invention relates to based on communication channel encryption technology, relate in particular to a kind of communication channel dynamic encrypting method.
Background technology
Current networking products are all to take the pattern of client-side/server-side as main, and service end is managed by operator, and client is arranged on user's computer.The place one's entire reliance upon communication of packet of client and exchanging of service end.A lot of networking products all can be the Data Packet Encryption of communication between client and service end.Although can prevent that like this packet is stolen, but due to the cryptographic algorithm in client be fixedly write dead, as long as therefore cracker analyzes the fixed-encryption algorithm in client, a side that just can pretend client or service end sends packet and cheats to the opposing party; Also can be positioned at the node interception communication in the middle of client and service end packet, deciphering reduction, forge change data, send after encrypting and be not found again.Because service end and client all cannot judge what whether packet sended over from true legal the opposing party, so, common encryption technology all cannot fundamentally solve the data communication safety problem of networking products, and this has greatly affected network environment sound development.
Summary of the invention
In view of above content, be necessary to provide a kind of communication channel dynamic encrypting method, effectively the safety of protecting network communication.
For realizing the communication channel dynamic encrypting method between service end and client, it is characterized in that, described method comprises: in service end and client, set up secret key storehouse respectively; The random communication connection of selecting between the first encipherment scheme foundation and service end of client; The authentication information that service end deciphering verification client transmit while setting up communication; More whether the secret key storehouse version number decision of service end checking comparison client the secret key storehouse of row client; The authentication information that service end Random assignment the second encipherment scheme logs in service end to client is encrypted; And service end Random assignment the 3rd encipherment scheme is encrypted communication data.
As the further improvement of technique scheme, described the second encipherment scheme is asymmetrical encryption approach.
As the further improvement of technique scheme, described the 3rd encipherment scheme is symmetric encryption scheme.
As the further improvement of technique scheme, symmetric encryption scheme comprises compression scheme and serializing scheme.
As the further improvement of technique scheme, the cipher key store of service end comprises a plurality of versions, and the cipher key store of client only has a version.
As the further improvement of technique scheme, described authentication information comprises cipher key store version number, cipher key store summary and system time.
As the further improvement of technique scheme, described system time comprises the first system time and second system time.
Further improvement as technique scheme, system time when the described the first system time is the random communication connection of selecting between the first encipherment scheme foundation and service end of client, the described second system time upgrades after the secret key storehouse version of client for checking, and client is to the system time of service end request the second encipherment scheme.
As the further improvement of technique scheme, if the communication channel between client and service end disconnects and to reconnect, client select at random the first encipherment scheme to re-establish and service end between communication connection.
Further improvement as technique scheme, service end presets time-out time corresponding to the 3rd encipherment scheme, client and service end are tied to communication session the 3rd encipherment scheme and time-out time simultaneously, service end, at time-out time random free time point later, is given client Random assignment the 3rd encipherment scheme again.
Compared to prior art, the communication channel dynamic encrypting method of the present invention safety that not only effectively protecting network is communicated by letter, also tool has the following advantages: 1. service end has the cipher key store of all versions, client has the cipher key store of the some versions of oneself, can avoid with jdk in the coupling of keystore; 2., when each communication channel is set up, service end is given a kind of different encipherment scheme of each client Random assignment, can reach different channels dynamic encryption effect; 3. cipher key store is done and is upgraded and safeguard according to version number, more convenient, autgmentability is strong, and adopts cryptographic Hash function before setting up communication channel at every turn, and whether the data in detecting client key storehouse distort; 4. service end and client's data interaction each time is all encrypted, and only need upload and pass encipherment scheme rather than concrete key at channel, and user authentication information adopts different encipherment schemes also safer from communication data information in addition; 5. by the time-out time of encipherment scheme in channel is set, after encipherment scheme is overtime, at a uncertain idle time of channel point subsequently, by service end, to client, redistribute encipherment scheme (comprising compression scheme, serializing scheme etc.), can reach same channel dynamic encryption effect.
Accompanying drawing explanation
In order to be illustrated more clearly in the embodiment of the present invention or technical scheme of the prior art, to the accompanying drawing of required use in embodiment or description of the Prior Art be briefly described below, apparently, accompanying drawing in the following describes is only embodiments of the invention, for those of ordinary skills, do not paying under the prerequisite of creative work, other accompanying drawing can also be provided according to the accompanying drawing providing.
Fig. 1 is the flow chart of the better embodiment of communication channel dynamic encrypting method of the present invention.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is clearly and completely described, obviously, described embodiment is only the present invention's part embodiment, rather than whole embodiment.Embodiment based in the present invention, those of ordinary skills, not making the every other embodiment obtaining under creative work prerequisite, belong to the present invention.
