CN106411926B - Data encryption communication method and system - Google Patents
Data encryption communication method and system Download PDFInfo
- Publication number
- CN106411926B CN106411926B CN201610957375.6A CN201610957375A CN106411926B CN 106411926 B CN106411926 B CN 106411926B CN 201610957375 A CN201610957375 A CN 201610957375A CN 106411926 B CN106411926 B CN 106411926B
- Authority
- CN
- China
- Prior art keywords
- authentication
- query
- information
- symmetric encryption
- client
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/045—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply hybrid encryption, i.e. combination of symmetric and asymmetric encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
Abstract
The invention provides a data encryption communication method and a system, the method comprises the steps of data authentication and data query, the data authentication step comprises the following steps: the client side encrypts in an asymmetric encryption mode and sends authentication request information to an authentication center for authentication, if the authentication is successful, the information of successful authentication and a symmetric key are returned, and if the authentication is failed, the information of failed authentication is returned, and the data query step comprises the following steps: the client side encrypts and sends query request information in combination with asymmetric encryption and symmetric encryption; the authentication center receives the query request information; the authentication center decrypts the query request information and performs data query; the authentication center encrypts the query result information in combination with the asymmetric encryption and the symmetric encryption; and the client receives the query result information and decrypts the query result information to obtain a data query result. The invention combines the symmetric encryption technology and the asymmetric encryption technology to carry out multiple encryption on the authentication information and the query information, thereby improving the safety of data communication.
Description
Technical Field
The invention relates to the technical field of communication, in particular to a data encryption communication method and system.
Background
Symmetric encryption is the fastest and simplest encryption method, and the same key (secret key) is used for encryption (encryption) and decryption (decryption). Symmetric encryption typically uses relatively small keys, typically less than 256 bits. Because the larger the key, the stronger the encryption, but the slower the process of encryption and decryption. The larger the key is, if it is desired not to cause information leakage during transmission, but this results in a substantial reduction in the speed of normal data decryption.
Asymmetric encryption provides a very secure method for encryption and decryption of data, using a pair of keys, a public key and a private key. The private key can only be safely kept by one party and cannot be leaked out, while the public key can be sent to any person who requests it. Asymmetric encryption uses one of the pair of keys for encryption, while decryption requires the other key.
When the symmetric encryption and asymmetric encryption technologies are used for data encryption transmission, a data receiving party or a data intercepting party can decrypt the transmitted data as long as a correct key is obtained.
The internet environment has entered into a mature, stable and efficient stage, and the resources of the internet can help the existing enterprises or organizations to integrate the existing information resources more reasonably and effectively by reasonably using the resources of the internet, so that the production efficiency is greatly improved, the information can be shared more quickly, and the cooperative work efficiency among teams is greatly improved. After all, the internet is an open environment, which brings about a lot of potential safety hazards and information leakage risks. If an enterprise wants to make good use of the large resource of the internet and minimize the risk of information disclosure, the enterprise's private network is considered to be isolated from the internet, but the cost is greatly increased.
Disclosure of Invention
In order to reduce the cost of enterprises and simultaneously have a safe mechanism for quickly sharing information, the data encryption communication method provided by the invention can ensure that the enterprises can share important data information to the Internet according to the specific scene of a business, integrate into a large resource pool of the Internet for comprehensive data analysis and mining, and simultaneously ensure that the important data are not economic losses of the enterprises caused by being acquired by lawbreakers to the greatest extent.
The specific scheme of the invention is as follows:
a data encryption communication method comprises data authentication and data query steps,
a data authentication step: the client side encrypts in an asymmetric encryption mode and sends authentication request information to the authentication center for authentication, if the authentication is successful, the information of successful authentication and the symmetric key are returned, if the authentication is failed, the information of failed authentication is returned,
data query step:
the client side encrypts and sends query request information in combination with asymmetric encryption and symmetric encryption;
the authentication center receives the query request information;
the authentication center decrypts the query request information and calls a data query interface to perform data query;
the authentication center encrypts the query result information in combination with the asymmetric encryption and the symmetric encryption;
and the client receives the query result information and decrypts the query result information to obtain a data query result.
Further, the method also comprises the initialization step of:
the client generates a pair of public key and private key and sends the client public key to the authentication center;
the authentication center generates a pair of public key and private key and sends the public key of the authentication center to the client;
and registering the client equipment to an authentication center, wherein the registration information is the hardware characteristic information of the terminal equipment, and the registration information is encrypted by a client private key.
Further, the data authentication step specifically includes:
step 101, a client encrypts hardware characteristic information of a terminal device through a client private key;
102, a client sends authentication request information, wherein the authentication request information comprises a device registration ID and encrypted hardware characteristic information of a terminal device;
103, the authentication center receives the authentication request information, reads the equipment registration ID to identify the terminal equipment information, then acquires the corresponding client public key according to the identified terminal equipment information, decrypts the terminal equipment hardware characteristic information, the step 104 is entered when the decryption is successful, and the step 106 is entered when the decryption is failed;
step 104: comparing the hardware characteristic information of the terminal equipment decrypted in the step 103 with the hardware characteristic information of the registered equipment to perform secondary authentication, wherein the step 105 is performed after the authentication is successful, and the step 106 is performed after the authentication is failed;
step 105: generating a set of symmetric encryption keys with certain timeliness on the basis of the equipment hardware characteristic information, caching, and entering step 106;
step 106: splicing a response result data packet, wherein the response result data packet comprises an authentication state and a symmetric encryption key, when the authentication state is successful, the symmetric encryption key is the symmetric encryption key generated in the step 105, the symmetric encryption key is encrypted by using a private key of an authentication center, and when the authentication state is failed, the symmetric encryption key is empty;
step 107: and the client receives the response result data packet, acquires authentication state information, and if the authentication state is successful, decrypts through the public key of the authentication center to acquire a symmetric encryption key and caches the symmetric encryption key to the local.
Further, the data query step specifically includes:
step 201: the client side assembles query request information, wherein the query request information comprises equipment registration ID, terminal equipment hardware characteristic information and query condition information;
step 202: acquiring the symmetric encryption key cached in the step 107, and encrypting the query condition information by using the symmetric encryption key;
step 203: encrypting the hardware characteristic information of the terminal equipment in the query request information by using a client private key, and encrypting the query condition information again by using the client private key;
step 204: calling a data query service interface of the authentication center and sending query request information;
step 205: the authentication center receives the query request information, reads the equipment registration ID to identify the terminal equipment information, then acquires the corresponding client public key according to the identified terminal equipment information, decrypts the terminal equipment hardware characteristic information and the query condition information, the step 206 is entered when the decryption is successful, and the step 210 is entered when the decryption is failed;
step 206: acquiring a symmetric encryption key cached by the terminal equipment from an authentication center according to the hardware characteristic information of the read terminal equipment, and entering step 207 if the symmetric encryption key is successfully acquired, or entering step 210 if the symmetric encryption key is not acquired;
step 207: acquiring a data query interface of a data sharing center, acquiring an available data query interface, and entering a step 208, otherwise, entering a step 210;
step 208: the authentication center calls a data query interface to perform synchronous data query, the step 209 is performed after a query result is obtained, and the step 210 is performed when an abnormality occurs when the data query interface of the data sharing center is called;
step 209: acquiring a private key of an authentication center and a symmetric encryption key corresponding to the terminal equipment, symmetrically encrypting the query result by using the symmetric encryption key, and then asymmetrically encrypting by using the private key of the authentication center;
step 210: assembling query result information, wherein the query result information comprises an equipment registration ID, a query state and a query result, when the query state is successful, the query result is the query result encrypted in the step 209, and when the query state is abnormal, the query result is abnormal information;
step 211: the client receives the query result information, decrypts the query result by using the public key of the authentication center when the query state is successful, then decrypts the query result again by using the symmetric encryption key cached in the step 107 to obtain a final query result, and obtains the abnormal information when the query state is abnormal.
A data encryption communication system comprising:
the client is used for carrying out asymmetric encryption on the authentication request information and sending the authentication request information, receiving a response result data packet and carrying out asymmetric decryption on the response result data packet, carrying out symmetric encryption and asymmetric encryption on the query request information and sending the query request information, receiving the query result information and carrying out symmetric decryption and asymmetric decryption;
and the authentication center is used for receiving the authentication request information, carrying out asymmetric decryption, carrying out authentication judgment, carrying out asymmetric encryption on the response result data packet and returning the response result data packet, receiving the query request information, carrying out symmetric decryption and asymmetric decryption, carrying out query judgment and data query, carrying out symmetric encryption and asymmetric encryption on the query result information and returning the query result information.
The invention has the beneficial effects that:
the invention combines the symmetric encryption technology and the asymmetric encryption technology to carry out multiple encryption on the authentication information and the query information, thereby improving the safety of data communication.
Drawings
FIG. 1 is a flow chart of data authentication according to the present invention;
FIG. 2 is a flow chart of data query according to the present invention.
Detailed Description
To further illustrate the various embodiments, the invention provides the accompanying drawings. The accompanying drawings, which are incorporated in and constitute a part of this disclosure, illustrate embodiments of the invention and, together with the description, serve to explain the principles of the embodiments. Those skilled in the art will appreciate still other possible embodiments and advantages of the present invention with reference to these figures. The invention will now be further described with reference to the accompanying drawings and detailed description.
The system comprises a client and a data authentication center, wherein the client mainly has the following functions:
1. local RSA public key private key generation
2. Terminal device registration
3. Terminal device authentication
4. Data presentation
The authentication center plays a role in the scheme, any terminal device wants to access data of the data center, and the data needs to be authenticated and authorized by the authentication center, and the authentication center adopts the SS L Socket technology to externally issue the following data service interfaces:
1. terminal device registration
2. Terminal device authentication
3. Data encryption and decryption
4. And inquiring the state of the terminal equipment.
In the system, the client is used for carrying out asymmetric encryption on authentication request information and sending the authentication request information, receiving a response result data packet and carrying out asymmetric decryption on the response result data packet, carrying out symmetric encryption and asymmetric encryption on inquiry request information and sending the inquiry request information, receiving the inquiry result information and carrying out symmetric decryption and asymmetric decryption.
In the system, the authentication center is used for receiving authentication request information, carrying out asymmetric decryption, carrying out authentication judgment, carrying out asymmetric encryption on a response result data packet and returning the response result data packet, receiving inquiry request information, carrying out symmetric decryption and asymmetric decryption, carrying out inquiry judgment and data inquiry, carrying out symmetric encryption and asymmetric encryption on the inquiry result information and returning the inquiry result information.
The data encryption communication method of one embodiment of the invention comprises the steps of data authentication and data query,
wherein the data authentication step is: the client side encrypts in an asymmetric encryption mode and sends authentication request information to the authentication center for authentication, if the authentication is successful, the information of successful authentication and the symmetric key are returned, if the authentication is failed, the information of failed authentication is returned,
the data query step comprises:
the client side encrypts and sends query request information in combination with asymmetric encryption and symmetric encryption;
the authentication center receives the query request information;
the authentication center decrypts the query request information and calls a data query interface to perform data query;
the authentication center encrypts the query result information in combination with the asymmetric encryption and the symmetric encryption;
and the client receives the query result information and decrypts the query result information to obtain a data query result.
In this embodiment, the method further includes the step of initializing:
the client generates a pair of public key and private key and sends the client public key to the authentication center;
the authentication center generates a pair of public key and private key and sends the public key of the authentication center to the client;
and registering the client equipment to an authentication center, wherein the registration information is the hardware characteristic information of the terminal equipment, and the registration information is encrypted by a client private key.
In this embodiment, the data authentication step specifically includes:
step 101, a client encrypts hardware characteristic information of a terminal device through a client private key;
102, a client sends authentication request information, wherein the authentication request information comprises a device registration ID and encrypted hardware characteristic information of a terminal device;
103, the authentication center receives the authentication request information, reads the equipment registration ID to identify the terminal equipment information, then acquires the corresponding client public key according to the identified terminal equipment information, decrypts the terminal equipment hardware characteristic information, the step 104 is entered when the decryption is successful, and the step 106 is entered when the decryption is failed;
step 104: comparing the hardware characteristic information of the terminal equipment decrypted in the step 103 with the hardware characteristic information of the registered equipment to perform secondary authentication, wherein the step 105 is performed after the authentication is successful, and the step 106 is performed after the authentication is failed;
step 105: generating a set of symmetric encryption keys with certain timeliness on the basis of the equipment hardware characteristic information, caching, and entering step 106;
step 106: splicing a response result data packet, wherein the response result data packet comprises an authentication state and a symmetric encryption key, when the authentication state is successful, the symmetric encryption key is the symmetric encryption key generated in the step 105, the symmetric encryption key is encrypted by using a private key of an authentication center, and when the authentication state is failed, the symmetric encryption key is empty;
step 107: and the client receives the response result data packet, acquires authentication state information, and if the authentication state is successful, decrypts through the public key of the authentication center to acquire a symmetric encryption key and caches the symmetric encryption key to the local.
In this embodiment, the data query step specifically includes:
step 201: the client side assembles query request information, wherein the query request information comprises equipment registration ID, terminal equipment hardware characteristic information and query condition information;
step 202: acquiring the symmetric encryption key cached in the step 107, and encrypting the query condition information by using the symmetric encryption key;
step 203: encrypting the hardware characteristic information of the terminal equipment in the query request information by using a client private key, and encrypting the query condition information again by using the client private key;
step 204: calling a data query service interface of the authentication center and sending query request information;
step 205: the authentication center receives the query request information, reads the equipment registration ID to identify the terminal equipment information, then acquires the corresponding client public key according to the identified terminal equipment information, decrypts the terminal equipment hardware characteristic information and the query condition information, the step 206 is entered when the decryption is successful, and the step 210 is entered when the decryption is failed;
step 206: acquiring a symmetric encryption key cached by the terminal equipment from an authentication center according to the hardware characteristic information of the read terminal equipment, and entering step 207 if the symmetric encryption key is successfully acquired, or entering step 210 if the symmetric encryption key is not acquired;
step 207: acquiring a data query interface of a data sharing center, acquiring an available data query interface, and entering a step 208, otherwise, entering a step 210;
step 208: the authentication center calls a data query interface to perform synchronous data query, the step 209 is performed after a query result is obtained, and the step 210 is performed when an abnormality occurs when the data query interface of the data sharing center is called;
step 209: acquiring a private key of an authentication center and a symmetric encryption key corresponding to the terminal equipment, symmetrically encrypting the query result by using the symmetric encryption key, and then asymmetrically encrypting by using the private key of the authentication center;
step 210: assembling query result information, wherein the query result information comprises an equipment registration ID, a query state and a query result, when the query state is successful, the query result is the query result encrypted in the step 209, and when the query state is abnormal, the query result is abnormal information;
step 211: the client receives the query result information, decrypts the query result by using the public key of the authentication center when the query state is successful, then decrypts the query result again by using the symmetric encryption key cached in the step 107 to obtain a final query result, and obtains the abnormal information when the query state is abnormal.
The system initialization process comprises the following steps:
1. initializing an authentication center: generating an RSA public key of the authentication center end;
2. the method comprises the steps that an RSA public key of a certificate authority end is obtained from a certificate authority and then configured into a client program of a terminal device;
3. initializing the terminal equipment: starting a client program to call RSA KeyGen (secret key generation algorithm) to generate a set of local public key and private key;
4. configuring a client public key to an authentication center;
5. initializing the connection information of the authentication center on a client program;
6. registering the terminal equipment in an authentication center, wherein the registration information is hardware characteristic information: such as cpu feature codes, hard disk feature codes, MAC feature codes, etc., are combined according to a certain algorithm, and then encrypted using a client private key.
As shown in fig. 1, the authentication process in the system processing flow is as follows:
step 101: the client program encrypts the hardware string of the terminal equipment by using a client private key to obtain a hardware characteristic string of the terminal equipment, and then the hardware characteristic string and the equipment registration ID are spliced into a structure as follows;
| device registration ID | Terminal device hardware feature string |
Step 102: the client program calls an authentication service interface of the authentication center and sends authentication request data;
step 103: the authentication center receives the authentication request information, reads the equipment registration ID to identify the terminal equipment information, then obtains a corresponding client public key according to the identified terminal equipment information, and decrypts the terminal equipment hardware characteristic string; the decryption is successful and enters step 104, and the decryption is failed and enters step 106;
step 104: performing secondary authentication on the terminal equipment hardware feature string decrypted in the step 103 (preventing the equipment registration ID from being stolen), entering a step 105 if the authentication is successful, and entering a step 106 if the authentication is failed;
step 105: generating a set of symmetric encryption keys with certain timeliness based on the equipment hardware characteristic string according to a symmetric key generation algorithm built in the authentication center, caching, and entering step 106;
step 106: splicing the response result data packet, wherein the structure is as follows; encrypting the symmetric encryption key by using a private key of the authentication center end;
| authentication state 1: success-1: failure of | Symmetric encryption key (authentication state is-1 and empty) |
Step 107: the client program receives the state information of successful authentication, judges the successful authentication and caches the returned symmetric encryption key to the local;
step 108: the authentication process is finished;
referring to fig. 2, the data query process in the system processing process is as follows:
step 201: the terminal device client program assembles data query request information, and the request information structure is as follows:
| device registration ID | Terminal device hardware feature string | Query condition string |
Step 202: obtaining the symmetric encryption key cached in step 107, encrypting the 'query condition string'
Step 203: acquiring a 'terminal equipment hardware characteristic string' and a 'query condition character string' in client private key encrypted data query request information;
step 204: calling a data query service interface of the authentication center, and sending data query request information;
step 205: the authentication center receives the query request, reads the equipment registration ID to identify the terminal equipment information, then acquires the corresponding client public key according to the identified terminal equipment information, decrypts the 'terminal equipment hardware characteristic string' and the 'query condition character string', the decryption is successful and the step 206 is entered, and the decryption is failed and the step 210 is entered;
step 206: acquiring a symmetric encryption key cached by the terminal equipment on an authentication center according to the read hardware feature string of the terminal equipment, entering step 207 if the acquisition is successful, and entering step 210 if the acquisition is not successful (because the symmetric encryption key has certain timeliness, the authentication center needs to regularly judge whether the symmetric encryption key in the cache is overdue, and if the symmetric encryption key is overdue, the symmetric encryption key is automatically cleared);
step 207: acquiring a data query interface of a data sharing center, acquiring an available data query interface, and entering a step 208, otherwise, entering a step 210;
step 208: the authentication center calls a data query interface to perform synchronous data query, and the step 209 is entered after the data is returned; if an exception occurs when the data query interface of the data sharing center is called, the step 210 is entered;
step 209: and acquiring a private key of the authentication center end and a symmetric encryption key corresponding to the terminal equipment. Firstly, symmetrically encrypting the query result, and then asymmetrically encrypting by using a private key of an authentication center end;
step 210: the data query result information is assembled, and has the following structure,
| state 1: success-1: abnormality (S) | Device registration ID | Result data string (for example json, xml but not limited to these two kinds), if the state is-1, fill in the abnormal information |
Step 211: the terminal device client program receives the query result, acquires the certification center public key to decrypt the result data string, then acquires the symmetric encryption key cached in step 107, and decrypts the result data string again.
The invention combines the symmetric encryption technology and the asymmetric encryption technology to carry out multiple encryption on the authentication information and the query information, thereby improving the safety of data communication.
While the invention has been particularly shown and described with reference to a preferred embodiment, it will be understood by those skilled in the art that various changes in form and detail may be made therein without departing from the spirit and scope of the invention as defined by the appended claims.
Claims (4)
1. A data encryption communication method is characterized by comprising the steps of data authentication and data query,
a data authentication step: the client side encrypts in an asymmetric encryption mode and sends authentication request information to the authentication center for authentication, if the authentication is successful, the information of successful authentication and the symmetric key are returned, if the authentication is failed, the information of failed authentication is returned,
the data authentication step specifically comprises:
step 101, a client encrypts hardware characteristic information of a terminal device through a client private key;
102, a client sends authentication request information, wherein the authentication request information comprises a device registration ID and encrypted hardware characteristic information of a terminal device;
103, the authentication center receives the authentication request information, reads the equipment registration ID to identify the terminal equipment information, then acquires the corresponding client public key according to the identified terminal equipment information, decrypts the terminal equipment hardware characteristic information, the step 104 is entered when the decryption is successful, and the step 106 is entered when the decryption is failed;
step 104: comparing the hardware characteristic information of the terminal equipment decrypted in the step 103 with the hardware characteristic information of the registered equipment to perform secondary authentication, wherein the step 105 is performed after the authentication is successful, and the step 106 is performed after the authentication is failed;
step 105: generating a set of symmetric encryption keys with certain timeliness on the basis of the equipment hardware characteristic information, caching, and entering step 106;
step 106: splicing a response result data packet, wherein the response result data packet comprises an authentication state and a symmetric encryption key, when the authentication state is successful, the symmetric encryption key is the symmetric encryption key generated in the step 105, the symmetric encryption key is encrypted by using a private key of an authentication center, and when the authentication state is failed, the symmetric encryption key is empty;
step 107: the client receives the response result data packet, acquires authentication state information, and if the authentication state is successful, decrypts through a public key of the authentication center to acquire a symmetric encryption key and caches the symmetric encryption key to the local;
data query step:
the client side encrypts and sends the query request information in combination with the asymmetric encryption and the symmetric encryption, and the encryption method specifically comprises the following steps: the client side assembles query request information, wherein the query request information comprises equipment registration ID, terminal equipment hardware characteristic information and query condition information; acquiring the symmetric encryption key cached in the step 107, and encrypting the query condition information by using the symmetric encryption key; encrypting the hardware characteristic information of the terminal equipment in the query request information by using a client private key, and encrypting the query condition information again by using the client private key;
the authentication center receives the query request information;
the authentication center decrypts the query request information and calls a data query interface to perform data query;
the authentication center encrypts the query result information in combination with the asymmetric encryption and the symmetric encryption modes to obtain a private key of the authentication center and a symmetric encryption key corresponding to the terminal equipment, symmetrically encrypts the query result by using the symmetric encryption key, and then asymmetrically encrypts the query result by using a private key of the authentication center;
and the client receives the query result information and decrypts the query result information to obtain a data query result.
2. The data encryption communication method according to claim 1, further comprising the step of initializing:
the client generates a pair of public key and private key and sends the client public key to the authentication center;
the authentication center generates a pair of public key and private key and sends the public key of the authentication center to the client;
and registering the client equipment to an authentication center, wherein the registration information is the hardware characteristic information of the terminal equipment, and the registration information is encrypted by a client private key.
3. The data encryption communication method according to claim 1, wherein the data query step specifically comprises:
step 201: the client side assembles query request information, wherein the query request information comprises equipment registration ID, terminal equipment hardware characteristic information and query condition information;
step 202: acquiring the symmetric encryption key cached in the step 107, and encrypting the query condition information by using the symmetric encryption key;
step 203: encrypting the hardware characteristic information of the terminal equipment in the query request information by using a client private key, and encrypting the query condition information again by using the client private key;
step 204: calling a data query service interface of the authentication center and sending query request information;
step 205: the authentication center receives the query request information, reads the equipment registration ID to identify the terminal equipment information, then acquires the corresponding client public key according to the identified terminal equipment information, decrypts the terminal equipment hardware characteristic information and the query condition information, the step 206 is entered when the decryption is successful, and the step 210 is entered when the decryption is failed;
step 206: acquiring a symmetric encryption key cached by the terminal equipment from an authentication center according to the hardware characteristic information of the read terminal equipment, and entering step 207 if the symmetric encryption key is successfully acquired, or entering step 210 if the symmetric encryption key is not acquired;
step 207: acquiring a data query interface of a data sharing center, acquiring an available data query interface, and entering a step 208, otherwise, entering a step 210;
step 208: the authentication center calls a data query interface to perform synchronous data query, the step 209 is performed after a query result is obtained, and the step 210 is performed when an abnormality occurs when the data query interface of the data sharing center is called;
step 209: acquiring a private key of an authentication center and a symmetric encryption key corresponding to the terminal equipment, symmetrically encrypting the query result by using the symmetric encryption key, and then asymmetrically encrypting by using the private key of the authentication center;
step 210: assembling query result information, wherein the query result information comprises an equipment registration ID, a query state and a query result, when the query state is successful, the query result is the query result encrypted in the step 209, and when the query state is abnormal, the query result is abnormal information;
step 211: the client receives the query result information, decrypts the query result by using the public key of the authentication center when the query state is successful, then decrypts the query result again by using the symmetric encryption key cached in the step 107 to obtain a final query result, and obtains the abnormal information when the query state is abnormal.
4. A data encryption communication system, comprising:
the client is used for carrying out asymmetric encryption on the authentication request information and sending the authentication request information, receiving a response result data packet and carrying out asymmetric decryption on the response result data packet, carrying out symmetric encryption and asymmetric encryption on the query request information and sending the query request information, receiving the query result information and carrying out symmetric decryption and asymmetric decryption;
the process that the client carries out asymmetric encryption on the authentication request information and sends the authentication request information comprises the following steps:
step 101, a client encrypts hardware characteristic information of a terminal device through a client private key;
102, a client sends authentication request information, wherein the authentication request information comprises a device registration ID and encrypted hardware characteristic information of a terminal device; the process of the client for carrying out the symmetric encryption and the asymmetric encryption on the query request information comprises the following steps: the client side assembles query request information, wherein the query request information comprises equipment registration ID, terminal equipment hardware characteristic information and query condition information; acquiring a symmetric encryption key, and encrypting the query condition information by using the symmetric encryption key; encrypting the hardware characteristic information of the terminal equipment in the query request information by using a client private key, and encrypting the query condition information again by using the client private key;
the authentication center is used for receiving the authentication request information, carrying out asymmetric decryption, carrying out authentication judgment, carrying out asymmetric encryption on the response result data packet and returning the response result data packet, receiving the query request information, carrying out symmetric decryption and asymmetric decryption, carrying out query judgment and data query, carrying out symmetric encryption and asymmetric encryption on the query result information and returning the query result information;
the authentication center carries out authentication judgment on the authentication request information, and the specific process of carrying out asymmetric encryption on the response result data packet is as follows:
103, the authentication center receives the authentication request information, reads the equipment registration ID to identify the terminal equipment information, then acquires the corresponding client public key according to the identified terminal equipment information, decrypts the terminal equipment hardware characteristic information, the step 104 is entered when the decryption is successful, and the step 106 is entered when the decryption is failed;
step 104: comparing the hardware characteristic information of the terminal equipment decrypted in the step 103 with the hardware characteristic information of the registered equipment to perform secondary authentication, wherein the step 105 is performed after the authentication is successful, and the step 106 is performed after the authentication is failed;
step 105: generating a set of symmetric encryption keys with certain timeliness on the basis of the equipment hardware characteristic information, caching, and entering step 106;
step 106: splicing a response result data packet, wherein the response result data packet comprises an authentication state and a symmetric encryption key, when the authentication state is successful, the symmetric encryption key is the symmetric encryption key generated in the step 105, the symmetric encryption key is encrypted by using a private key of an authentication center, and when the authentication state is failed, the symmetric encryption key is empty;
the authentication center carries out the specific processes of symmetric encryption and asymmetric encryption on the query result as follows: and acquiring a private key of the authentication center and a symmetric encryption key corresponding to the terminal equipment, symmetrically encrypting the query result by using the symmetric encryption key, and then asymmetrically encrypting by using the private key of the authentication center.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610957375.6A CN106411926B (en) | 2016-11-03 | 2016-11-03 | Data encryption communication method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610957375.6A CN106411926B (en) | 2016-11-03 | 2016-11-03 | Data encryption communication method and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN106411926A CN106411926A (en) | 2017-02-15 |
| CN106411926B true CN106411926B (en) | 2020-07-31 |
Family
ID=58014058
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610957375.6A Active CN106411926B (en) | 2016-11-03 | 2016-11-03 | Data encryption communication method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106411926B (en) |
Families Citing this family (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109583215B (en) * | 2018-09-28 | 2022-11-15 | 创新先进技术有限公司 | Method and device for processing credit investigation data and block chain data sharing system |
| EP3883178A4 (en) * | 2018-11-13 | 2022-08-10 | Bluepopcon Inc. | Encryption system and method employing permutation group-based encryption technology |
| CN109600397A (en) * | 2019-01-26 | 2019-04-09 | 温州大学 | A kind of network security monitoring and managing method |
| WO2020200306A1 (en) * | 2019-04-04 | 2020-10-08 | 华控清交信息科技(北京)有限公司 | Data query and calculation method and system, and storage medium |
| CN111090870A (en) * | 2019-12-17 | 2020-05-01 | 支付宝(杭州)信息技术有限公司 | Privacy-protecting user information query method and device |
| CN115039376A (en) * | 2020-02-25 | 2022-09-09 | 深圳市欢太科技有限公司 | Terminal equipment information transmission method, equipment fingerprint generation method and related products |
| CN112995146B (en) * | 2021-02-05 | 2022-11-18 | 杭州诺为医疗技术有限公司 | Communication verification method and device for implantable electrical stimulation device and external equipment |
| CN113536376B (en) * | 2021-07-19 | 2022-05-13 | 中创智联科技(江苏)有限公司 | Enterprise financial data security management system and method thereof |
| CN115065530B (en) * | 2022-06-13 | 2024-01-23 | 北京华信傲天网络技术有限公司 | Trusted data interaction method and system |
| CN117527419A (en) * | 2023-12-06 | 2024-02-06 | 北京东方通科技股份有限公司 | Safety transmission method for identification data |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101404576B (en) * | 2008-09-27 | 2010-09-22 | 深圳市迅雷网络技术有限公司 | Network resource query method and system |
| CN102065016B (en) * | 2010-12-30 | 2015-10-28 | 中兴通讯股份有限公司 | Message method of sending and receiving and device, message processing method and system |
| US10735385B2 (en) * | 2015-02-27 | 2020-08-04 | Samsung Electronics Co., Ltd. | Adaptive and efficient database protection and migration with device state changes |
| CN105791282B (en) * | 2016-02-29 | 2019-03-22 | 宇龙计算机通信科技(深圳)有限公司 | A kind of method for protecting privacy, mobile terminal and wearable device |
-
2016
- 2016-11-03 CN CN201610957375.6A patent/CN106411926B/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| CN106411926A (en) | 2017-02-15 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106411926B (en) | