CN105141568B - Secured communication channel method for building up and system, client and server - Google Patents
Secured communication channel method for building up and system, client and server Download PDFInfo
- Publication number
- CN105141568B CN105141568B CN201410230794.0A CN201410230794A CN105141568B CN 105141568 B CN105141568 B CN 105141568B CN 201410230794 A CN201410230794 A CN 201410230794A CN 105141568 B CN105141568 B CN 105141568B
- Authority
- CN
- China
- Prior art keywords
- server
- client
- public key
- key
- new
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Abstract
The embodiment of the invention discloses a kind of secured communication channel method for building up and systems, client and server, belong to communication security processing technology field.The method comprise the steps that generating the private key of client and the public key of client, and send to server for requesting to establish the request message communicated with server, request message includes at least the public key of client;The current public key for obtaining pre-stored server generates the shared secret key of client according to the current public key of the private key and server of client;The response message that communication is established in the agreement that server is sent is received, is decrypted according to the shared secret key pair response message of client and the subsequent request message for being sent to server is encrypted, to establish the secured communication channel between client and server.The present invention obtains the current public key of pre-stored server by client, sends its public key to client without server, so avoids third-party attack, improve the safety of communication.
Description
Technical field
The present invention relates to communication security processing technology field, in particular to a kind of secured communication channel method for building up and it is
System, client and server.
Background technique
Internet and communication network have obtained swift and violent development in the world in recent years, its life style to the mankind
Strong influence and change are produced, and the following Network Information Security Problem just becomes more and more important.Network hacker,
The appearance of the means such as virus, information stealth and interference, makes the information security of network communication both sides face serious provocation.For this person
Generally use Diffie-Hellman key exchange method to establish the communication channel between communicating pair.
The process of the communication channel between client and server is established using Diffie-Hellman Diffie-Hellman
Usually: firstly, user end to server send for request with the request message that communicates of server foundation, in this request message
The public key of client is carried, server sends to client after the request message for receiving client transmission and agrees to that foundation is logical
The response message of letter carries the current public key of server in this response message, meanwhile, current public affairs of the client also according to server
Key generates shared secret key, and server generates shared secret key also according to the public key that client is sent, can so establish
Communication channel between client and server.It is close to be all made of shared secret in subsequent communicated for client and server
Key encrypts the message of transmission, and is decrypted according to the received message of shared secret key pair.
In the implementation of the present invention, inventor has found background technique the prior art has at least the following problems: due to using at present
The method that Diffie-Hellman Diffie-Hellman establishes communication channel, server is in the response message for being sent to client
Its public key is carried, in this way, third-party attack is highly susceptible to, for example, third party can intercept and capture and parse the response message
The current public key of server is got, and forges the current public key of server and client is communicated.In addition, client is to clothes
When business device sends request message, third party is it is also possible to intercept and capture the public key of client entrained in request message, and forge visitor
The public key and server at family end are communicated, in this way, third party plays the part of server and server communication when with client communication
When play the part of client, third party can intercept and capture and arbitrarily forward that client issues the message of server or server issues client
The message at end, distorts message as needed in communication process so that client and server do not know they and third
Fang Jinhang communication, in this way, will result in the complete leakage of the communication information between client and server, not can guarantee communication security
Property.
Summary of the invention
The present invention provides a kind of secured communication channel method for building up and system, client and server, existing to solve
The problems such as communication channel method for building up safety is low.
The technical solution is as follows:
In a first aspect, the embodiment of the invention provides a kind of secured communication channel method for building up, the secured communication channel
Method for building up, comprising: generate the private key of client and the public key of client, and send to server for requesting to build with server
The request message of vertical communication, request message include at least the public key of client;The current public key of pre-stored server is obtained,
The shared secret key of client is generated according to the current public key of the private key and server of client;Receive the same of server transmission
Meaning establishes the response message of communication, is decrypted according to the shared secret key pair response message of client and is sent to subsequent
The request message of server is encrypted, to establish the secured communication channel between client and server.
Second aspect, the embodiment of the invention provides a kind of client, the client, comprising: communication request module, sound
Answer the shared key generation module of message receiving module and client;Communication request module, for generating the private key of client
With the public key of client, and to server send for request with the request message that communicates of server foundation, request message is at least
Public key including client;The shared key generation module of client, for obtaining the current public key of pre-stored server,
The shared secret key of client is generated according to the current public key of the private key and server of client;Response message receiving module,
The response message of communication is established in agreement for receiving server transmission, according to the shared secret key pair response message of client
It is decrypted and the subsequent request message for being sent to server is encrypted, to establish the safety between client and server
Communication channel.
The third aspect, the embodiment of the invention provides a kind of secured communication channel method for building up, the secured communication channels
Method for building up, comprising: receive the request message for requesting to communicate with server foundation that client is sent, wherein request report
Text includes at least the public key of client;The current public key for generating the private key and server of server, according to the private key of server and
The public key of client generates the current shared privacy key of server;The response message for agreeing to establish communication is generated, according to service
The current shared privacy key of device encrypt and the request message of receipt of subsequent is decrypted to response message, and to client
End sends encrypted response message, to establish the secured communication channel between client and server.
Fourth aspect, the embodiment of the invention provides a kind of server, the server, comprising: request message receives mould
Block, key production module and response message sending module;Request message receiving module, for receiving being used for for client transmission
It requests to establish the request message communicated with server, wherein request message includes at least the public key of client;Key generates mould
Block, the current public key of the private key and server for generating server are generated according to the private key of server and the public key of client
The current shared privacy key of server;Response message sending module, for the current shared privacy key pair according to server
Response message encrypt and the request message of receipt of subsequent is decrypted, and encrypted response report is sent to client
Text, with the secured communication channel established between client and the server.
5th aspect, the embodiment of the invention provides a kind of secured communication channels to establish system, the secured communication channel
Establish system, comprising: client and server;Client includes communication request module, response message receiving module and client
The shared key generation module at end;Server includes the shared of request message receiving module, key production module and server
Key production module;Communication request module for generating the private key of client and the public key of client, and sends to server and uses
The request message communicated is established with server in request, request message includes at least the public key of client;Request message receives mould
Block, for receiving the request message for requesting to communicate with server foundation of client transmission;The shared key of client is raw
At module, for obtaining the current public key of the pre-stored server, according to the private key of the client and the service
The current public key of device generates the shared secret key of the client;Key production module, for generating the private of the server
The current public key of key and the server generates the server according to the private key of the server and the public key of the client
Current shared privacy key;Response message sending module, for the current shared privacy key according to the server to institute
It states response message encrypt and the request message of receipt of subsequent is decrypted, and sends encrypted sound to the client
Message is answered, with the secured communication channel established between the client and the server;Response message receiving module, for connecing
The response message that communication is established in the agreement that the server is sent is received, is rung according to the shared secret key pair of the client
Message is answered to be decrypted and encrypt to the subsequent request message for being sent to the server, to establish the client and institute
State the secured communication channel between server.
Technical solution provided in an embodiment of the present invention has the benefit that
By the way that when server is agreed to communicate with client foundation, client can obtain pre-stored server
Current public key sends its public key to client again without server.It solves existing communication channel method for building up and causes visitor
The complete leakage of the communication information between family end and server, the problems such as not can guarantee communications security, the embodiment of the present invention can
Third-party attack is avoided, the safety of communication is promoted.
The above description is only an overview of the technical scheme of the present invention, in order to better understand the technical means of the present invention,
And it can be implemented in accordance with the contents of the specification, and in order to allow above and other objects, features and advantages of the invention can
It is clearer and more comprehensible, it is special below to lift preferred embodiment, and cooperate attached drawing, detailed description are as follows.
Detailed description of the invention
Figure 1A is the flow chart for the secured communication channel method for building up that first embodiment of the invention provides;
Figure 1B is the schematic diagram that client and server establishes communication channel;
Fig. 2A is the flow chart for the secured communication channel method for building up that second embodiment of the invention provides;
Fig. 2 B is the schematic diagram of the current public key of server update after client and server establishes communication channel;
Fig. 3 is the flow chart for the secured communication channel method for building up that third embodiment of the invention provides;
Fig. 4 A is the flow chart for the secured communication channel method for building up that fourth embodiment of the invention provides;
Fig. 4 B is that client and server is established in communication channel, the schematic diagram of the current public key of server update;
Fig. 5 is the main frame block diagram for the client that fifth embodiment of the invention provides;
Fig. 6 is the main frame block diagram for the client that sixth embodiment of the invention provides;
Fig. 7 is the main frame block diagram for the client that seventh embodiment of the invention provides;
Fig. 8 is the main frame block diagram for the client that eighth embodiment of the invention provides;
Fig. 9 is the flow chart for the secured communication channel method for building up that ninth embodiment of the invention provides;
Figure 10 is the flow chart for the secured communication channel method for building up that tenth embodiment of the invention provides;
Figure 11 is the flow chart for the secured communication channel method for building up that eleventh embodiment of the invention provides;
Figure 12 is the main frame block diagram for the server that twelveth embodiment of the invention provides;
Figure 13 is the main frame block diagram for the server that thriteenth embodiment of the invention provides;
Figure 14 is the main frame block diagram for the server that fourteenth embodiment of the invention provides;
Figure 15 is the main frame block diagram that the secured communication channel that fifteenth embodiment of the invention provides establishes system;
Figure 16 is the main frame block diagram that the secured communication channel that sixteenth embodiment of the invention provides establishes system;
Figure 17 is the main frame block diagram that the secured communication channel that seventeenth embodiment of the invention provides establishes system;
Figure 18 is a kind of structural block diagram of client.
Specific embodiment
It is of the invention to reach the technical means and efficacy that predetermined goal of the invention is taken further to illustrate, below in conjunction with
Attached drawing and preferred embodiment, to secured communication channel method for building up proposed according to the present invention and system, client and server
Its specific embodiment, structure, feature and effect, detailed description is as follows.
For the present invention aforementioned and other technology contents, feature and effect refer to the preferable reality of schema in following cooperation
Applying can clearly be presented in example detailed description.By the explanation of specific embodiment, when predetermined mesh can be reached to the present invention
The technical means and efficacy taken be able to more deeply and it is specific understand, however institute's accompanying drawings are only to provide with reference to and say
It is bright to be used, it is not intended to limit the present invention.
First embodiment
Figure 1A is please referred to, it illustrates the processes for the secured communication channel method for building up that first embodiment of the invention provides
Figure.This method can be as the secured communication channel establishment process performed by client;The secured communication channel method for building up, can
Include the following steps 101-105:
Step 101, the private key of client and the public key of client are generated, and is sent to server for request and server
The request message of communication is established, request message includes at least the public key of client.
By taking client and server is communicated as an example, as shown in Figure 1B, in step 101, client can choose one
Private key of the random number as client, and meet XA< p, and according to the private key X of clientAThe public key of client is generated, visitor is generated
The calculation formula of the public key at family end can beWherein, XA、YAIt is the private key and client of client respectively
Public key, p, g are open parameters, and open parameter p, g can be arranged in advance by server and client side, can also be at this
Client is arranged (as shown in Figure 1B) when sending request message, for example, p can be a prime number, g is an integer, and g is
A primitive root of p.In addition, client can private key X to clientASecrecy storage and by the public key Y of clientAIt is sent to clothes
Business device.
Step 103, the current public key for obtaining pre-stored server, according to the current of the private key and server of client
The current shared privacy key of public key generation client.
The current public key of server can be stored in advance in the memory of client, send out its public key without server
Client is given, can so prevent third party from intercepting the current public key of server, to promote communications security.
The calculation formula that client generates shared secret key can beWherein, K is client
The shared secret key at end, YBIt is the current public key of server, XAIt is the private key of client, mod is modulus operation, and p is open joins
Number.
As shown in Figure 1B, client is secret according to sharing for the current public key of the private key and server of client generation client
Key.
Step 105, the response message that communication is established in the agreement that server is sent is received, it is close according to the shared secret of client
Key is decrypted response message and encrypts to the subsequent request message for being sent to server, to establish client and service
Secured communication channel between device.
If server receive client transmission for request with after the request message that communicates of server foundation, and together
Meaning establishes communication therewith, then server will be sent to response message (as shown in Figure 1B) (this that client agrees to establish communication
Response message is encrypted using the current shared privacy key of server), it can so establish client and server
Between secured communication channel, client and server in subsequent communicated, be also all made of shared secret key pair transmission
Message encrypted, and be decrypted according to the received message of shared secret key pair.
In conclusion secured communication channel method for building up provided in this embodiment, by server agreement and client
When establishing communication, client can obtain the current public key of pre-stored server, without server again to client
Send its current public key.It solves existing communication channel method for building up and causes the complete of the communication information between client and server
The problems such as leaking entirely, not can guarantee communications security, the embodiment of the present invention can be avoided third-party attack, promote the peace of communication
Quan Xing.
Second embodiment
Fig. 2A is please referred to, it illustrates the processes for the secured communication channel method for building up that second embodiment of the invention provides
Figure.This method can be as the secured communication channel establishment process performed by client;Itself and secured communication channel shown in figure 1A
Method for building up is similar, the difference is that, in the present embodiment, client can inquire whether server needs to update current public affairs
It can also include: step 201-205 after key, the i.e. step 105 of Figure 1A.
Step 201, it sends to server for inquiring whether server needs to update the inquiry request message of current public key,
Inquiry request message includes at least the current public key information of server, if desired updates, then carries out step 203, if not needing more
Newly, then step 206 is carried out.
As shown in Figure 2 B, client can be sent to server for inquiring whether server needs to update current public key
Inquiry request message.The current public key information of server may include the current public key Y of serverBOr the current public key of server
YBThe information such as sequence number.Sequence number can be serial number, the code name etc. of current public key.
Step 203, if server needs to update current public key, the response of the current public key of update of server transmission is received
Message, response message include at least the new public key of server.
If server needs to update current public key, server sends new public key to client, and client then receives clothes
The server that business device is sent carries the response message (as shown in Figure 2 B) of new public key, this response message is secret using current shared
What key was encrypted.
Step 205, by the current public key of the new public key replacement server of server, and according to the private key kimonos of client
The new public key of business device generates the new shared secret key of client, according to the new shared secret key pair service of client
The subsequent response message that device is sent is decrypted and encrypts to the subsequent request message for being sent to server, to establish client
New secured communication channel between end and server.
As shown in Figure 2 B, after client receives new public key, i.e., the current public key of replaceable server is subsequent to resettle peace
When full communication channel, the new public key of server is just used, i.e., client is generated using the private key of new public key and client
The new shared secret key at end, establishes the new secured communication channel between client and server.Client and server
In subsequent communicated, it is all made of the message that new shared secret key pair is sent and is encrypted, and is secret according to new sharing
The close received message of key pair is decrypted.
Step 206, what reception server was sent does not need to update the response message of current public key.
Wherein, this response message is encrypted using current shared privacy key.
In conclusion secured communication channel method for building up provided in this embodiment, can also be sent out by user end to server
Send inquiry server when whether needing to update the inquiry request of current public key, server can be according to inquiry request and by update
Public key is sent to client, so that current public key of the client to server is updated.In this way, server can be according to client
End demand and update its current public key and private key, to ensure that the safety of communication.
3rd embodiment
Referring to FIG. 3, the flow chart of the secured communication channel method for building up provided it illustrates third embodiment of the invention.
This method can be as the secured communication channel establishment process performed by client;It is established with secured communication channel shown in figure 1A
Method is similar, the difference is that, in the present embodiment, server can voluntarily update current public key, and new public key is sent out
Client is given, inquiry is carried out without client and is just updated current public key, i.e., can also be wrapped after the step 105 of Figure 1A
It includes: step 301.
Step 301, the response message for the current public key of update that server is sent is received, response message includes at least server
New public key, by the current public key of the new public key replacement server of server, and according to the private key and server of client
New public key generate the new shared secret key of client, sent out according to the new shared secret key pair server of client
The subsequent response message sent is decrypted and encrypts to the subsequent request message for being sent to server, with establish client and
New secured communication channel between server.
After client receives new public key, i.e., the current public key of replaceable server is subsequent to resettle secured communication channel
When, the new public key of server is just used, i.e., the new of client is generated using the private key of new public key and client and is total to
Privacy key is enjoyed, to establish the new secured communication channel between client and server.
It, can also automatically will more by server in conclusion secured communication channel method for building up provided in this embodiment
New public key is sent to client, so that current public key of the client to server is updated.In this way, server can be automatic
Its current public key and private key are updated, to ensure that the safety of communication.
Fourth embodiment
Fig. 4 A is please referred to, it illustrates the processes for the secured communication channel method for building up that fourth embodiment of the invention provides
Figure.This method can be as the secured communication channel establishment process performed by client;Itself and secured communication channel shown in figure 1A
Method for building up is similar, the difference is that, in the present embodiment, when beginning setting up communication channel, client can be inquired
Whether server will update current public key, i.e., can also include: step 401 after the step 101 of Figure 1A, the step 103 and
105 could alternatively be step 403 and 405 respectively.
Step 401, it sends to server for inquiring whether server needs to update the inquiry request message of current public key,
Inquiry request message includes at least the current public key information of server, if desired updates, then carries out step 403;
As shown in Figure 4 B, client can also send inquiry request to server when sending request message to server
Message, the current public key information of server include the current public key Y of serverBOr current public key YBSequence number at least within
One of.Wherein step 401 and step 101 can also carry out simultaneously, if server needs to update, can be generated new public key and
Private key, and the new public key of server is sent to client.
Step 403, the response message that communication is established in the agreement that server is sent is received, includes at least service in response message
The new public key of device;
Step 405, by the current public key of the new public key replacement server of server, and according to the private key kimonos of client
The new public key of business device generates the new shared secret key of client, according to the new shared secret key pair service of client
The subsequent response message that device is sent is decrypted and encrypts to the subsequent request message for being sent to server, to establish client
New secured communication channel between end and server.
As shown in Figure 4 B, after client receives new public key, i.e., the current public key of replaceable server is subsequent to resettle peace
When full communication channel, the new public key of server is just used, i.e., client is generated using the private key of new public key and client
The new shared secret key at end, establishes the new secured communication channel between client and server.Client and server
In subsequent communicated, it is all made of the message that new shared secret key pair is sent and is encrypted, and is secret according to new sharing
The close received message of key pair is decrypted.
In conclusion secured communication channel method for building up provided in this embodiment, can also establish in server and client side
During communication channel, whether client inquiry server updates the current public key of server, and server can be asked according to inquiry
It asks and the public key of update is sent to client, so that current public key of the client to server is updated.In this way, server
Its current public key and private key can be updated during establishing communication channel with client, to ensure that the safety of communication
Property.
The following are the embodiments of client of the invention, the details of not detailed description, Ke Yican in client embodiment
It is admitted to and states corresponding first to fourth embodiment of secured communication channel method for building up.
5th embodiment
Referring to FIG. 5, the main frame block diagram of the client provided it illustrates fifth embodiment of the invention.The client
End, comprising: the shared key generation module 503 and response message receiving module 505 of communication request module 501, client.
Specifically, communication request module 501, for generating the private key of client and the public key of client, and to server
It sends for requesting to establish the request message communicated with server, request message includes at least the public key of client;
Communication request module 501 can choose private key of the random number as client, and meet XA< p generates visitor
The calculation formula of the public key at family end isWherein, XA、YAIt is the private key of client and the public affairs of client respectively
Key, p, g are open parameters, and p is prime number, and g is integer, and g is a primitive root of p.
The shared key generation module 503 of client, for obtaining the current public key of pre-stored server, according to visitor
The current public key of the private key and server at family end generates the shared secret key of client, to establish between client and server
Secured communication channel.
The shared key generation module 503 of client, the calculation formula for generating the shared secret key of client can beWherein, K is the shared secret key of client, YBIt is the current public key of server, XAIt is client
The private key at end, mod are modulus operations, and p is open parameter.
Response message receiving module 505, the response message of communication is established in the agreement for receiving server transmission, according to visitor
The shared secret key pair response message at family end is decrypted and encrypts to the subsequent request message for being sent to server, with
Establish the secured communication channel between client and server.
In conclusion client provided in this embodiment, by when server is agreed to establish with client and be communicated, client
End can obtain the current public key of pre-stored server, send its public key to client again without server.It solves
Existing communication channel method for building up causes the complete leakage of the communication information between client and server, not can guarantee communication
The problems such as safety, the embodiment of the present invention can be avoided third-party attack, promote the safety of communication.
Sixth embodiment
Referring to FIG. 6, the main frame block diagram of the client provided it illustrates sixth embodiment of the invention.Itself and Fig. 5
Shown in client it is similar, the difference is that, the client, can also include: inquiry module 601, new public key receive
Module 603 and replacement module 605.
Module 601 is inquired, for sending to server for inquiring whether server needs to update the inquiry of current public key
Request message, inquiry request message include at least the current public key information of server;
New public key receiving module 603 receives the update of server transmission if needing to update current public key for server
The response message of current public key, response message include at least the new public key of server;
Replacement module 605 replaces the current public key of server for the new public key by server, and according to client
The new public key of private key and server generates the new shared secret key of client, close according to the new shared secret of client
Key is decrypted the subsequent response message that server is sent and encrypts to the subsequent request message for being sent to server, with
Establish the new secured communication channel between client and server.
In conclusion client provided in this embodiment, inquiry server can be also sent by user end to server is
When the no inquiry request for needing to update current public key, the public key of update can be sent to client according to inquiry request by server
End, so that current public key of the client to server is updated.In this way, server can update it according to client demand
Current public key and private key, to ensure that the safety of communication.
7th embodiment
Referring to FIG. 7, the main frame block diagram of the client provided it illustrates seventh embodiment of the invention.Itself and Fig. 5
Shown in client it is similar, the difference is that, the client can also include: new public key receiving module 701.
New public key receiving module 701, the response message of the current public key of update for receiving server transmission, response message
Including at least the new public key of server, by the current public key of the new public key replacement server of server, and according to client
The new public key of private key and server generate the new shared secret key of client, according to the new shared secret of client
The subsequent response message that key pair server is sent is decrypted and encrypts to the subsequent request message for being sent to server,
To establish the new secured communication channel between client and server.
In conclusion the public key of update, can be also sent to by server by client provided in this embodiment automatically
Client, so that current public key of the client to server is updated.In this way, server can automatically update its current public key
And private key, to ensure that the safety of communication.
8th embodiment
Referring to FIG. 8, the main frame block diagram of the client provided it illustrates eighth embodiment of the invention.Itself and Fig. 5
Shown in client it is similar, the difference is that, the communication request module 501, further includes: inquiry module 801;
Module 801 is inquired, for sending to server for inquiring whether server needs to update the inquiry of current public key
Request message, inquiry request message include at least the current public key information of server;
The response message of communication, response report are established in response message receiving module 503, the agreement for receiving server transmission
The new public key of server is included at least in text;
The shared key generation module 505 of client is also used to the current of the new public key replacement server of server
Public key, and the new shared secret key of the new public key generation client according to the private key and server of client, according to visitor
The subsequent response message that the new shared secret key pair server at family end is sent is decrypted and is sent to server to subsequent
Request message encrypted, to establish the new secured communication channel between client and server.
In conclusion client provided in this embodiment, can also during server and client side establishes communication channel,
Whether client inquiry server updates the current public key of server, and server can public key according to inquiry request and by update
It is sent to client, so that current public key of the client to server is updated.In this way, server can be built with client
Its current public key and private key are updated during vertical communication channel, to ensure that the safety of communication.
9th embodiment
Referring to FIG. 9, the flow chart of the secured communication channel method for building up provided it illustrates ninth embodiment of the invention.
This method can be as the secured communication channel establishment process performed by server;The secured communication channel method for building up, can wrap
Include following steps 901-905:
Step 901, the request message for requesting to communicate with server foundation that client is sent is received, wherein request
Message includes at least the public key of client.
When client wishes to be communicated with server, then the request report for carrying the public key of client is sent to server
Text, if server receive client transmission for request to establish the request message that communicates with server after, and agreement and
Foundation communication, then server will be sent to client agree to establish communication response message.
Step 903, the current public key for generating the private key and server of server, according to the private key of server and client
The current shared privacy key of public key generation server.
Transformational relation between the current public key and private key of server can beWherein, XB、YBPoint
It is not the private key and public key of server, p, g are open parameters, and open parameter p, g can be carried out in advance by server and client side
Agreement, for example, p can be a prime number, g is an integer, and g is a primitive root of p.In addition, server can be to private key XB
Secrecy storage.In addition, server can pre-generate private key and current public key and be stored, it can be according to service in this step
Respective private keys of the current Pubic-Key search of device to server.
The calculation formula of current shared privacy key that server generates server is Wherein, K is the current shared privacy key of server, XBIt is the public key of client, YAIt is
The private key of server, mod are modulus operations, and p is open parameter.
Step 905, the response message for agreeing to establish communication is generated, according to the current shared privacy key of server to response
Message encrypt and the request message of receipt of subsequent is decrypted, and encrypted response message is sent to client, with
Establish the secured communication channel between client and server.
In conclusion secured communication channel method for building up provided in this embodiment, by server agreement and client
When establishing communication, server can generate private key according to the current public key of preset server.It solves existing
Communication channel method for building up causes the complete leakage of the communication information between client and server, not can guarantee communications security etc.
Problem, the embodiment of the present invention can be avoided third-party attack, promote the safety of communication.
Tenth embodiment
Referring to FIG. 10, the process of the secured communication channel method for building up provided it illustrates tenth embodiment of the invention
Figure.This method can be as the secured communication channel establishment process performed by server;It builds with secured communication channel shown in Fig. 9
Cube method is similar, the difference is that, in the present embodiment, in client inquiry, server, which decides whether to update, works as
It can also include: step 1001-1007 after preceding public key, the i.e. step 905 of Fig. 9.
Step 1001, what reception client was sent is used to inquire whether server needs to update the inquiry request of current public key
Message, inquiry request message include at least the current public key information of server, if desired update, then carry out step 1003, if not
It needs to update, then carries out step 1005.
Client can be sent to server for inquiring whether server needs to update the inquiry request report of current public key
Text.The current public key information of server may include the letter such as the current public key of server or the sequence number of current public key of server
Breath.Sequence number can be serial number, the code name etc. of public key.
Step 1003, current public key is if desired updated, then generates the new public key and new private key of server, and according to clothes
The public key of the new private key and client of business device generates the new shared secret key of server.
After client receives new public key, the current public key of server can be replaced, it is subsequent to resettle secured communication channel
When, the new public key of server is just used, i.e., the new of client is generated using the private key of new public key and client and is total to
Privacy key is enjoyed, to establish the new secured communication channel between client and server.
Step 1005, the response message for updating current public key is generated, according to the current shared privacy key of server to sound
It answers message to be encrypted, and sends the response message of the encrypted current public key of update to client, and according to the new of server
Shared secret key pair subsequent response message carry out encrypt and the request message of receipt of subsequent is decrypted, to establish client
New secured communication channel between end and server, the response message for updating current public key include at least the new public affairs of server
Key.
Step 1007, the response message for not needing to update current public key is sent to client.
In conclusion secured communication channel method for building up provided in this embodiment, can also be sent out by user end to server
Send inquiry server when whether needing to update the inquiry request of current public key, server can be according to inquiry request and by update
Public key is sent to client, so that current public key of the client to server is updated.In this way, server can be according to client
End demand and update its current public key and private key, to ensure that the safety of communication.
11st embodiment
Figure 11 is please referred to, it illustrates the processes for the secured communication channel method for building up that eleventh embodiment of the invention provides
Figure.This method can be as the secured communication channel establishment process performed by server;It builds with secured communication channel shown in Fig. 9
Cube method is similar, the difference is that, in the present embodiment, when beginning setting up communication channel, client can inquire clothes
Whether business device will update current public key, i.e., can also include: step 1101, the step 903 and 905 after the step 901 of Fig. 9
It could alternatively be step 1103 and 1105 respectively.
Step 1101, what reception client was sent is used to inquire whether server needs to update the inquiry request of current public key
Message, inquiry request message include at least the current public key information of server;
Step 1103, the new shared secret for generating server according to the public key of the new private key and client of server is close
Key;
Step 1105, the response message for agreeing to establish communication is generated, according to the current shared privacy key of server to sound
It answers message to be encrypted, and sends encrypted response message to client, agree to establish in the response message communicated and at least wrap
The new public key of server is included, and encrypt and to rear according to the new shared secret key pair subsequent response message of server
Continue received request message to be decrypted, client generates client according to the new public key of the private key and server of client
New shared secret key.
In conclusion secured communication channel method for building up provided in this embodiment, can also establish in server and client side
During communication channel, whether client inquiry server updates the current public key of server, and server can be asked according to inquiry
It asks and the public key of update is sent to client, so that current public key of the client to server is updated.In this way, server
Its current public key and private key can be updated during establishing communication channel with client, to ensure that the safety of communication
Property.
The following are the embodiments of server of the invention, the details of not detailed description, Ke Yican in server example
It is admitted to and states corresponding the 9th to the 11st embodiment of secured communication channel method for building up.
12nd embodiment
Figure 12 is please referred to, it illustrates the main frame block diagrams for the server that twelveth embodiment of the invention provides.It is described
Server, comprising: request message receiving module 1201, key production module 1203 and response message sending module 1205.
Specifically, request message receiving module 1201, for receiving establishing for request and server for client transmission
The request message of communication, wherein request message includes at least the public key of client;
Key production module 1203, the current public key of the private key and server for generating server, according to server
Private key and the public key of client generate the current shared privacy key of server;
Key production module 1203, the calculation formula for generating the current shared privacy key of server can be Wherein, K is the current shared privacy key of server, XBIt is the public key of client, YAIt is server
Private key, mod are modulus operations, and p is open parameter.
Response message sending module 1205, for generating the response message for agreeing to establish communication, according to the current of server
Shared secret key pair response message encrypt and the request message of receipt of subsequent is decrypted, and sends and add to client
The response message of close mistake, to establish the secured communication channel between client and server.
In conclusion server provided in this embodiment, by servicing when server is agreed to communicate with client foundation
Device can generate private key according to the current public key of preset server.Solves existing communication channel method for building up
The complete leakage for causing the communication information between client and server, the problems such as not can guarantee communications security, the present invention are implemented
Example can be avoided third-party attack, promote the safety of communication.
13rd embodiment
With reference to Figure 13, it illustrates the main frame block diagrams for the server that thriteenth embodiment of the invention provides.Itself and figure
Server shown in 12 is similar, the difference is that, the server, can also include: inquiry request receiving module 1301,
New public key generation module 1303 and new public key sending module 1305.
Inquiry request receiving module 1301, for receiving working as inquiring whether server needs to update for client transmission
The inquiry request message of preceding public key, inquiry request message include at least the current public key information of server;
The current public key information of server include server current public key or current public key sequence number at least within
One of.
New public key generation module 1303 then generates the new public key of server and new for if desired updating current public key
Private key, and according to the public key of the new private key and client of server generate server new shared secret key;
New public key sending module 1305, for generating the response message for updating current public key, according to the current total of server
It enjoys privacy key to encrypt response message, and sends the response message of the encrypted current public key of update to client, and
Encryption is carried out according to the new shared secret key pair subsequent response message of server and the request message of receipt of subsequent is carried out
Decryption, to establish the new secured communication channel between client and server, the response message for updating current public key is at least wrapped
Include the new public key of server.
In conclusion server provided in this embodiment, inquiry server can be also sent by user end to server is
When the no inquiry request for needing to update current public key, the public key of update can be sent to client according to inquiry request by server
End, so that current public key of the client to server is updated.In this way, server can update it according to client demand
Current public key and private key, to ensure that the safety of communication.
14th embodiment
Figure 14 is please referred to, it illustrates the main frame block diagrams for the server that fourteenth embodiment of the invention provides.Its with
Server shown in Figure 12 is similar, the difference is that, the request message receiving module 1201, further includes: inquiry receives
Module 1401;
Inquire receiving module 1401, for receive client transmission for inquiring whether server needs to update current public affairs
The inquiry request message of key, inquiry request message include at least the current public key information of server;
Key production module 1203 is also used to generate server according to the public key of the new private key and client of server
New shared secret key.
New public key sending module 1205, is also used to generate the response message for agreeing to establish communication, according to the current of server
Shared secret key pair response message is encrypted, and encrypted response message is sent to client, agrees to establish communication
The new public key of server is included at least in response message, and according to the new shared secret key pair subsequent response report of server
Text encrypt and the request message of receipt of subsequent is decrypted, and client is new according to the private key and server of client
The new shared secret key of public key generation client.
In conclusion server provided in this embodiment, can also during server and client side establishes communication channel,
Whether client inquiry server updates the current public key of server, and server can public key according to inquiry request and by update
It is sent to client, so that current public key of the client to server is updated.In this way, server can be built with client
Its current public key and private key are updated during vertical communication channel, to ensure that the safety of communication.
15th embodiment
Figure 15 is please referred to, the secured communication channel provided it illustrates fifteenth embodiment of the invention establishes the main of system
Block architecture diagram.It includes: client and server that the secured communication channel, which establishes system,.Wherein, client includes communication request
The shared key generation module 1503 of module 1501, response message receiving module 1505 and client.Server includes request
Message receiving module 1507, key production module 1509 and response message sending module 1511.
Communication request module 1501 for generating the private key of client and the public key of client, and sends to server and uses
The request message communicated is established with server in request, request message includes at least the public key of client;
Request message receiving module 1507, for receive client transmission for request with server foundation communicate ask
Message is sought, the response message for agreeing to establish communication is sent to client;
The shared key generation module 1503 of client, for obtaining the current public key of pre-stored server, according to
The current public key of the private key and server of client generates the shared secret key of client;
Key production module 1509, the current public key of the private key and server for generating server, according to server
Private key and the public key of client generate the current shared privacy key of server;
Response message sending module 1511, for being added according to the current shared privacy key of server to response message
It is close and the request message of receipt of subsequent is decrypted, and encrypted response message is sent to client, to establish client
Secured communication channel between server;
The response message of communication is established in response message receiving module 1505, the agreement for receiving server transmission, according to
The shared secret key pair response message of client is decrypted and encrypts to the subsequent request message for being sent to server,
To establish the secured communication channel between client and server.
In conclusion secured communication channel provided in this embodiment establishes system, by server agreement and client
When establishing communication, server can generate private key according to the current public key of preset server.It solves existing
Communication channel method for building up causes the complete leakage of the communication information between client and server, not can guarantee communications security etc.
Problem, the embodiment of the present invention can be avoided third-party attack, promote the safety of communication.
16th embodiment
Figure 16 is please referred to, the secured communication channel provided it illustrates sixteenth embodiment of the invention establishes the main of system
Block architecture diagram.It is similar that it establishes system to secured communication channel shown in figure 15, the difference is that, the client, also
It include: inquiry module 1601, new public key receiving module 1603 and replacement module 1605;The server, further includes: inquiry is asked
Ask receiving module 1607, new public key generation module 1609 and new public key sending module 1611.
Module 1601 is inquired, for sending to server for inquiring whether server needs to update the inquiry of current public key
Request message, inquiry request message include at least the current public key information of server;
Inquiry request receiving module 1607, for receiving working as inquiring whether server needs to update for client transmission
The inquiry request message of preceding public key;
New public key generation module 1609 then generates the new public key of server and new for if desired updating current public key
Private key, and send to client end the new public key of server, and the public key of the new private key and client according to server
Generate the new shared secret key of server;
New public key sending module 1611, for generating the response message for updating current public key, according to the current total of server
It enjoys privacy key to encrypt response message, and sends the response message of the encrypted current public key of update to client, and
Encryption is carried out according to the new shared secret key pair subsequent response message of server and the request message of receipt of subsequent is carried out
Decryption, to establish the new secured communication channel between client and server, the response message for updating current public key is at least wrapped
Include the new public key of server.
New public key receiving module 1603, the response message of the current public key of update for receiving server transmission;
Replacement module 1605 replaces the current public key of server for the new public key by server, and according to client
The new public key of private key and server generate the new shared secret key of client, according to the new shared secret of client
The subsequent response message that key pair server is sent is decrypted and encrypts to the subsequent request message for being sent to server.
In conclusion secured communication channel provided in this embodiment establishes system, can also be sent out by user end to server
Send inquiry server when whether needing to update the inquiry request of current public key, server can be according to inquiry request and by update
Public key is sent to client, so that current public key of the client to server is updated.In this way, server can be according to client
End demand and update its current public key and private key, to ensure that the safety of communication.
17th embodiment
Figure 17 is please referred to, the secured communication channel provided it illustrates seventeenth embodiment of the invention establishes the main of system
Block architecture diagram.It is similar that it establishes system to secured communication channel shown in figure 15, the difference is that, the client, also
It include: the communication request module of client, further includes: inquiry module 1701.Request message receiving module, further includes: inquiry connects
Receive module 1703;
Module 1701 is inquired, for sending to server for inquiring whether server needs to update the inquiry of current public key
Request message, inquiry request message include at least the current public key information of server;
Inquire receiving module 1703, for receive client transmission for inquiring whether server needs to update current public affairs
The inquiry request message of key.
Key production module 1509 is also used to generate server according to the public key of the new private key and client of server
New shared secret key.
The server further include: new public key sending module 1513, for generating the response message for agreeing to establish communication, root
Response message is encrypted according to the current shared privacy key of server, and sends encrypted response message to client,
Agree to establish the new public key that server is included at least in the response message of communication, and close according to the new shared secret of server
Key encrypt and the request message of receipt of subsequent is decrypted to subsequent response message;
Response message receiving module 1505, the agreement for receiving server transmission are established the response message of communication, are agreed to
It establishes in the response message of communication and includes at least the new public key of server;
The shared key generation module 1503 of client is also used to the current of the new public key replacement server of server
Public key, and the new shared secret key of the new public key generation client according to the private key and server of client, according to visitor
The subsequent response message that the new shared secret key pair server at family end is sent is decrypted and is sent to server to subsequent
Request message encrypted, to establish the new secured communication channel between client and server.
In conclusion secured communication channel provided in this embodiment establishes system, can also be established in server and client side
During communication channel, whether client inquiry server updates the current public key of server, and server can be asked according to inquiry
It asks and the public key of update is sent to client, so that current public key of the client to server is updated.In this way, server
Its current public key and private key can be updated during establishing communication channel with client, to ensure that the safety of communication
Property.
18th embodiment
Figure 18 is please referred to, it illustrates a kind of structural block diagrams of client.As shown in figure 18, client includes memory
1802, storage control 1804, one or more (one is only shown in figure) processors 1806, Peripheral Interface 1808, radio frequency mould
Block 1810, photographing module 1814, audio-frequency module 1816, Touch Screen 1818 and key module 1820.These components pass through one
Item or a plurality of communication bus/signal wire mutually communicate.
It is appreciated that structure shown in Figure 18 is only to illustrate, client may also include than shown in Figure 18 more or more
Few component, or with the configuration different from shown in Figure 18.Each component shown in Figure 18 can using hardware, software or its
Combination is realized.
Memory 1802 can be used for storing software program and module, as carried out in client in the embodiment of the present invention
Corresponding program instruction/the module of secured communication channel method for building up (for example, corresponding module in client), processor 1802 are logical
The operation software program and module that are stored in memory 1804 are crossed, thereby executing various function application and data processing,
It realizes and above-mentioned securely communicates Path Setup method in client.
Memory 1802 may include high speed random access memory, may also include nonvolatile memory, such as one or more
Magnetic storage device, flash memory or other non-volatile solid state memories.In some instances, memory 1802 can be further
Including the memory remotely located relative to processor 1806, these remote memories can pass through network connection to client.
The example of above-mentioned network includes but is not limited to internet, intranet, local area network, mobile radio communication and combinations thereof.Processor
1806 and other possible components the access of memory 1802 can be carried out under the control of storage control 1804.
Various input/output devices are couple CPU and memory 1802 by Peripheral Interface 1808.Processor 806 is run
Various softwares, instruction in memory 802 are to execute the various functions of client and carry out data processing.
In some embodiments, Peripheral Interface 1808, processor 1806 and storage control 1804 can be in single cores
It is realized in piece.In some other example, they can be realized by independent chip respectively.
Radio-frequency module 1810 is used to receive and transmit electromagnetic wave, realizes the mutual conversion of electromagnetic wave and electric signal, thus
It is communicated with communication network or other equipment.Radio-frequency module 1810 may include various existing for executing these functions
Circuit element, for example, antenna, RF transceiver, digital signal processor, encryption/deciphering chip, subscriber identity module (SIM)
Card, memory etc..Radio-frequency module 1810 can be carried out with various networks such as internet, intranet, wireless network communication or
Person is communicated by wireless network and other equipment.Above-mentioned wireless network may include cellular telephone networks, WLAN
Or Metropolitan Area Network (MAN).Various communication standards, agreement and technology can be used in above-mentioned wireless network, and including but not limited to the whole world is moved
Dynamic communication system (Global System for Mobile Communication, GSM), enhanced mobile communication technology
(Enhanced Data GSM Environment, EDGE), Wideband CDMA Technology (wideband code division
Multiple access, W-CDMA), Code Division Multiple Access (Code division access, CDMA), time division multiple access technology
(time division multiple access, TDMA), bluetooth, adopting wireless fidelity technology (Wireless, Fidelity,
WiFi) (such as American Institute of Electrical and Electronics Engineers's standard IEEE 802.11a, IEEE 802.11b, IEEE802.11g and/
Or IEEE 802.11n), the networking telephone (Voice over internet protocal, VoIP), worldwide interoperability for microwave accesses
(Worldwide Interoperability for Microwave Access, Wi-Max), other be used for mail, Instant Messenger
The agreement and any other suitable communications protocol of news and short message, or even may include that those are not developed currently yet
Agreement.
Photographing module 1814 is for shooting photo or video.The photo or video of shooting can store to memory
In 1802, and it can be sent by radio-frequency module 1810.
Audio-frequency module 1816 provides a user audio interface, may include one or more microphones, one or more
Loudspeaker and voicefrequency circuit.Voicefrequency circuit receives voice data from Peripheral Interface 1808, and voice data is converted to telecommunications
Breath, is transmitted to loudspeaker for power information.Power information is converted to the sound wave that human ear can be heard by loudspeaker.Voicefrequency circuit is also from Mike
Receive power information at wind, convert electrical signals to voice data, and by data transmission in network telephony into Peripheral Interface 1808 to carry out
Further processing.Audio data can obtain from memory 1802 or through radio-frequency module 1810.In addition, audio data
Also it can store into memory 1802 or sent by radio-frequency module 1810.In some instances, audio-frequency module
1816, which may also include an earphone, broadcasts hole, for providing audio interface to earphone or other equipment.
Touch Screen 1818 provides an output and input interface simultaneously between client and user.Specifically, touch-control
Screen 1818 shows video output to user, and the content of these videos output may include text, figure, video and its any group
It closes.Some outputs are the result is that correspond to some user interface objects.Touch Screen 1818 also receives the input of user, such as user
The gesture operations such as click, sliding, so that user interface object responds the input of these users.Detect user's input
Technology can be based on resistance-type, condenser type or any other possible touch control detection technology.Touch Screen 1818 shows list
The specific example of member includes but is not limited to liquid crystal display or light emitting polymer displays.
Key module 1820 equally provides user's interface inputted to client, and user can be different by pressing
Key is so that the different function of client executing.
In addition, the embodiment of the present invention also provides a kind of computer readable storage medium, it is executable to be stored with computer
Instruction, above-mentioned computer readable storage medium is, for example, nonvolatile memory such as CD, hard disk or flash memory.It is above-mentioned
Computer executable instructions for allowing computer or similar arithmetic unit to complete above-mentioned secured communication channel foundation side
Method.
The above described is only a preferred embodiment of the present invention, be not intended to limit the present invention in any form, though
So the present invention has been disclosed as a preferred embodiment, and however, it is not intended to limit the invention, any technology people for being familiar with this profession
Member, without departing from the scope of the present invention, when the technology contents using the disclosure above are modified or are modified
It is right according to the technical essence of the invention for the equivalent embodiment of equivalent variations, but without departing from the technical solutions of the present invention
Any simple modification, equivalent change and modification made by above embodiments, all of which are still within the scope of the technical scheme of the invention.
Claims (27)
1. a kind of secured communication channel method for building up, which is characterized in that the secured communication channel method for building up, comprising:
The private key of client and the public key of client are generated, and is sent to server for requesting to communicate with server foundation
Request message, the request message include at least the client public key;
The current public key for obtaining the pre-stored server, according to the current of the private key of the client and the server
Public key generates the shared secret key of the client;
The response message that communication is established in the agreement that the server is sent is received, according to the shared secret key pair of the client
The response message is decrypted and encrypts to the subsequent request message for being sent to the server, to establish the client
Secured communication channel between end and the server.
2. secured communication channel method for building up according to claim 1, which is characterized in that generate private key and the visitor of client
The public key at family end, comprising:
Private key of the random number as the client is selected, and meets XA< p, the calculating for generating the public key of the client are public
Formula isWherein, XA、YAIt is the private key of the client and the public key of the client respectively, p, g are public
Parameter is opened, p is prime number, and g is integer, and g is a primitive root of p.
3. secured communication channel method for building up according to claim 1, which is characterized in that according to the private key of the client
The shared secret key of the client is generated with the current public key of the server, comprising:
The calculation formula for generating the shared secret key of the client isWherein, K is described
The shared secret key of client, YBIt is the current public key of the server, XAIt is the private key of the client, mod is modulus fortune
It calculates, p is open parameter.
4. secured communication channel method for building up according to claim 1, which is characterized in that receive what the server was sent
The response message for agreeing to establish communication, is decrypted and right according to response message described in the shared secret key pair of the client
The subsequent request message for being sent to the server is encrypted, with the safety established between the client and the server
After communication channel, comprising:
It sends to the server for inquiring whether the server needs to update the inquiry request message of current public key, it is described
Inquiry request message includes at least the current public key information of the server;
If the server needs to update the current public key, the response for the current public key of update that the server is sent is received
Message, the response message include at least the new public key of the server;
The new public key of the server is replaced to the current public key of the server, and according to the private key of the client and institute
The new public key for stating server generates the new shared secret key of the client, according to the client it is new share it is secret
The subsequent response message that server described in close key pair is sent is decrypted and to the subsequent request report for being sent to the server
Text is encrypted, with the secured communication channel established between the client and the server.
5. secured communication channel method for building up according to claim 1, which is characterized in that the current public key of the server
Information includes at least one of the current public key of the server or the sequence number of current public key.
6. secured communication channel method for building up according to claim 1, which is characterized in that receive what the server was sent
The response message for agreeing to establish communication, is decrypted and right according to response message described in the shared secret key pair of the client
The subsequent request message for being sent to the server is encrypted, with the safety established between the client and the server
After communication channel, comprising:
The response message for the current public key of update that the server is sent is received, the response message includes at least the server
New public key, the new public key of the server is replaced to the current public key of the server, and according to the client
The new public key of private key and the server generates the new shared secret key of the client, according to the new of the client
Shared secret key pair described in server send subsequent response message be decrypted and be sent to the server to subsequent
Request message encrypted, to establish the new secured communication channel between the client and the server.
7. secured communication channel method for building up according to claim 1, which is characterized in that generate private key and the visitor of client
The public key at family end, and send to server for requesting to establish the request message communicated, the request message with the server
After the public key of the client, comprising:
It sends to server for inquiring whether the server needs to update the inquiry request message of current public key, the inquiry
Request message includes at least the current public key information of the server;
The response message that communication is established in the agreement that the server is sent is received, includes at least the service in the response message
The new public key of device;
The new public key of the server is replaced to the current public key of the server, and according to the private key of the client and institute
The new public key for stating server generates the new shared secret key of the client, according to the client it is new share it is secret
The subsequent response message that server described in close key pair is sent is decrypted and to the subsequent request report for being sent to the server
Text is encrypted, to establish the new secured communication channel between the client and the server.
8. a kind of client, which is characterized in that the client, comprising:
Communication request module, for generating the private key of client and the public key of client, and to server send for request with
The server establishes the request message of communication, and the request message includes at least the public key of the client;
The shared key generation module of client, for obtaining the current public key of the pre-stored server, according to described
The current public key of the private key of client and the server generates the shared secret key of the client;
Response message receiving module establishes the response message of communication for receiving the agreement that the server is sent, according to described
Response message described in the shared secret key pair of client is decrypted and to the subsequent request message for being sent to the server
It is encrypted, with the secured communication channel established between the client and the server.
9. client according to claim 8, which is characterized in that the communication request module, it is random for selection one
Private key of the number as the client, and meet XA< p, the calculation formula for generating the public key of the client areWherein, XA、YAIt is the private key of the client and the public key of the client respectively, p, g are open join
Number, p is prime number, and g is integer, and g is a primitive root of p.
10. client according to claim 8, which is characterized in that the shared key generation module of the client, for giving birth to
Calculation formula at the shared secret key of the client is Wherein, K is the client
Shared secret key, YBIt is the current public key of the server, XAIt is the private key of the client, mod is modulus operation, and p is public
Open parameter.
11. client according to claim 8, which is characterized in that the client, further includes:
Module is inquired, for sending to the server for inquiring whether the server needs to update the inquiry of current public key
Request message, the inquiry request message include at least the current public key information of the server;
New public key receiving module receives the server and sends if needing to update the current public key for the server
The current public key of update response message, the response message includes at least the new public key of the server;
Replacement module, for the new public key of the server to be replaced to the current public key of the server, and according to the visitor
The new public key of the private key at family end and the server generates the new shared secret key of the client, according to the client
The subsequent response message that server described in the new shared secret key pair at end is sent is decrypted and to described in subsequent is sent to
The request message of server is encrypted, to establish the new secured communication channel between the client and the server.
12. client according to claim 11, which is characterized in that the current public key information of the server includes described
At least one of the sequence number of the current public key or current public key of server.
13. client according to claim 8, which is characterized in that the client, further includes:
New public key receiving module, for receiving the response message for the current public key of update that the server is sent, the response report
Text includes at least the new public key of the server, and the new public key of the server is replaced to the current public affairs of the server
Key, and it is close according to the new shared secret that the new public key of the private key of the client and the server generates the client
Key is decrypted and right according to the subsequent response message that server described in the new shared secret key pair of the client is sent
The subsequent request message for being sent to the server is encrypted, new between the client and the server to establish
Secured communication channel.
14. client according to claim 8, which is characterized in that
The communication request module, further includes: inquiry module, for sending to server for inquiring whether the server needs
The inquiry request message of current public key is updated, the current public key that the inquiry request message includes at least the server is believed
Breath;
The response message receiving module establishes the response message of communication for receiving the agreement that the server is sent, described
The new public key of the server is included at least in response message;
The shared key generation module of the client is also used to the new public key of the server replacing the server
Current public key, and the new of the client is generated according to the new public key of the private key of the client and the server and is shared
Privacy key, the subsequent response message sent according to server described in the new shared secret key pair of the client are solved
It is close and the subsequent request message for being sent to the server is encrypted, to establish between the client and the server
New secured communication channel.
15. a kind of secured communication channel method for building up, which is characterized in that the secured communication channel method for building up, comprising:
Receive the request message for requesting to communicate with server foundation that client is sent, wherein the request message is at least
Public key including the client, the client are previously stored with the current public key of the server;
The server is generated according to the public key of private key corresponding with the current public key of the server and the client
Current shared privacy key;
The response message for agreeing to establish communication is generated, according to the current shared privacy key of the server to the response message
Encrypt and the request message of receipt of subsequent is decrypted, and sends encrypted response message to the client, with
Establish the secured communication channel between the client and the server.
16. secured communication channel method for building up according to claim 15, which is characterized in that according to the private of the server
Key and the public key of the client generate the current shared privacy key of the server, comprising:
The calculation formula for generating the current shared privacy key of the server isWherein, K is institute
State the current shared privacy key of server, XBIt is the public key of the client, YAIt is the private key of the server, mod is modulus
Operation, p are open parameters.
17. secured communication channel method for building up according to claim 15, which is characterized in that generate and agree to establish communication
Response message carries out encryption to the response message according to the current shared privacy key of the server and to receipt of subsequent
Request message is decrypted, and encrypted response message is sent to the client, to establish the client and the clothes
After secured communication channel between business device, comprising:
Receive that the client sends for inquiring whether the server needs to update the inquiry request message of current public key,
The inquiry request message includes at least the current public key information of the server;
If desired the public key is updated, then generates the new public key and new private key of the server, and according to the server
New private key and the public key of the client generate the new shared secret key of the server;
The response message for updating current public key is generated, according to the current shared privacy key of the server to the response message
It is encrypted, and sends the response message of the encrypted current public key of update to the client, and according to the server
New shared secret key pair subsequent response message encrypt and the request message of receipt of subsequent is decrypted, to establish
The new secured communication channel between client and the server is stated, the response message for updating current public key includes at least
The new public key of the server.
18. secured communication channel method for building up according to claim 17, which is characterized in that the current public affairs of the server
Key information includes at least one of the current public key of the server or the sequence number of current public key.
19. secured communication channel method for building up according to claim 15, which is characterized in that receive the use that client is sent
After requesting to establish the request message communicated with server, comprising:
Receive that the client sends for inquiring whether the server needs to update the inquiry request message of current public key,
The inquiry request message includes at least the current public key information of the server;
The new shared secret for generating the server according to the public key of the new private key of the server and the client is close
Key;
The response message for agreeing to establish communication is generated, according to the current shared privacy key of the server to the response message
It is encrypted, and sends encrypted response message to the client, it is described to agree to establish in the response message of communication at least
New public key including the server, and carried out according to the new shared secret key pair subsequent response message of the server
Encryption and the request message of receipt of subsequent is decrypted, the client is according to the private key and the server of the client
New public key generate the new shared secret key of the client.
20. a kind of server, which is characterized in that the server, comprising:
Request message receiving module, for receiving the request message for requesting to communicate with server foundation of client transmission,
Wherein, the request message includes at least the public key of the client, and the client is previously stored with working as the server
Preceding public key;
Key production module, for the public key according to corresponding with the current public key of the server private key and the client
Generate the current shared privacy key of the server;
Response message sending module, for generating the response message for agreeing to establish communication, according to the current shared of the server
Privacy key encrypt and the request message of receipt of subsequent is decrypted to the response message, and sends out to the client
Encrypted response message is sent, with the secured communication channel established between the client and the server.
21. server according to claim 20, which is characterized in that the response message sending module, for generating
The calculation formula for stating the current shared privacy key of server is Wherein, K is the server
Current shared privacy key, XBIt is the public key of the client, YAIt is the private key of the server, mod is modulus operation, and p is public
Open parameter.
22. server according to claim 20, which is characterized in that the server, further includes:
Inquiry request receiving module, for receiving working as inquiring whether the server needs to update for the client transmission
The inquiry request message of preceding public key, the inquiry request message include at least the current public key information of the server;
New public key generation module, for if desired updating the public key, then generate the server new public key and new private
Key, and it is close according to the new shared secret that the new private key of the server and the public key of the client generate the server
Key;
New public key sending module, for generating the response message for updating current public key, the current shared according to the server is secret
Response message described in close key pair is encrypted, and the response report of the encrypted current public key of update is sent to the client
Text, and encryption and request to receipt of subsequent are carried out according to the new shared secret key pair subsequent response message of the server
Message is decrypted, described to update currently to establish the new secured communication channel between the client and the server
The response message of public key includes at least the new public key of the server.
23. server according to claim 22, which is characterized in that the current public key information of the server includes described
At least one of the sequence number of the current public key or current public key of server.
24. server according to claim 20, which is characterized in that
The request message receiving module, further includes: inquiry receiving module, for receiving that the client sends for inquiring
Whether the server needs to update the inquiry request message of current public key, and the inquiry request message includes at least the service
The current public key information of device;
The key production module is also used to according to the new private key of the server and the generation of the public key of the client
The new shared secret key of server;
The server, further includes: new public key sending module, for generating the response message for agreeing to establish communication, according to described
The current shared privacy key of server encrypts the response message, and encrypted response is sent to the client
Message, it is described to agree to establish the new public key that the server is included at least in the response message of communication, and according to the service
The new shared secret key pair subsequent response message of device encrypt and the request message of receipt of subsequent is decrypted, described
Client generates the new shared secret of the client according to the private key of the client and the new public key of the server
Key.
25. a kind of secured communication channel establishes system, comprising: client and server;
The client includes the shared key generation module of communication request module, response message receiving module and client;
The server includes request message receiving module, key production module and response message sending module;
Communication request module, for generating the private key of client and the public key of client, and to server send for request with
The server establishes the request message of communication, and the request message includes at least the public key of the client;
Request message receiving module, for receiving the request message for requesting to communicate with server foundation of client transmission;
The shared key generation module of client, for obtaining the current public key of the pre-stored server, according to described
The current public key of the private key of client and the server generates the shared secret key of the client;
Key production module, for generating the private key of the server and the current public key of the server, according to the service
The private key of device and the public key of the client generate the current shared privacy key of the server;
Response message sending module, for being added according to the current shared privacy key of the server to the response message
It is close and the request message of receipt of subsequent is decrypted, and encrypted response message is sent to the client, to establish
State the secured communication channel between client and the server;
Response message receiving module establishes the response message of communication for receiving the agreement that the server is sent, according to described
Response message described in the shared secret key pair of client is decrypted and to the subsequent request message for being sent to the server
It is encrypted, with the secured communication channel established between the client and the server.
26. secured communication channel according to claim 25 establishes system, which is characterized in that the client, further includes:
Inquire module, new public key receiving module and replacement module;The server, further includes: inquiry request receiving module, new public key
Generation module and new public key sending module;
The inquiry module, for sending to the server for inquiring whether the server needs to update current public key
Inquiry request message, the inquiry request message include at least the current public key information of the server;
The inquiry request receiving module, for receiving that the client sends for inquiring whether the server needs more
The inquiry request message of new current public key;
The new public key generation module then generates the new public key of the server and new for if desired updating the public key
Private key, and according to the new private key of the server and the public key of the client generate the server it is new share it is secret
Key;
New public key sending module, for generating the response message for updating current public key, the current shared according to the server is secret
Response message described in close key pair is encrypted, and the response report of the encrypted current public key of update is sent to the client
Text, and encryption and request to receipt of subsequent are carried out according to the new shared secret key pair subsequent response message of the server
Message is decrypted, and to establish the new secured communication channel between the client and the server, updates current public key
Response message include at least the server new public key;
The new public key receiving module, for receiving the response message for the current public key of update that the server is sent;
The replacement module, for the new public key of the server to be replaced to the current public key of the server, and according to institute
The new public key of the private key and the server of stating client generates the new shared secret key of the client, according to described
The subsequent response message that server described in the new shared secret key pair of client is sent is decrypted and is sent to subsequent
The request message of the server is encrypted.
27. secured communication channel according to claim 25 establishes system, which is characterized in that
The communication request module of the client, further includes: inquiry module, the inquiry module are used to be used for server transmission
Inquire whether the server needs to update the inquiry request message of current public key, the inquiry request message includes at least described
The current public key information of server;
The request message receiving module, further includes: inquiry receiving module, for receiving that the client sends for inquiring
Whether the server needs to update the inquiry request message of current public key;
The key production module is also used to according to the new private key of the server and the generation of the public key of the client
The new shared secret key of server;
The server further include: new public key sending module, for generating the response message for agreeing to establish communication, according to the clothes
The current shared privacy key of business device encrypts response message, and encrypted response message is sent to the client,
Agree to establish the new public key for including at least the server in the response message of communication, and is total to according to the new of the server
It enjoys privacy key and subsequent response message encrypt and the request message of receipt of subsequent is decrypted;
The response message receiving module establishes the response message of communication for receiving the agreement that the server is sent, described
Agree to establish the new public key that the server is included at least in the response message of communication;
The shared key generation module of the client is also used to the new public key of the server replacing the server
Current public key, and the new of the client is generated according to the new public key of the private key of the client and the server and is shared
Privacy key is decrypted and according to the new subsequent response message of shared secret key pair of the client to subsequent transmission
It is encrypted to the request message of the server, to establish the new secure communication between the client and the server
Channel.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410230794.0A CN105141568B (en) | 2014-05-28 | 2014-05-28 | Secured communication channel method for building up and system, client and server |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410230794.0A CN105141568B (en) | 2014-05-28 | 2014-05-28 | Secured communication channel method for building up and system, client and server |
Publications (2)
Publication Number | Publication Date |
---|---|
CN105141568A CN105141568A (en) | 2015-12-09 |
CN105141568B true CN105141568B (en) | 2019-02-12 |
Family
ID=54726778
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201410230794.0A Active CN105141568B (en) | 2014-05-28 | 2014-05-28 | Secured communication channel method for building up and system, client and server |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN105141568B (en) |
Families Citing this family (19)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9705859B2 (en) * | 2015-12-11 | 2017-07-11 | Amazon Technologies, Inc. | Key exchange through partially trusted third party |
CN107294703A (en) * | 2016-03-30 | 2017-10-24 | 南京皓都臻信网络科技有限公司 | A kind of mobile Internet instant messaging safe encryption method |
CN111585749B (en) * | 2016-10-26 | 2023-04-07 | 创新先进技术有限公司 | Data transmission method, device, system and equipment |
EP4329352A2 (en) * | 2016-11-03 | 2024-02-28 | ResMed, Inc. | Secure networked respiratory therapy systems |
CN106533662A (en) * | 2016-11-03 | 2017-03-22 | 北京奇虎科技有限公司 | Methods and devices for transmitting network safety secret key |
CN106789022B (en) * | 2016-12-28 | 2021-03-09 | 上海榉树智能科技有限公司 | Method, device and system for generating shared key |
CN107483505B (en) * | 2017-09-29 | 2020-10-16 | 武汉斗鱼网络科技有限公司 | Method and system for protecting user privacy in video chat |
CN108040269A (en) * | 2017-12-18 | 2018-05-15 | 西安邮电大学 | A kind of method and system of video monitoring system key agreement, computer |
CN108667933A (en) * | 2018-05-11 | 2018-10-16 | 星络科技有限公司 | Device and communication system are established in connection method for building up, connection |
CN108810173B (en) * | 2018-07-27 | 2022-02-25 | 五八有限公司 | File synchronization method, device, equipment and computer readable storage medium |
CN110839240B (en) * | 2018-08-17 | 2022-07-05 | 阿里巴巴集团控股有限公司 | Method and device for establishing connection |
CN110855597B (en) * | 2018-08-20 | 2022-08-09 | 京东科技控股股份有限公司 | Message transmission method, server and client |
CN109547471B (en) * | 2018-12-24 | 2021-10-26 | 武汉船舶通信研究所(中国船舶重工集团公司第七二二研究所) | Network communication method and device |
CN110505531B (en) * | 2019-07-02 | 2021-04-16 | 杭州海康威视数字技术股份有限公司 | Media data transmission system, method and device |
CN111192050B (en) * | 2019-12-31 | 2023-08-11 | 成都库珀创新科技有限公司 | Digital asset private key storage and extraction method and device |
CN112202792A (en) * | 2020-09-30 | 2021-01-08 | 京东数字科技控股股份有限公司 | Communication method and device for establishing long connection between client and server |
CN112187832A (en) * | 2020-11-03 | 2021-01-05 | 北京指掌易科技有限公司 | Data transmission method and electronic equipment |
CN115664836B (en) * | 2022-11-07 | 2023-10-03 | 海光信息技术股份有限公司 | Data transmission method, device, computer equipment and storage medium |
CN116340954B (en) * | 2023-03-24 | 2024-01-23 | 合芯科技有限公司 | Data security channel establishment method, system control processor and starting firmware |
Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2005078988A1 (en) * | 2004-02-11 | 2005-08-25 | Telefonaktiebolaget Lm Ericsson (Publ) | Key management for network elements |
CN101132281A (en) * | 2007-09-18 | 2008-02-27 | 刘亚梅 | Network security authentication system for preventing key from stealing |
CN101340443A (en) * | 2008-08-28 | 2009-01-07 | 中国电信股份有限公司 | Session key negotiating method, system and server in communication network |
CN101388770A (en) * | 2008-10-20 | 2009-03-18 | 华为技术有限公司 | Method, server and customer apparatus for acquiring dynamic host configuration protocol cipher |
CN101459506A (en) * | 2007-12-14 | 2009-06-17 | 华为技术有限公司 | Cipher key negotiation method, system, customer terminal and server for cipher key negotiation |
CN101541001A (en) * | 2009-04-28 | 2009-09-23 | 刘建 | Method and system for updating base key |
CN101720071A (en) * | 2009-12-01 | 2010-06-02 | 郑州信大捷安信息技术有限公司 | Short message two-stage encryption transmission and secure storage method based on safety SIM card |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP5390844B2 (en) * | 2008-12-05 | 2014-01-15 | パナソニック株式会社 | Key distribution system and key distribution method |
-
2014
- 2014-05-28 CN CN201410230794.0A patent/CN105141568B/en active Active
Patent Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2005078988A1 (en) * | 2004-02-11 | 2005-08-25 | Telefonaktiebolaget Lm Ericsson (Publ) | Key management for network elements |
CN101132281A (en) * | 2007-09-18 | 2008-02-27 | 刘亚梅 | Network security authentication system for preventing key from stealing |
CN101459506A (en) * | 2007-12-14 | 2009-06-17 | 华为技术有限公司 | Cipher key negotiation method, system, customer terminal and server for cipher key negotiation |
CN101340443A (en) * | 2008-08-28 | 2009-01-07 | 中国电信股份有限公司 | Session key negotiating method, system and server in communication network |
CN101388770A (en) * | 2008-10-20 | 2009-03-18 | 华为技术有限公司 | Method, server and customer apparatus for acquiring dynamic host configuration protocol cipher |
CN101541001A (en) * | 2009-04-28 | 2009-09-23 | 刘建 | Method and system for updating base key |
CN101720071A (en) * | 2009-12-01 | 2010-06-02 | 郑州信大捷安信息技术有限公司 | Short message two-stage encryption transmission and secure storage method based on safety SIM card |
Also Published As
Publication number | Publication date |
---|---|
CN105141568A (en) | 2015-12-09 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN105141568B (en) | Secured communication channel method for building up and system, client and server | |
KR101491392B1 (en) | Indirect device communication | |
WO2018137351A1 (en) | Method, relevant device and system for processing network key | |
CN104768153B (en) | Send, receive the method and its wifi terminals of network configuration information | |
WO2018049892A1 (en) | Data transmission method and apparatus, and terminal | |
CN101826897A (en) | Method, device and system for realizing communication between mobile terminal and PC | |
CN113613197B (en) | Pairing method and device for vehicle and digital key | |
WO2010023506A1 (en) | Methods, apparatuses, computer program products, and systems for providing secure pairing and association for wireless devices | |
WO2021104448A1 (en) | Method for synchronizing key information, system and device | |
JP2016519873A (en) | Establishing secure voice communication using a generic bootstrapping architecture | |
WO2019079971A1 (en) | Method for group communication, and apparatus, computer storage medium, and computer device | |
US9949122B2 (en) | Challenge-response-test image to phone for secure pairing | |
CN102420642A (en) | Bluetooth device and communication method thereof | |
CN106878277B (en) | Method and device for realizing voice encryption based on DMR standard | |
US9049592B2 (en) | Techniques for key derivation for secure communication in wireless mesh networks | |
CN108111506A (en) | VOIP encryption call methods and terminal | |
CN114697879A (en) | Bluetooth pairing method, electronic device, chip and storage medium | |
CN112260832A (en) | Information encryption, decryption and control method and device and electronic equipment | |
CN106095132B (en) | Playback equipment keypress function setting method and device | |
CN105340353B (en) | Device-to-device communication security | |
WO2018040805A1 (en) | Method for establishing association in wireless local area network, terminal and access point | |
CN114553612A (en) | Data encryption and decryption method and device, storage medium and electronic equipment | |
EP3796584B1 (en) | Improved physical layer security in wireless networks | |
CN109495982B (en) | Communication method and device and readable storage medium | |
CN104052783B (en) | Application program for the device in network connects |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
TR01 | Transfer of patent right |
Effective date of registration: 20210928 Address after: 518057 Tencent Building, No. 1 High-tech Zone, Nanshan District, Shenzhen City, Guangdong Province, 35 floors Patentee after: TENCENT TECHNOLOGY (SHENZHEN) Co.,Ltd. Patentee after: TENCENT CLOUD COMPUTING (BEIJING) Co.,Ltd. Address before: 2, 518044, East 403 room, SEG science and Technology Park, Zhenxing Road, Shenzhen, Guangdong, Futian District Patentee before: TENCENT TECHNOLOGY (SHENZHEN) Co.,Ltd. |
|
TR01 | Transfer of patent right |