As shown in Figure 1, be the flow chart of the better embodiment of communication channel dynamic encrypting method of the present invention.Described method realizes service end for the communications field and client is set up communication connection reliably.Described method specifically comprises the steps.
Step S01, sets up secret key storehouse in service end and client respectively.Particularly, service end comprises a plurality of cipher key store of all versions, and client only has the cipher key store of some versions, avoid with jdk in the coupling of keystore.
Step S02, client is selected the communication connection between the first encipherment scheme foundation and service end at random.Particularly, client and service end establish a communications link, and from the secret key storehouse of client, random first encipherment scheme of selecting is passed to service end to the current the first system time of a plurality of authentication informations and client (client is selected the system time of the communication connection between the first encipherment scheme foundation and service end at random) after encrypting.In one execution mode, by loading local configuration information (service end IP, port), foundation is connected with the TCP network of service end with client.Connect after foundation, client is from the random a kind of encipherment scheme (i.e. the first encipherment scheme) of selecting of local cipher key store, the authentication informations such as the cipher key store version number of client, cipher key store summary, the first system time (being that client is set up the current system time of communicating by letter with service end) are encrypted, and pass to service end together with the first encipherment scheme.
Step S03, the authentication information that service end deciphering verification client transmit while setting up communication.Particularly, service end is carried out integrality and the legitimacy check of cipher key store to client, and service end records the first system time that client sends simultaneously, does proof procedure analysis on its rationality consuming time and can use in described the first system time subsequent step.In one execution mode, the first encipherment scheme that service end passes over by client is obtained corresponding decrypt scheme from the cipher key store of service end, and authentication information is decrypted.By getting the version number in the secret key storehouse of the client sending, find the corresponding cipher key store of service end, and it is carried out to informative abstract, then, the summary of the summary of service end and client, compare, prevent distorting of client summary cryptographic libraries.
Step S04, checking is with the secret key storehouse version of new client.Particularly, more whether the secret key storehouse version number decision of service end checking comparison client the secret key storehouse of row client,, the secret key storehouse version of service end to the laggard step checking client of a plurality of authentication information authentication successs receiving, and judge whether secret key storehouse and the authentication information of online updating client.If the cipher key store version number of lookup service end is higher than the version number in the secret key storehouse of client, service end triggers cipher key store and upgrades, and the secret key storehouse of online updating client.After renewal, client is obtained the authentication informations such as cipher key store summary again, again performs step S02 and carries out integrity check.If server side authentication failure, disconnects client and connects, releasing network resources.If the cipher key store version number of authentication success and lookup service end is same as the version number in the secret key storehouse of client, carry out subsequent step S041.
Step S041, whether deterministic process is consuming time reasonable.Particularly, client sends the second encipherment scheme solicited message (comprising version number, second system time etc.) to service end, request the second encipherment scheme.Service end according to the first system time of receiving and second system time the time difference between the two carry out process analysis on its rationality consuming time and (as: carried out version repository renewal process, process meeting consuming time is longer), if in the reasonable scope consuming time, perform step S05, if consuming time undesired, re-execute step S02.
Step S05, the authentication information that service end Random assignment the second encipherment scheme (being subscription authentication encipherment scheme) logs in service end to client is encrypted.Particularly, after analysis on its rationality success consuming time, service end is encrypted for client being logged in to the authentication information of service end to client Random assignment the second encipherment scheme; Client is sent to service end after using the second encipherment scheme to encrypt authentication informations such as user name, passwords and carries out authentication, and after authentication success, request service end distributes the 3rd encipherment scheme (being transfer of data encipherment scheme).In better embodiment, described the second encipherment scheme generally adopts asymmetric encryption mode.Described the 3rd encipherment scheme generally adopts symmetric cryptography mode, comprises contracting scheme or serializing scheme.
Step S06, service end Random assignment the 3rd encipherment scheme is encrypted communication data.Particularly, service end is used for communication data to be encrypted to client Random assignment the 3rd encipherment scheme, and according to the 3rd encipherment scheme distributing, set time-out time, client and service end simultaneously the 3rd encipherment scheme and time-out time be tied to service end to the current sessions of client to transmit data.In one execution mode, after the success of service end authentication, the encipherment scheme that the 3rd encipherment scheme distributing to client is general information, generally adopts symmetric cryptography mode, comprises compression scheme and serializing scheme.
Step S07, arranges the 3rd encipherment scheme time-out time, and transfer of data is carried out in binding session.Particularly, service end can be set time-out time corresponding to the 3rd encipherment scheme, and now client and service end are tied to current communication session the 3rd encipherment scheme and time-out time simultaneously, and carry out transfer of data.Judge whether the overtime or no communication disruption that goes offline simultaneously.If scheme is overtime, service end, at time-out time random free time point later, re-executes step S06 to client Random assignment the 3rd encipherment scheme.If client went offline and need reconnect with being connected of communication channel between service end, re-execute step S02, client re-establishes and service end communication channel encipherment scheme.Otherwise, after wait transfer of data, carry out subsequent step S08.In alternate embodiments, the setting of described time-out time can be omitted.
Step S08, disconnects communication channel, disconnects the communication connection between client and service end.
Communication channel dynamic encrypting method tool of the present invention has the following advantages: 1. service end has the cipher key store of all versions, and client has the cipher key store of the some versions of oneself, can avoid with jdk in the coupling of keystore; 2., when each communication channel is set up, service end is given a kind of different encipherment scheme of each client Random assignment, can reach different channels dynamic encryption effect; 3. cipher key store is done and is upgraded and safeguard according to version number, more convenient, autgmentability is strong, and adopts cryptographic Hash function before setting up communication channel at every turn, and whether the data in detecting client key storehouse distort; 4. service end and client's data interaction each time is all encrypted, and only need upload and pass encipherment scheme rather than concrete key at channel, and user authentication information adopts different encipherment schemes also safer from communication data information in addition; 5. by the time-out time of encipherment scheme in channel is set, after encipherment scheme is overtime, at a uncertain idle time of channel point subsequently, by service end, to client, redistribute encipherment scheme (comprising compression scheme, serializing scheme etc.), can reach same channel dynamic encryption effect.
Above execution mode is only unrestricted in order to technical scheme of the present invention to be described, although the present invention is had been described in detail with reference to above better embodiment, those of ordinary skill in the art should be appreciated that to modify or to be equal to replacement technical scheme of the present invention and should not depart from the spirit and scope of technical solution of the present invention.
Claims (10)
1. for realizing the communication channel dynamic encrypting method between service end and client, it is characterized in that, described method comprises: in service end and client, set up secret key storehouse respectively; The random communication connection of selecting between the first encipherment scheme foundation and service end of client; The authentication information that service end deciphering verification client transmit while setting up communication; More whether the secret key storehouse version number decision of service end checking comparison client the secret key storehouse of row client; The authentication information that service end Random assignment the second encipherment scheme logs in service end to client is encrypted; And service end Random assignment the 3rd encipherment scheme is encrypted communication data.
2. communication channel dynamic encrypting method as claimed in claim 1, is characterized in that: described the second encipherment scheme is asymmetrical encryption approach.
3. communication channel dynamic encrypting method as claimed in claim 1, is characterized in that: described the 3rd encipherment scheme is symmetric encryption scheme.
4. communication channel dynamic encrypting method as claimed in claim 1, is characterized in that: described symmetric encryption scheme comprises compression scheme and serializing scheme.
5. communication channel dynamic encrypting method as claimed in claim 1, is characterized in that: the cipher key store of service end comprises a plurality of versions, and the cipher key store of client only has a version.
6. communication channel dynamic encrypting method as claimed in claim 1, is characterized in that: described authentication information comprises cipher key store version number, cipher key store summary and system time.
7. communication channel dynamic encrypting method as claimed in claim 6, is characterized in that: described system time comprises the first system time and second system time.
8. communication channel dynamic encrypting method as claimed in claim 6, it is characterized in that: system time when the described the first system time is the random communication connection of selecting between the first encipherment scheme foundation and service end of client, the described second system time is that client is to the system time of service end request the second encipherment scheme.
9. communication channel dynamic encrypting method as claimed in claim 1, further comprises: if the communication channel between client and service end disconnects, reconnect, client select at random the first encipherment scheme to re-establish and service end between communication connection.
10. communication channel dynamic encrypting method as claimed in claim 1, it is characterized in that: service end presets time-out time corresponding to the 3rd encipherment scheme, client and service end are tied to communication session the 3rd encipherment scheme and time-out time simultaneously, service end, at time-out time random free time point later, is given client Random assignment the 3rd encipherment scheme again.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410114900.9A CN103973438B (en) | 2014-03-25 | 2014-03-25 | communication channel dynamic encrypting method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410114900.9A CN103973438B (en) | 2014-03-25 | 2014-03-25 | communication channel dynamic encrypting method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103973438A true CN103973438A (en) | 2014-08-06 |
| CN103973438B CN103973438B (en) | 2017-11-17 |
Family
ID=51242514
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410114900.9A Active CN103973438B (en) | 2014-03-25 | 2014-03-25 | communication channel dynamic encrypting method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103973438B (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107317925A (en) * | 2017-06-20 | 2017-11-03 | 北京壹人壹本信息科技有限公司 | Mobile terminal |
| CN105791292B (en) * | 2016-03-03 | 2019-01-01 | 浪潮天元通信信息系统有限公司 | A kind of method of Dynamic Geographical Information encryption |
| CN109617886A (en) * | 2018-12-21 | 2019-04-12 | 广州市宏大欣电子科技有限公司 | Client data encryption method and service end data encryption method based on TCP communication |
| CN112583766A (en) * | 2019-09-29 | 2021-03-30 | 富士施乐实业发展(中国)有限公司 | Remote interaction method, device and system for security information |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1909447A (en) * | 2005-08-03 | 2007-02-07 | 盛趣信息技术(上海)有限公司 | Method for network data communication by using dynamic encryption algorithm |
| CN1972237A (en) * | 2006-12-06 | 2007-05-30 | 胡祥义 | VPN system based on dynamic encryption algorithm |
| CN101431411A (en) * | 2007-11-09 | 2009-05-13 | 康佳集团股份有限公司 | Dynamic encryption method for network game data |
-
2014
- 2014-03-25 CN CN201410114900.9A patent/CN103973438B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1909447A (en) * | 2005-08-03 | 2007-02-07 | 盛趣信息技术(上海)有限公司 | Method for network data communication by using dynamic encryption algorithm |
| CN1972237A (en) * | 2006-12-06 | 2007-05-30 | 胡祥义 | VPN system based on dynamic encryption algorithm |
| CN101431411A (en) * | 2007-11-09 | 2009-05-13 | 康佳集团股份有限公司 | Dynamic encryption method for network game data |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105791292B (en) * | 2016-03-03 | 2019-01-01 | 浪潮天元通信信息系统有限公司 | A kind of method of Dynamic Geographical Information encryption |
| CN107317925A (en) * | 2017-06-20 | 2017-11-03 | 北京壹人壹本信息科技有限公司 | Mobile terminal |
| CN109617886A (en) * | 2018-12-21 | 2019-04-12 | 广州市宏大欣电子科技有限公司 | Client data encryption method and service end data encryption method based on TCP communication |
| CN109617886B (en) * | 2018-12-21 | 2021-07-27 | 广东宏大欣电子科技有限公司 | Client data encryption method and server data encryption method based on TCP communication |
| CN112583766A (en) * | 2019-09-29 | 2021-03-30 | 富士施乐实业发展(中国)有限公司 | Remote interaction method, device and system for security information |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103973438B (en) | 2017-11-17 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106911513B (en) | trusted device management method based on decentralized network | |
| US9043598B2 (en) | Systems and methods for providing secure multicast intra-cluster communication | |
| WO2017185999A1 (en) | Method, apparatus and system for encryption key distribution and authentication | |
| WO2019148562A1 (en) | Acceleration method for handshake request in content delivery network, device and edge node | |
| CN103036872B (en) | The encryption and decryption method of transfer of data, equipment and system | |
| CN107124266B (en) | Video communication system and method based on quantum encryption | |
| WO2019178942A1 (en) | Method and system for performing ssl handshake | |
| CN103428221A (en) | Safety logging method, system and device of mobile application | |
| JP2012235214A (en) | Encryption communication device and encryption communication system | |
| CN101282208B (en) | Method for updating safety connection association master key as well as server and network system | |
| WO2015180604A1 (en) | Secret communication control method, secret communication method, and apparatus | |
| CA2938166C (en) | Method and system for protecting data using data passports | |
| CN102111411A (en) | Method for switching encryption safety data among peer-to-peer user nodes in P2P network | |
| US20140380049A1 (en) | Management of group secrets by group members | |
| KR20180130203A (en) | APPARATUS FOR AUTHENTICATING IoT DEVICE AND METHOD FOR USING THE SAME | |
| CN104901940A (en) | 802.1X network access method based on combined public key cryptosystem (CPK) identity authentication | |
| GB2581096A (en) | Altering cipher and key within an established session | |
| CN103973438A (en) | Communication channel dynamic encryption method | |
| CN107493294B (en) | Safe access and management control method of OCF (optical clock and frequency conversion) equipment based on asymmetric encryption algorithm | |
| CN101827106A (en) | DHCP safety communication method, device and system | |
| CN105554008A (en) | User terminal, authentication server, middle server, system and transmission method | |
| EP4278558A1 (en) | System and method for key establishment | |
| CN107135228B (en) | Authentication system and authentication method based on central node | |
| TWI801615B (en) | Communication method between terminal and server, server communicating with terminal, and terminal communicating with server | |
| CN107493281A (en) | encryption communication method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |