CN105141568B

CN105141568B - Secured communication channel method for building up and system, client and server

Info

Publication number: CN105141568B
Application number: CN201410230794.0A
Authority: CN
Inventors: 于东海
Original assignee: Tencent Technology Shenzhen Co Ltd
Current assignee: Tencent Technology Shenzhen Co Ltd; Tencent Cloud Computing Beijing Co Ltd
Priority date: 2014-05-28
Filing date: 2014-05-28
Publication date: 2019-02-12
Anticipated expiration: 2034-05-28
Also published as: CN105141568A

Abstract

The embodiment of the invention discloses a kind of secured communication channel method for building up and systems, client and server, belong to communication security processing technology field.The method comprise the steps that generating the private key of client and the public key of client, and send to server for requesting to establish the request message communicated with server, request message includes at least the public key of client；The current public key for obtaining pre-stored server generates the shared secret key of client according to the current public key of the private key and server of client；The response message that communication is established in the agreement that server is sent is received, is decrypted according to the shared secret key pair response message of client and the subsequent request message for being sent to server is encrypted, to establish the secured communication channel between client and server.The present invention obtains the current public key of pre-stored server by client, sends its public key to client without server, so avoids third-party attack, improve the safety of communication.

Description

Secured communication channel method for building up and system, client and server

Technical field

The present invention relates to communication security processing technology field, in particular to a kind of secured communication channel method for building up and it is System, client and server.

Background technique

Internet and communication network have obtained swift and violent development in the world in recent years, its life style to the mankind Strong influence and change are produced, and the following Network Information Security Problem just becomes more and more important.Network hacker, The appearance of the means such as virus, information stealth and interference, makes the information security of network communication both sides face serious provocation.For this person Generally use Diffie-Hellman key exchange method to establish the communication channel between communicating pair.

The process of the communication channel between client and server is established using Diffie-Hellman Diffie-Hellman Usually: firstly, user end to server send for request with the request message that communicates of server foundation, in this request message The public key of client is carried, server sends to client after the request message for receiving client transmission and agrees to that foundation is logical The response message of letter carries the current public key of server in this response message, meanwhile, current public affairs of the client also according to server Key generates shared secret key, and server generates shared secret key also according to the public key that client is sent, can so establish Communication channel between client and server.It is close to be all made of shared secret in subsequent communicated for client and server Key encrypts the message of transmission, and is decrypted according to the received message of shared secret key pair.

In the implementation of the present invention, inventor has found background technique the prior art has at least the following problems: due to using at present The method that Diffie-Hellman Diffie-Hellman establishes communication channel, server is in the response message for being sent to client Its public key is carried, in this way, third-party attack is highly susceptible to, for example, third party can intercept and capture and parse the response message The current public key of server is got, and forges the current public key of server and client is communicated.In addition, client is to clothes When business device sends request message, third party is it is also possible to intercept and capture the public key of client entrained in request message, and forge visitor The public key and server at family end are communicated, in this way, third party plays the part of server and server communication when with client communication When play the part of client, third party can intercept and capture and arbitrarily forward that client issues the message of server or server issues client The message at end, distorts message as needed in communication process so that client and server do not know they and third Fang Jinhang communication, in this way, will result in the complete leakage of the communication information between client and server, not can guarantee communication security Property.

Summary of the invention

The present invention provides a kind of secured communication channel method for building up and system, client and server, existing to solve The problems such as communication channel method for building up safety is low.

The technical solution is as follows:

In a first aspect, the embodiment of the invention provides a kind of secured communication channel method for building up, the secured communication channel Method for building up, comprising: generate the private key of client and the public key of client, and send to server for requesting to build with server The request message of vertical communication, request message include at least the public key of client；The current public key of pre-stored server is obtained, The shared secret key of client is generated according to the current public key of the private key and server of client；Receive the same of server transmission Meaning establishes the response message of communication, is decrypted according to the shared secret key pair response message of client and is sent to subsequent The request message of server is encrypted, to establish the secured communication channel between client and server.

Second aspect, the embodiment of the invention provides a kind of client, the client, comprising: communication request module, sound Answer the shared key generation module of message receiving module and client；Communication request module, for generating the private key of client With the public key of client, and to server send for request with the request message that communicates of server foundation, request message is at least Public key including client；The shared key generation module of client, for obtaining the current public key of pre-stored server, The shared secret key of client is generated according to the current public key of the private key and server of client；Response message receiving module, The response message of communication is established in agreement for receiving server transmission, according to the shared secret key pair response message of client It is decrypted and the subsequent request message for being sent to server is encrypted, to establish the safety between client and server Communication channel.

The third aspect, the embodiment of the invention provides a kind of secured communication channel method for building up, the secured communication channels Method for building up, comprising: receive the request message for requesting to communicate with server foundation that client is sent, wherein request report Text includes at least the public key of client；The current public key for generating the private key and server of server, according to the private key of server and The public key of client generates the current shared privacy key of server；The response message for agreeing to establish communication is generated, according to service The current shared privacy key of device encrypt and the request message of receipt of subsequent is decrypted to response message, and to client End sends encrypted response message, to establish the secured communication channel between client and server.

Fourth aspect, the embodiment of the invention provides a kind of server, the server, comprising: request message receives mould Block, key production module and response message sending module；Request message receiving module, for receiving being used for for client transmission It requests to establish the request message communicated with server, wherein request message includes at least the public key of client；Key generates mould Block, the current public key of the private key and server for generating server are generated according to the private key of server and the public key of client The current shared privacy key of server；Response message sending module, for the current shared privacy key pair according to server Response message encrypt and the request message of receipt of subsequent is decrypted, and encrypted response report is sent to client Text, with the secured communication channel established between client and the server.

5th aspect, the embodiment of the invention provides a kind of secured communication channels to establish system, the secured communication channel Establish system, comprising: client and server；Client includes communication request module, response message receiving module and client The shared key generation module at end；Server includes the shared of request message receiving module, key production module and server Key production module；Communication request module for generating the private key of client and the public key of client, and sends to server and uses The request message communicated is established with server in request, request message includes at least the public key of client；Request message receives mould Block, for receiving the request message for requesting to communicate with server foundation of client transmission；The shared key of client is raw At module, for obtaining the current public key of the pre-stored server, according to the private key of the client and the service The current public key of device generates the shared secret key of the client；Key production module, for generating the private of the server The current public key of key and the server generates the server according to the private key of the server and the public key of the client Current shared privacy key；Response message sending module, for the current shared privacy key according to the server to institute It states response message encrypt and the request message of receipt of subsequent is decrypted, and sends encrypted sound to the client Message is answered, with the secured communication channel established between the client and the server；Response message receiving module, for connecing The response message that communication is established in the agreement that the server is sent is received, is rung according to the shared secret key pair of the client Message is answered to be decrypted and encrypt to the subsequent request message for being sent to the server, to establish the client and institute State the secured communication channel between server.

Technical solution provided in an embodiment of the present invention has the benefit that

By the way that when server is agreed to communicate with client foundation, client can obtain pre-stored server Current public key sends its public key to client again without server.It solves existing communication channel method for building up and causes visitor The complete leakage of the communication information between family end and server, the problems such as not can guarantee communications security, the embodiment of the present invention can Third-party attack is avoided, the safety of communication is promoted.

The above description is only an overview of the technical scheme of the present invention, in order to better understand the technical means of the present invention, And it can be implemented in accordance with the contents of the specification, and in order to allow above and other objects, features and advantages of the invention can It is clearer and more comprehensible, it is special below to lift preferred embodiment, and cooperate attached drawing, detailed description are as follows.

Detailed description of the invention

Figure 1A is the flow chart for the secured communication channel method for building up that first embodiment of the invention provides；

Figure 1B is the schematic diagram that client and server establishes communication channel；

Fig. 2A is the flow chart for the secured communication channel method for building up that second embodiment of the invention provides；

Fig. 2 B is the schematic diagram of the current public key of server update after client and server establishes communication channel；

Fig. 3 is the flow chart for the secured communication channel method for building up that third embodiment of the invention provides；

Fig. 4 A is the flow chart for the secured communication channel method for building up that fourth embodiment of the invention provides；

Fig. 4 B is that client and server is established in communication channel, the schematic diagram of the current public key of server update；

Fig. 5 is the main frame block diagram for the client that fifth embodiment of the invention provides；

Fig. 6 is the main frame block diagram for the client that sixth embodiment of the invention provides；

Fig. 7 is the main frame block diagram for the client that seventh embodiment of the invention provides；

Fig. 8 is the main frame block diagram for the client that eighth embodiment of the invention provides；

Fig. 9 is the flow chart for the secured communication channel method for building up that ninth embodiment of the invention provides；

Figure 10 is the flow chart for the secured communication channel method for building up that tenth embodiment of the invention provides；

Figure 11 is the flow chart for the secured communication channel method for building up that eleventh embodiment of the invention provides；

Figure 12 is the main frame block diagram for the server that twelveth embodiment of the invention provides；

Figure 13 is the main frame block diagram for the server that thriteenth embodiment of the invention provides；

Figure 14 is the main frame block diagram for the server that fourteenth embodiment of the invention provides；

Figure 15 is the main frame block diagram that the secured communication channel that fifteenth embodiment of the invention provides establishes system；

Figure 16 is the main frame block diagram that the secured communication channel that sixteenth embodiment of the invention provides establishes system；

Figure 17 is the main frame block diagram that the secured communication channel that seventeenth embodiment of the invention provides establishes system；

Figure 18 is a kind of structural block diagram of client.

Specific embodiment

It is of the invention to reach the technical means and efficacy that predetermined goal of the invention is taken further to illustrate, below in conjunction with Attached drawing and preferred embodiment, to secured communication channel method for building up proposed according to the present invention and system, client and server Its specific embodiment, structure, feature and effect, detailed description is as follows.

For the present invention aforementioned and other technology contents, feature and effect refer to the preferable reality of schema in following cooperation Applying can clearly be presented in example detailed description.By the explanation of specific embodiment, when predetermined mesh can be reached to the present invention The technical means and efficacy taken be able to more deeply and it is specific understand, however institute's accompanying drawings are only to provide with reference to and say It is bright to be used, it is not intended to limit the present invention.

First embodiment

Figure 1A is please referred to, it illustrates the processes for the secured communication channel method for building up that first embodiment of the invention provides Figure.This method can be as the secured communication channel establishment process performed by client；The secured communication channel method for building up, can Include the following steps 101-105:

Step 101, the private key of client and the public key of client are generated, and is sent to server for request and server The request message of communication is established, request message includes at least the public key of client.

By taking client and server is communicated as an example, as shown in Figure 1B, in step 101, client can choose one Private key of the random number as client, and meet X_A< p, and according to the private key X of client_AThe public key of client is generated, visitor is generated The calculation formula of the public key at family end can beWherein, X_A、Y_AIt is the private key and client of client respectively Public key, p, g are open parameters, and open parameter p, g can be arranged in advance by server and client side, can also be at this Client is arranged (as shown in Figure 1B) when sending request message, for example, p can be a prime number, g is an integer, and g is A primitive root of p.In addition, client can private key X to client_ASecrecy storage and by the public key Y of client_AIt is sent to clothes Business device.

Step 103, the current public key for obtaining pre-stored server, according to the current of the private key and server of client The current shared privacy key of public key generation client.

The current public key of server can be stored in advance in the memory of client, send out its public key without server Client is given, can so prevent third party from intercepting the current public key of server, to promote communications security.

The calculation formula that client generates shared secret key can beWherein, K is client The shared secret key at end, Y_BIt is the current public key of server, X_AIt is the private key of client, mod is modulus operation, and p is open joins Number.

As shown in Figure 1B, client is secret according to sharing for the current public key of the private key and server of client generation client Key.

Step 105, the response message that communication is established in the agreement that server is sent is received, it is close according to the shared secret of client Key is decrypted response message and encrypts to the subsequent request message for being sent to server, to establish client and service Secured communication channel between device.

If server receive client transmission for request with after the request message that communicates of server foundation, and together Meaning establishes communication therewith, then server will be sent to response message (as shown in Figure 1B) (this that client agrees to establish communication Response message is encrypted using the current shared privacy key of server), it can so establish client and server Between secured communication channel, client and server in subsequent communicated, be also all made of shared secret key pair transmission Message encrypted, and be decrypted according to the received message of shared secret key pair.

In conclusion secured communication channel method for building up provided in this embodiment, by server agreement and client When establishing communication, client can obtain the current public key of pre-stored server, without server again to client Send its current public key.It solves existing communication channel method for building up and causes the complete of the communication information between client and server The problems such as leaking entirely, not can guarantee communications security, the embodiment of the present invention can be avoided third-party attack, promote the peace of communication Quan Xing.

Second embodiment

Fig. 2A is please referred to, it illustrates the processes for the secured communication channel method for building up that second embodiment of the invention provides Figure.This method can be as the secured communication channel establishment process performed by client；Itself and secured communication channel shown in figure 1A Method for building up is similar, the difference is that, in the present embodiment, client can inquire whether server needs to update current public affairs It can also include: step 201-205 after key, the i.e. step 105 of Figure 1A.

Step 201, it sends to server for inquiring whether server needs to update the inquiry request message of current public key, Inquiry request message includes at least the current public key information of server, if desired updates, then carries out step 203, if not needing more Newly, then step 206 is carried out.

As shown in Figure 2 B, client can be sent to server for inquiring whether server needs to update current public key Inquiry request message.The current public key information of server may include the current public key Y of server_BOr the current public key of server Y_BThe information such as sequence number.Sequence number can be serial number, the code name etc. of current public key.

Step 203, if server needs to update current public key, the response of the current public key of update of server transmission is received Message, response message include at least the new public key of server.

If server needs to update current public key, server sends new public key to client, and client then receives clothes The server that business device is sent carries the response message (as shown in Figure 2 B) of new public key, this response message is secret using current shared What key was encrypted.

Step 205, by the current public key of the new public key replacement server of server, and according to the private key kimonos of client The new public key of business device generates the new shared secret key of client, according to the new shared secret key pair service of client The subsequent response message that device is sent is decrypted and encrypts to the subsequent request message for being sent to server, to establish client New secured communication channel between end and server.

As shown in Figure 2 B, after client receives new public key, i.e., the current public key of replaceable server is subsequent to resettle peace When full communication channel, the new public key of server is just used, i.e., client is generated using the private key of new public key and client The new shared secret key at end, establishes the new secured communication channel between client and server.Client and server In subsequent communicated, it is all made of the message that new shared secret key pair is sent and is encrypted, and is secret according to new sharing The close received message of key pair is decrypted.

Step 206, what reception server was sent does not need to update the response message of current public key.

Wherein, this response message is encrypted using current shared privacy key.

In conclusion secured communication channel method for building up provided in this embodiment, can also be sent out by user end to server Send inquiry server when whether needing to update the inquiry request of current public key, server can be according to inquiry request and by update Public key is sent to client, so that current public key of the client to server is updated.In this way, server can be according to client End demand and update its current public key and private key, to ensure that the safety of communication.

3rd embodiment

Referring to FIG. 3, the flow chart of the secured communication channel method for building up provided it illustrates third embodiment of the invention. This method can be as the secured communication channel establishment process performed by client；It is established with secured communication channel shown in figure 1A Method is similar, the difference is that, in the present embodiment, server can voluntarily update current public key, and new public key is sent out Client is given, inquiry is carried out without client and is just updated current public key, i.e., can also be wrapped after the step 105 of Figure 1A It includes: step 301.

Step 301, the response message for the current public key of update that server is sent is received, response message includes at least server New public key, by the current public key of the new public key replacement server of server, and according to the private key and server of client New public key generate the new shared secret key of client, sent out according to the new shared secret key pair server of client The subsequent response message sent is decrypted and encrypts to the subsequent request message for being sent to server, with establish client and New secured communication channel between server.

After client receives new public key, i.e., the current public key of replaceable server is subsequent to resettle secured communication channel When, the new public key of server is just used, i.e., the new of client is generated using the private key of new public key and client and is total to Privacy key is enjoyed, to establish the new secured communication channel between client and server.

It, can also automatically will more by server in conclusion secured communication channel method for building up provided in this embodiment New public key is sent to client, so that current public key of the client to server is updated.In this way, server can be automatic Its current public key and private key are updated, to ensure that the safety of communication.

Fourth embodiment

Fig. 4 A is please referred to, it illustrates the processes for the secured communication channel method for building up that fourth embodiment of the invention provides Figure.This method can be as the secured communication channel establishment process performed by client；Itself and secured communication channel shown in figure 1A Method for building up is similar, the difference is that, in the present embodiment, when beginning setting up communication channel, client can be inquired Whether server will update current public key, i.e., can also include: step 401 after the step 101 of Figure 1A, the step 103 and 105 could alternatively be step 403 and 405 respectively.

Step 401, it sends to server for inquiring whether server needs to update the inquiry request message of current public key, Inquiry request message includes at least the current public key information of server, if desired updates, then carries out step 403；

As shown in Figure 4 B, client can also send inquiry request to server when sending request message to server Message, the current public key information of server include the current public key Y of server_BOr current public key Y_BSequence number at least within One of.Wherein step 401 and step 101 can also carry out simultaneously, if server needs to update, can be generated new public key and Private key, and the new public key of server is sent to client.

Step 403, the response message that communication is established in the agreement that server is sent is received, includes at least service in response message The new public key of device；

Step 405, by the current public key of the new public key replacement server of server, and according to the private key kimonos of client The new public key of business device generates the new shared secret key of client, according to the new shared secret key pair service of client The subsequent response message that device is sent is decrypted and encrypts to the subsequent request message for being sent to server, to establish client New secured communication channel between end and server.

As shown in Figure 4 B, after client receives new public key, i.e., the current public key of replaceable server is subsequent to resettle peace When full communication channel, the new public key of server is just used, i.e., client is generated using the private key of new public key and client The new shared secret key at end, establishes the new secured communication channel between client and server.Client and server In subsequent communicated, it is all made of the message that new shared secret key pair is sent and is encrypted, and is secret according to new sharing The close received message of key pair is decrypted.

In conclusion secured communication channel method for building up provided in this embodiment, can also establish in server and client side During communication channel, whether client inquiry server updates the current public key of server, and server can be asked according to inquiry It asks and the public key of update is sent to client, so that current public key of the client to server is updated.In this way, server Its current public key and private key can be updated during establishing communication channel with client, to ensure that the safety of communication Property.

The following are the embodiments of client of the invention, the details of not detailed description, Ke Yican in client embodiment It is admitted to and states corresponding first to fourth embodiment of secured communication channel method for building up.

5th embodiment

Referring to FIG. 5, the main frame block diagram of the client provided it illustrates fifth embodiment of the invention.The client End, comprising: the shared key generation module 503 and response message receiving module 505 of communication request module 501, client.

Specifically, communication request module 501, for generating the private key of client and the public key of client, and to server It sends for requesting to establish the request message communicated with server, request message includes at least the public key of client；

Communication request module 501 can choose private key of the random number as client, and meet X_A< p generates visitor The calculation formula of the public key at family end isWherein, X_A、Y_AIt is the private key of client and the public affairs of client respectively Key, p, g are open parameters, and p is prime number, and g is integer, and g is a primitive root of p.

The shared key generation module 503 of client, for obtaining the current public key of pre-stored server, according to visitor The current public key of the private key and server at family end generates the shared secret key of client, to establish between client and server Secured communication channel.

The shared key generation module 503 of client, the calculation formula for generating the shared secret key of client can beWherein, K is the shared secret key of client, Y_BIt is the current public key of server, X_AIt is client The private key at end, mod are modulus operations, and p is open parameter.

Response message receiving module 505, the response message of communication is established in the agreement for receiving server transmission, according to visitor The shared secret key pair response message at family end is decrypted and encrypts to the subsequent request message for being sent to server, with Establish the secured communication channel between client and server.

In conclusion client provided in this embodiment, by when server is agreed to establish with client and be communicated, client End can obtain the current public key of pre-stored server, send its public key to client again without server.It solves Existing communication channel method for building up causes the complete leakage of the communication information between client and server, not can guarantee communication The problems such as safety, the embodiment of the present invention can be avoided third-party attack, promote the safety of communication.

Sixth embodiment

Referring to FIG. 6, the main frame block diagram of the client provided it illustrates sixth embodiment of the invention.Itself and Fig. 5 Shown in client it is similar, the difference is that, the client, can also include: inquiry module 601, new public key receive Module 603 and replacement module 605.

Module 601 is inquired, for sending to server for inquiring whether server needs to update the inquiry of current public key Request message, inquiry request message include at least the current public key information of server；

New public key receiving module 603 receives the update of server transmission if needing to update current public key for server The response message of current public key, response message include at least the new public key of server；

Replacement module 605 replaces the current public key of server for the new public key by server, and according to client The new public key of private key and server generates the new shared secret key of client, close according to the new shared secret of client Key is decrypted the subsequent response message that server is sent and encrypts to the subsequent request message for being sent to server, with Establish the new secured communication channel between client and server.

In conclusion client provided in this embodiment, inquiry server can be also sent by user end to server is When the no inquiry request for needing to update current public key, the public key of update can be sent to client according to inquiry request by server End, so that current public key of the client to server is updated.In this way, server can update it according to client demand Current public key and private key, to ensure that the safety of communication.

7th embodiment

Referring to FIG. 7, the main frame block diagram of the client provided it illustrates seventh embodiment of the invention.Itself and Fig. 5 Shown in client it is similar, the difference is that, the client can also include: new public key receiving module 701.

New public key receiving module 701, the response message of the current public key of update for receiving server transmission, response message Including at least the new public key of server, by the current public key of the new public key replacement server of server, and according to client The new public key of private key and server generate the new shared secret key of client, according to the new shared secret of client The subsequent response message that key pair server is sent is decrypted and encrypts to the subsequent request message for being sent to server, To establish the new secured communication channel between client and server.

In conclusion the public key of update, can be also sent to by server by client provided in this embodiment automatically Client, so that current public key of the client to server is updated.In this way, server can automatically update its current public key And private key, to ensure that the safety of communication.

8th embodiment

Referring to FIG. 8, the main frame block diagram of the client provided it illustrates eighth embodiment of the invention.Itself and Fig. 5 Shown in client it is similar, the difference is that, the communication request module 501, further includes: inquiry module 801；

Module 801 is inquired, for sending to server for inquiring whether server needs to update the inquiry of current public key Request message, inquiry request message include at least the current public key information of server；

The response message of communication, response report are established in response message receiving module 503, the agreement for receiving server transmission The new public key of server is included at least in text；

The shared key generation module 505 of client is also used to the current of the new public key replacement server of server Public key, and the new shared secret key of the new public key generation client according to the private key and server of client, according to visitor The subsequent response message that the new shared secret key pair server at family end is sent is decrypted and is sent to server to subsequent Request message encrypted, to establish the new secured communication channel between client and server.

In conclusion client provided in this embodiment, can also during server and client side establishes communication channel, Whether client inquiry server updates the current public key of server, and server can public key according to inquiry request and by update It is sent to client, so that current public key of the client to server is updated.In this way, server can be built with client Its current public key and private key are updated during vertical communication channel, to ensure that the safety of communication.

9th embodiment

Referring to FIG. 9, the flow chart of the secured communication channel method for building up provided it illustrates ninth embodiment of the invention. This method can be as the secured communication channel establishment process performed by server；The secured communication channel method for building up, can wrap Include following steps 901-905:

Step 901, the request message for requesting to communicate with server foundation that client is sent is received, wherein request Message includes at least the public key of client.

When client wishes to be communicated with server, then the request report for carrying the public key of client is sent to server Text, if server receive client transmission for request to establish the request message that communicates with server after, and agreement and Foundation communication, then server will be sent to client agree to establish communication response message.

Step 903, the current public key for generating the private key and server of server, according to the private key of server and client The current shared privacy key of public key generation server.

Transformational relation between the current public key and private key of server can beWherein, X_B、Y_BPoint It is not the private key and public key of server, p, g are open parameters, and open parameter p, g can be carried out in advance by server and client side Agreement, for example, p can be a prime number, g is an integer, and g is a primitive root of p.In addition, server can be to private key X_B Secrecy storage.In addition, server can pre-generate private key and current public key and be stored, it can be according to service in this step Respective private keys of the current Pubic-Key search of device to server.

The calculation formula of current shared privacy key that server generates server is Wherein, K is the current shared privacy key of server, X_BIt is the public key of client, Y_AIt is The private key of server, mod are modulus operations, and p is open parameter.

Step 905, the response message for agreeing to establish communication is generated, according to the current shared privacy key of server to response Message encrypt and the request message of receipt of subsequent is decrypted, and encrypted response message is sent to client, with Establish the secured communication channel between client and server.

In conclusion secured communication channel method for building up provided in this embodiment, by server agreement and client When establishing communication, server can generate private key according to the current public key of preset server.It solves existing Communication channel method for building up causes the complete leakage of the communication information between client and server, not can guarantee communications security etc. Problem, the embodiment of the present invention can be avoided third-party attack, promote the safety of communication.

Tenth embodiment

Referring to FIG. 10, the process of the secured communication channel method for building up provided it illustrates tenth embodiment of the invention Figure.This method can be as the secured communication channel establishment process performed by server；It builds with secured communication channel shown in Fig. 9 Cube method is similar, the difference is that, in the present embodiment, in client inquiry, server, which decides whether to update, works as It can also include: step 1001-1007 after preceding public key, the i.e. step 905 of Fig. 9.

Step 1001, what reception client was sent is used to inquire whether server needs to update the inquiry request of current public key Message, inquiry request message include at least the current public key information of server, if desired update, then carry out step 1003, if not It needs to update, then carries out step 1005.

Client can be sent to server for inquiring whether server needs to update the inquiry request report of current public key Text.The current public key information of server may include the letter such as the current public key of server or the sequence number of current public key of server Breath.Sequence number can be serial number, the code name etc. of public key.

Step 1003, current public key is if desired updated, then generates the new public key and new private key of server, and according to clothes The public key of the new private key and client of business device generates the new shared secret key of server.

After client receives new public key, the current public key of server can be replaced, it is subsequent to resettle secured communication channel When, the new public key of server is just used, i.e., the new of client is generated using the private key of new public key and client and is total to Privacy key is enjoyed, to establish the new secured communication channel between client and server.

Step 1005, the response message for updating current public key is generated, according to the current shared privacy key of server to sound It answers message to be encrypted, and sends the response message of the encrypted current public key of update to client, and according to the new of server Shared secret key pair subsequent response message carry out encrypt and the request message of receipt of subsequent is decrypted, to establish client New secured communication channel between end and server, the response message for updating current public key include at least the new public affairs of server Key.

Step 1007, the response message for not needing to update current public key is sent to client.

11st embodiment

Figure 11 is please referred to, it illustrates the processes for the secured communication channel method for building up that eleventh embodiment of the invention provides Figure.This method can be as the secured communication channel establishment process performed by server；It builds with secured communication channel shown in Fig. 9 Cube method is similar, the difference is that, in the present embodiment, when beginning setting up communication channel, client can inquire clothes Whether business device will update current public key, i.e., can also include: step 1101, the step 903 and 905 after the step 901 of Fig. 9 It could alternatively be step 1103 and 1105 respectively.

Step 1101, what reception client was sent is used to inquire whether server needs to update the inquiry request of current public key Message, inquiry request message include at least the current public key information of server；

Step 1103, the new shared secret for generating server according to the public key of the new private key and client of server is close Key；

Step 1105, the response message for agreeing to establish communication is generated, according to the current shared privacy key of server to sound It answers message to be encrypted, and sends encrypted response message to client, agree to establish in the response message communicated and at least wrap The new public key of server is included, and encrypt and to rear according to the new shared secret key pair subsequent response message of server Continue received request message to be decrypted, client generates client according to the new public key of the private key and server of client New shared secret key.

The following are the embodiments of server of the invention, the details of not detailed description, Ke Yican in server example It is admitted to and states corresponding the 9th to the 11st embodiment of secured communication channel method for building up.

12nd embodiment

Figure 12 is please referred to, it illustrates the main frame block diagrams for the server that twelveth embodiment of the invention provides.It is described Server, comprising: request message receiving module 1201, key production module 1203 and response message sending module 1205.

Specifically, request message receiving module 1201, for receiving establishing for request and server for client transmission The request message of communication, wherein request message includes at least the public key of client；

Key production module 1203, the current public key of the private key and server for generating server, according to server Private key and the public key of client generate the current shared privacy key of server；

Key production module 1203, the calculation formula for generating the current shared privacy key of server can be Wherein, K is the current shared privacy key of server, X_BIt is the public key of client, Y_AIt is server Private key, mod are modulus operations, and p is open parameter.

Response message sending module 1205, for generating the response message for agreeing to establish communication, according to the current of server Shared secret key pair response message encrypt and the request message of receipt of subsequent is decrypted, and sends and add to client The response message of close mistake, to establish the secured communication channel between client and server.

In conclusion server provided in this embodiment, by servicing when server is agreed to communicate with client foundation Device can generate private key according to the current public key of preset server.Solves existing communication channel method for building up The complete leakage for causing the communication information between client and server, the problems such as not can guarantee communications security, the present invention are implemented Example can be avoided third-party attack, promote the safety of communication.

13rd embodiment

With reference to Figure 13, it illustrates the main frame block diagrams for the server that thriteenth embodiment of the invention provides.Itself and figure Server shown in 12 is similar, the difference is that, the server, can also include: inquiry request receiving module 1301, New public key generation module 1303 and new public key sending module 1305.

Inquiry request receiving module 1301, for receiving working as inquiring whether server needs to update for client transmission The inquiry request message of preceding public key, inquiry request message include at least the current public key information of server；

The current public key information of server include server current public key or current public key sequence number at least within One of.

New public key generation module 1303 then generates the new public key of server and new for if desired updating current public key Private key, and according to the public key of the new private key and client of server generate server new shared secret key；

New public key sending module 1305, for generating the response message for updating current public key, according to the current total of server It enjoys privacy key to encrypt response message, and sends the response message of the encrypted current public key of update to client, and Encryption is carried out according to the new shared secret key pair subsequent response message of server and the request message of receipt of subsequent is carried out Decryption, to establish the new secured communication channel between client and server, the response message for updating current public key is at least wrapped Include the new public key of server.

In conclusion server provided in this embodiment, inquiry server can be also sent by user end to server is When the no inquiry request for needing to update current public key, the public key of update can be sent to client according to inquiry request by server End, so that current public key of the client to server is updated.In this way, server can update it according to client demand Current public key and private key, to ensure that the safety of communication.

14th embodiment

Figure 14 is please referred to, it illustrates the main frame block diagrams for the server that fourteenth embodiment of the invention provides.Its with Server shown in Figure 12 is similar, the difference is that, the request message receiving module 1201, further includes: inquiry receives Module 1401；

Inquire receiving module 1401, for receive client transmission for inquiring whether server needs to update current public affairs The inquiry request message of key, inquiry request message include at least the current public key information of server；

Key production module 1203 is also used to generate server according to the public key of the new private key and client of server New shared secret key.

New public key sending module 1205, is also used to generate the response message for agreeing to establish communication, according to the current of server Shared secret key pair response message is encrypted, and encrypted response message is sent to client, agrees to establish communication The new public key of server is included at least in response message, and according to the new shared secret key pair subsequent response report of server Text encrypt and the request message of receipt of subsequent is decrypted, and client is new according to the private key and server of client The new shared secret key of public key generation client.

In conclusion server provided in this embodiment, can also during server and client side establishes communication channel, Whether client inquiry server updates the current public key of server, and server can public key according to inquiry request and by update It is sent to client, so that current public key of the client to server is updated.In this way, server can be built with client Its current public key and private key are updated during vertical communication channel, to ensure that the safety of communication.

15th embodiment

Figure 15 is please referred to, the secured communication channel provided it illustrates fifteenth embodiment of the invention establishes the main of system Block architecture diagram.It includes: client and server that the secured communication channel, which establishes system,.Wherein, client includes communication request The shared key generation module 1503 of module 1501, response message receiving module 1505 and client.Server includes request Message receiving module 1507, key production module 1509 and response message sending module 1511.

Communication request module 1501 for generating the private key of client and the public key of client, and sends to server and uses The request message communicated is established with server in request, request message includes at least the public key of client；

Request message receiving module 1507, for receive client transmission for request with server foundation communicate ask Message is sought, the response message for agreeing to establish communication is sent to client；

The shared key generation module 1503 of client, for obtaining the current public key of pre-stored server, according to The current public key of the private key and server of client generates the shared secret key of client；

Key production module 1509, the current public key of the private key and server for generating server, according to server Private key and the public key of client generate the current shared privacy key of server；

Response message sending module 1511, for being added according to the current shared privacy key of server to response message It is close and the request message of receipt of subsequent is decrypted, and encrypted response message is sent to client, to establish client Secured communication channel between server；

The response message of communication is established in response message receiving module 1505, the agreement for receiving server transmission, according to The shared secret key pair response message of client is decrypted and encrypts to the subsequent request message for being sent to server, To establish the secured communication channel between client and server.

In conclusion secured communication channel provided in this embodiment establishes system, by server agreement and client When establishing communication, server can generate private key according to the current public key of preset server.It solves existing Communication channel method for building up causes the complete leakage of the communication information between client and server, not can guarantee communications security etc. Problem, the embodiment of the present invention can be avoided third-party attack, promote the safety of communication.

16th embodiment

Figure 16 is please referred to, the secured communication channel provided it illustrates sixteenth embodiment of the invention establishes the main of system Block architecture diagram.It is similar that it establishes system to secured communication channel shown in figure 15, the difference is that, the client, also It include: inquiry module 1601, new public key receiving module 1603 and replacement module 1605；The server, further includes: inquiry is asked Ask receiving module 1607, new public key generation module 1609 and new public key sending module 1611.

Module 1601 is inquired, for sending to server for inquiring whether server needs to update the inquiry of current public key Request message, inquiry request message include at least the current public key information of server；

Inquiry request receiving module 1607, for receiving working as inquiring whether server needs to update for client transmission The inquiry request message of preceding public key；

New public key generation module 1609 then generates the new public key of server and new for if desired updating current public key Private key, and send to client end the new public key of server, and the public key of the new private key and client according to server Generate the new shared secret key of server；

New public key sending module 1611, for generating the response message for updating current public key, according to the current total of server It enjoys privacy key to encrypt response message, and sends the response message of the encrypted current public key of update to client, and Encryption is carried out according to the new shared secret key pair subsequent response message of server and the request message of receipt of subsequent is carried out Decryption, to establish the new secured communication channel between client and server, the response message for updating current public key is at least wrapped Include the new public key of server.

New public key receiving module 1603, the response message of the current public key of update for receiving server transmission；

Replacement module 1605 replaces the current public key of server for the new public key by server, and according to client The new public key of private key and server generate the new shared secret key of client, according to the new shared secret of client The subsequent response message that key pair server is sent is decrypted and encrypts to the subsequent request message for being sent to server.

In conclusion secured communication channel provided in this embodiment establishes system, can also be sent out by user end to server Send inquiry server when whether needing to update the inquiry request of current public key, server can be according to inquiry request and by update Public key is sent to client, so that current public key of the client to server is updated.In this way, server can be according to client End demand and update its current public key and private key, to ensure that the safety of communication.

17th embodiment

Figure 17 is please referred to, the secured communication channel provided it illustrates seventeenth embodiment of the invention establishes the main of system Block architecture diagram.It is similar that it establishes system to secured communication channel shown in figure 15, the difference is that, the client, also It include: the communication request module of client, further includes: inquiry module 1701.Request message receiving module, further includes: inquiry connects Receive module 1703；

Module 1701 is inquired, for sending to server for inquiring whether server needs to update the inquiry of current public key Request message, inquiry request message include at least the current public key information of server；

Inquire receiving module 1703, for receive client transmission for inquiring whether server needs to update current public affairs The inquiry request message of key.

Key production module 1509 is also used to generate server according to the public key of the new private key and client of server New shared secret key.

The server further include: new public key sending module 1513, for generating the response message for agreeing to establish communication, root Response message is encrypted according to the current shared privacy key of server, and sends encrypted response message to client, Agree to establish the new public key that server is included at least in the response message of communication, and close according to the new shared secret of server Key encrypt and the request message of receipt of subsequent is decrypted to subsequent response message；

Response message receiving module 1505, the agreement for receiving server transmission are established the response message of communication, are agreed to It establishes in the response message of communication and includes at least the new public key of server；

The shared key generation module 1503 of client is also used to the current of the new public key replacement server of server Public key, and the new shared secret key of the new public key generation client according to the private key and server of client, according to visitor The subsequent response message that the new shared secret key pair server at family end is sent is decrypted and is sent to server to subsequent Request message encrypted, to establish the new secured communication channel between client and server.

In conclusion secured communication channel provided in this embodiment establishes system, can also be established in server and client side During communication channel, whether client inquiry server updates the current public key of server, and server can be asked according to inquiry It asks and the public key of update is sent to client, so that current public key of the client to server is updated.In this way, server Its current public key and private key can be updated during establishing communication channel with client, to ensure that the safety of communication Property.

18th embodiment

Figure 18 is please referred to, it illustrates a kind of structural block diagrams of client.As shown in figure 18, client includes memory 1802, storage control 1804, one or more (one is only shown in figure) processors 1806, Peripheral Interface 1808, radio frequency mould Block 1810, photographing module 1814, audio-frequency module 1816, Touch Screen 1818 and key module 1820.These components pass through one Item or a plurality of communication bus/signal wire mutually communicate.

It is appreciated that structure shown in Figure 18 is only to illustrate, client may also include than shown in Figure 18 more or more Few component, or with the configuration different from shown in Figure 18.Each component shown in Figure 18 can using hardware, software or its Combination is realized.

Memory 1802 can be used for storing software program and module, as carried out in client in the embodiment of the present invention Corresponding program instruction/the module of secured communication channel method for building up (for example, corresponding module in client), processor 1802 are logical The operation software program and module that are stored in memory 1804 are crossed, thereby executing various function application and data processing, It realizes and above-mentioned securely communicates Path Setup method in client.

Memory 1802 may include high speed random access memory, may also include nonvolatile memory, such as one or more Magnetic storage device, flash memory or other non-volatile solid state memories.In some instances, memory 1802 can be further Including the memory remotely located relative to processor 1806, these remote memories can pass through network connection to client. The example of above-mentioned network includes but is not limited to internet, intranet, local area network, mobile radio communication and combinations thereof.Processor 1806 and other possible components the access of memory 1802 can be carried out under the control of storage control 1804.

Various input/output devices are couple CPU and memory 1802 by Peripheral Interface 1808.Processor 806 is run Various softwares, instruction in memory 802 are to execute the various functions of client and carry out data processing.

In some embodiments, Peripheral Interface 1808, processor 1806 and storage control 1804 can be in single cores It is realized in piece.In some other example, they can be realized by independent chip respectively.

Radio-frequency module 1810 is used to receive and transmit electromagnetic wave, realizes the mutual conversion of electromagnetic wave and electric signal, thus It is communicated with communication network or other equipment.Radio-frequency module 1810 may include various existing for executing these functions Circuit element, for example, antenna, RF transceiver, digital signal processor, encryption/deciphering chip, subscriber identity module (SIM) Card, memory etc..Radio-frequency module 1810 can be carried out with various networks such as internet, intranet, wireless network communication or Person is communicated by wireless network and other equipment.Above-mentioned wireless network may include cellular telephone networks, WLAN Or Metropolitan Area Network (MAN).Various communication standards, agreement and technology can be used in above-mentioned wireless network, and including but not limited to the whole world is moved Dynamic communication system (Global System for Mobile Communication, GSM), enhanced mobile communication technology (Enhanced Data GSM Environment, EDGE), Wideband CDMA Technology (wideband code division Multiple access, W-CDMA), Code Division Multiple Access (Code division access, CDMA), time division multiple access technology (time division multiple access, TDMA), bluetooth, adopting wireless fidelity technology (Wireless, Fidelity, WiFi) (such as American Institute of Electrical and Electronics Engineers's standard IEEE 802.11a, IEEE 802.11b, IEEE802.11g and/ Or IEEE 802.11n), the networking telephone (Voice over internet protocal, VoIP), worldwide interoperability for microwave accesses (Worldwide Interoperability for Microwave Access, Wi-Max), other be used for mail, Instant Messenger The agreement and any other suitable communications protocol of news and short message, or even may include that those are not developed currently yet Agreement.

Photographing module 1814 is for shooting photo or video.The photo or video of shooting can store to memory In 1802, and it can be sent by radio-frequency module 1810.

Audio-frequency module 1816 provides a user audio interface, may include one or more microphones, one or more Loudspeaker and voicefrequency circuit.Voicefrequency circuit receives voice data from Peripheral Interface 1808, and voice data is converted to telecommunications Breath, is transmitted to loudspeaker for power information.Power information is converted to the sound wave that human ear can be heard by loudspeaker.Voicefrequency circuit is also from Mike Receive power information at wind, convert electrical signals to voice data, and by data transmission in network telephony into Peripheral Interface 1808 to carry out Further processing.Audio data can obtain from memory 1802 or through radio-frequency module 1810.In addition, audio data Also it can store into memory 1802 or sent by radio-frequency module 1810.In some instances, audio-frequency module 1816, which may also include an earphone, broadcasts hole, for providing audio interface to earphone or other equipment.

Touch Screen 1818 provides an output and input interface simultaneously between client and user.Specifically, touch-control Screen 1818 shows video output to user, and the content of these videos output may include text, figure, video and its any group It closes.Some outputs are the result is that correspond to some user interface objects.Touch Screen 1818 also receives the input of user, such as user The gesture operations such as click, sliding, so that user interface object responds the input of these users.Detect user's input Technology can be based on resistance-type, condenser type or any other possible touch control detection technology.Touch Screen 1818 shows list The specific example of member includes but is not limited to liquid crystal display or light emitting polymer displays.

Key module 1820 equally provides user's interface inputted to client, and user can be different by pressing Key is so that the different function of client executing.

In addition, the embodiment of the present invention also provides a kind of computer readable storage medium, it is executable to be stored with computer Instruction, above-mentioned computer readable storage medium is, for example, nonvolatile memory such as CD, hard disk or flash memory.It is above-mentioned Computer executable instructions for allowing computer or similar arithmetic unit to complete above-mentioned secured communication channel foundation side Method.

The above described is only a preferred embodiment of the present invention, be not intended to limit the present invention in any form, though So the present invention has been disclosed as a preferred embodiment, and however, it is not intended to limit the invention, any technology people for being familiar with this profession Member, without departing from the scope of the present invention, when the technology contents using the disclosure above are modified or are modified It is right according to the technical essence of the invention for the equivalent embodiment of equivalent variations, but without departing from the technical solutions of the present invention Any simple modification, equivalent change and modification made by above embodiments, all of which are still within the scope of the technical scheme of the invention.

Claims

1. a kind of secured communication channel method for building up, which is characterized in that the secured communication channel method for building up, comprising:

The private key of client and the public key of client are generated, and is sent to server for requesting to communicate with server foundation Request message, the request message include at least the client public key；

The current public key for obtaining the pre-stored server, according to the current of the private key of the client and the server Public key generates the shared secret key of the client；

The response message that communication is established in the agreement that the server is sent is received, according to the shared secret key pair of the client The response message is decrypted and encrypts to the subsequent request message for being sent to the server, to establish the client Secured communication channel between end and the server.

2. secured communication channel method for building up according to claim 1, which is characterized in that generate private key and the visitor of client The public key at family end, comprising:

Private key of the random number as the client is selected, and meets X_A< p, the calculating for generating the public key of the client are public Formula isWherein, X_A、Y_AIt is the private key of the client and the public key of the client respectively, p, g are public Parameter is opened, p is prime number, and g is integer, and g is a primitive root of p.

3. secured communication channel method for building up according to claim 1, which is characterized in that according to the private key of the client The shared secret key of the client is generated with the current public key of the server, comprising:

The calculation formula for generating the shared secret key of the client isWherein, K is described The shared secret key of client, Y_BIt is the current public key of the server, X_AIt is the private key of the client, mod is modulus fortune It calculates, p is open parameter.

4. secured communication channel method for building up according to claim 1, which is characterized in that receive what the server was sent The response message for agreeing to establish communication, is decrypted and right according to response message described in the shared secret key pair of the client The subsequent request message for being sent to the server is encrypted, with the safety established between the client and the server After communication channel, comprising:

It sends to the server for inquiring whether the server needs to update the inquiry request message of current public key, it is described Inquiry request message includes at least the current public key information of the server；

If the server needs to update the current public key, the response for the current public key of update that the server is sent is received Message, the response message include at least the new public key of the server；

The new public key of the server is replaced to the current public key of the server, and according to the private key of the client and institute The new public key for stating server generates the new shared secret key of the client, according to the client it is new share it is secret The subsequent response message that server described in close key pair is sent is decrypted and to the subsequent request report for being sent to the server Text is encrypted, with the secured communication channel established between the client and the server.

5. secured communication channel method for building up according to claim 1, which is characterized in that the current public key of the server Information includes at least one of the current public key of the server or the sequence number of current public key.

6. secured communication channel method for building up according to claim 1, which is characterized in that receive what the server was sent The response message for agreeing to establish communication, is decrypted and right according to response message described in the shared secret key pair of the client The subsequent request message for being sent to the server is encrypted, with the safety established between the client and the server After communication channel, comprising:

The response message for the current public key of update that the server is sent is received, the response message includes at least the server New public key, the new public key of the server is replaced to the current public key of the server, and according to the client The new public key of private key and the server generates the new shared secret key of the client, according to the new of the client Shared secret key pair described in server send subsequent response message be decrypted and be sent to the server to subsequent Request message encrypted, to establish the new secured communication channel between the client and the server.

7. secured communication channel method for building up according to claim 1, which is characterized in that generate private key and the visitor of client The public key at family end, and send to server for requesting to establish the request message communicated, the request message with the server After the public key of the client, comprising:

It sends to server for inquiring whether the server needs to update the inquiry request message of current public key, the inquiry Request message includes at least the current public key information of the server；

The response message that communication is established in the agreement that the server is sent is received, includes at least the service in the response message The new public key of device；

The new public key of the server is replaced to the current public key of the server, and according to the private key of the client and institute The new public key for stating server generates the new shared secret key of the client, according to the client it is new share it is secret The subsequent response message that server described in close key pair is sent is decrypted and to the subsequent request report for being sent to the server Text is encrypted, to establish the new secured communication channel between the client and the server.

8. a kind of client, which is characterized in that the client, comprising:

Communication request module, for generating the private key of client and the public key of client, and to server send for request with The server establishes the request message of communication, and the request message includes at least the public key of the client；

The shared key generation module of client, for obtaining the current public key of the pre-stored server, according to described The current public key of the private key of client and the server generates the shared secret key of the client；

Response message receiving module establishes the response message of communication for receiving the agreement that the server is sent, according to described Response message described in the shared secret key pair of client is decrypted and to the subsequent request message for being sent to the server It is encrypted, with the secured communication channel established between the client and the server.

9. client according to claim 8, which is characterized in that the communication request module, it is random for selection one Private key of the number as the client, and meet X_A< p, the calculation formula for generating the public key of the client areWherein, X_A、Y_AIt is the private key of the client and the public key of the client respectively, p, g are open join Number, p is prime number, and g is integer, and g is a primitive root of p.

10. client according to claim 8, which is characterized in that the shared key generation module of the client, for giving birth to Calculation formula at the shared secret key of the client is Wherein, K is the client Shared secret key, Y_BIt is the current public key of the server, X_AIt is the private key of the client, mod is modulus operation, and p is public Open parameter.

11. client according to claim 8, which is characterized in that the client, further includes:

Module is inquired, for sending to the server for inquiring whether the server needs to update the inquiry of current public key Request message, the inquiry request message include at least the current public key information of the server；

New public key receiving module receives the server and sends if needing to update the current public key for the server The current public key of update response message, the response message includes at least the new public key of the server；

Replacement module, for the new public key of the server to be replaced to the current public key of the server, and according to the visitor The new public key of the private key at family end and the server generates the new shared secret key of the client, according to the client The subsequent response message that server described in the new shared secret key pair at end is sent is decrypted and to described in subsequent is sent to The request message of server is encrypted, to establish the new secured communication channel between the client and the server.

12. client according to claim 11, which is characterized in that the current public key information of the server includes described At least one of the sequence number of the current public key or current public key of server.

13. client according to claim 8, which is characterized in that the client, further includes:

New public key receiving module, for receiving the response message for the current public key of update that the server is sent, the response report Text includes at least the new public key of the server, and the new public key of the server is replaced to the current public affairs of the server Key, and it is close according to the new shared secret that the new public key of the private key of the client and the server generates the client Key is decrypted and right according to the subsequent response message that server described in the new shared secret key pair of the client is sent The subsequent request message for being sent to the server is encrypted, new between the client and the server to establish Secured communication channel.

14. client according to claim 8, which is characterized in that

The communication request module, further includes: inquiry module, for sending to server for inquiring whether the server needs The inquiry request message of current public key is updated, the current public key that the inquiry request message includes at least the server is believed Breath；

The response message receiving module establishes the response message of communication for receiving the agreement that the server is sent, described The new public key of the server is included at least in response message；

The shared key generation module of the client is also used to the new public key of the server replacing the server Current public key, and the new of the client is generated according to the new public key of the private key of the client and the server and is shared Privacy key, the subsequent response message sent according to server described in the new shared secret key pair of the client are solved It is close and the subsequent request message for being sent to the server is encrypted, to establish between the client and the server New secured communication channel.

15. a kind of secured communication channel method for building up, which is characterized in that the secured communication channel method for building up, comprising:

Receive the request message for requesting to communicate with server foundation that client is sent, wherein the request message is at least Public key including the client, the client are previously stored with the current public key of the server；

The server is generated according to the public key of private key corresponding with the current public key of the server and the client Current shared privacy key；

The response message for agreeing to establish communication is generated, according to the current shared privacy key of the server to the response message Encrypt and the request message of receipt of subsequent is decrypted, and sends encrypted response message to the client, with Establish the secured communication channel between the client and the server.

16. secured communication channel method for building up according to claim 15, which is characterized in that according to the private of the server Key and the public key of the client generate the current shared privacy key of the server, comprising:

The calculation formula for generating the current shared privacy key of the server isWherein, K is institute State the current shared privacy key of server, X_BIt is the public key of the client, Y_AIt is the private key of the server, mod is modulus Operation, p are open parameters.

17. secured communication channel method for building up according to claim 15, which is characterized in that generate and agree to establish communication Response message carries out encryption to the response message according to the current shared privacy key of the server and to receipt of subsequent Request message is decrypted, and encrypted response message is sent to the client, to establish the client and the clothes After secured communication channel between business device, comprising:

Receive that the client sends for inquiring whether the server needs to update the inquiry request message of current public key, The inquiry request message includes at least the current public key information of the server；

If desired the public key is updated, then generates the new public key and new private key of the server, and according to the server New private key and the public key of the client generate the new shared secret key of the server；

The response message for updating current public key is generated, according to the current shared privacy key of the server to the response message It is encrypted, and sends the response message of the encrypted current public key of update to the client, and according to the server New shared secret key pair subsequent response message encrypt and the request message of receipt of subsequent is decrypted, to establish The new secured communication channel between client and the server is stated, the response message for updating current public key includes at least The new public key of the server.

18. secured communication channel method for building up according to claim 17, which is characterized in that the current public affairs of the server Key information includes at least one of the current public key of the server or the sequence number of current public key.

19. secured communication channel method for building up according to claim 15, which is characterized in that receive the use that client is sent After requesting to establish the request message communicated with server, comprising:

The new shared secret for generating the server according to the public key of the new private key of the server and the client is close Key；

The response message for agreeing to establish communication is generated, according to the current shared privacy key of the server to the response message It is encrypted, and sends encrypted response message to the client, it is described to agree to establish in the response message of communication at least New public key including the server, and carried out according to the new shared secret key pair subsequent response message of the server Encryption and the request message of receipt of subsequent is decrypted, the client is according to the private key and the server of the client New public key generate the new shared secret key of the client.

20. a kind of server, which is characterized in that the server, comprising:

Request message receiving module, for receiving the request message for requesting to communicate with server foundation of client transmission, Wherein, the request message includes at least the public key of the client, and the client is previously stored with working as the server Preceding public key；

Key production module, for the public key according to corresponding with the current public key of the server private key and the client Generate the current shared privacy key of the server；

Response message sending module, for generating the response message for agreeing to establish communication, according to the current shared of the server Privacy key encrypt and the request message of receipt of subsequent is decrypted to the response message, and sends out to the client Encrypted response message is sent, with the secured communication channel established between the client and the server.

21. server according to claim 20, which is characterized in that the response message sending module, for generating The calculation formula for stating the current shared privacy key of server is Wherein, K is the server Current shared privacy key, X_BIt is the public key of the client, Y_AIt is the private key of the server, mod is modulus operation, and p is public Open parameter.

22. server according to claim 20, which is characterized in that the server, further includes:

Inquiry request receiving module, for receiving working as inquiring whether the server needs to update for the client transmission The inquiry request message of preceding public key, the inquiry request message include at least the current public key information of the server；

New public key generation module, for if desired updating the public key, then generate the server new public key and new private Key, and it is close according to the new shared secret that the new private key of the server and the public key of the client generate the server Key；

New public key sending module, for generating the response message for updating current public key, the current shared according to the server is secret Response message described in close key pair is encrypted, and the response report of the encrypted current public key of update is sent to the client Text, and encryption and request to receipt of subsequent are carried out according to the new shared secret key pair subsequent response message of the server Message is decrypted, described to update currently to establish the new secured communication channel between the client and the server The response message of public key includes at least the new public key of the server.

23. server according to claim 22, which is characterized in that the current public key information of the server includes described At least one of the sequence number of the current public key or current public key of server.

24. server according to claim 20, which is characterized in that

The request message receiving module, further includes: inquiry receiving module, for receiving that the client sends for inquiring Whether the server needs to update the inquiry request message of current public key, and the inquiry request message includes at least the service The current public key information of device；

The key production module is also used to according to the new private key of the server and the generation of the public key of the client The new shared secret key of server；

The server, further includes: new public key sending module, for generating the response message for agreeing to establish communication, according to described The current shared privacy key of server encrypts the response message, and encrypted response is sent to the client Message, it is described to agree to establish the new public key that the server is included at least in the response message of communication, and according to the service The new shared secret key pair subsequent response message of device encrypt and the request message of receipt of subsequent is decrypted, described Client generates the new shared secret of the client according to the private key of the client and the new public key of the server Key.

25. a kind of secured communication channel establishes system, comprising: client and server；

The client includes the shared key generation module of communication request module, response message receiving module and client；

The server includes request message receiving module, key production module and response message sending module；

Request message receiving module, for receiving the request message for requesting to communicate with server foundation of client transmission；

Key production module, for generating the private key of the server and the current public key of the server, according to the service The private key of device and the public key of the client generate the current shared privacy key of the server；

Response message sending module, for being added according to the current shared privacy key of the server to the response message It is close and the request message of receipt of subsequent is decrypted, and encrypted response message is sent to the client, to establish State the secured communication channel between client and the server；

26. secured communication channel according to claim 25 establishes system, which is characterized in that the client, further includes: Inquire module, new public key receiving module and replacement module；The server, further includes: inquiry request receiving module, new public key Generation module and new public key sending module；

The inquiry module, for sending to the server for inquiring whether the server needs to update current public key Inquiry request message, the inquiry request message include at least the current public key information of the server；

The inquiry request receiving module, for receiving that the client sends for inquiring whether the server needs more The inquiry request message of new current public key；

The new public key generation module then generates the new public key of the server and new for if desired updating the public key Private key, and according to the new private key of the server and the public key of the client generate the server it is new share it is secret Key；

New public key sending module, for generating the response message for updating current public key, the current shared according to the server is secret Response message described in close key pair is encrypted, and the response report of the encrypted current public key of update is sent to the client Text, and encryption and request to receipt of subsequent are carried out according to the new shared secret key pair subsequent response message of the server Message is decrypted, and to establish the new secured communication channel between the client and the server, updates current public key Response message include at least the server new public key；

The new public key receiving module, for receiving the response message for the current public key of update that the server is sent；

The replacement module, for the new public key of the server to be replaced to the current public key of the server, and according to institute The new public key of the private key and the server of stating client generates the new shared secret key of the client, according to described The subsequent response message that server described in the new shared secret key pair of client is sent is decrypted and is sent to subsequent The request message of the server is encrypted.

27. secured communication channel according to claim 25 establishes system, which is characterized in that

The communication request module of the client, further includes: inquiry module, the inquiry module are used to be used for server transmission Inquire whether the server needs to update the inquiry request message of current public key, the inquiry request message includes at least described The current public key information of server；

The request message receiving module, further includes: inquiry receiving module, for receiving that the client sends for inquiring Whether the server needs to update the inquiry request message of current public key；

The server further include: new public key sending module, for generating the response message for agreeing to establish communication, according to the clothes The current shared privacy key of business device encrypts response message, and encrypted response message is sent to the client, Agree to establish the new public key for including at least the server in the response message of communication, and is total to according to the new of the server It enjoys privacy key and subsequent response message encrypt and the request message of receipt of subsequent is decrypted；

The response message receiving module establishes the response message of communication for receiving the agreement that the server is sent, described Agree to establish the new public key that the server is included at least in the response message of communication；

The shared key generation module of the client is also used to the new public key of the server replacing the server Current public key, and the new of the client is generated according to the new public key of the private key of the client and the server and is shared Privacy key is decrypted and according to the new subsequent response message of shared secret key pair of the client to subsequent transmission It is encrypted to the request message of the server, to establish the new secure communication between the client and the server Channel.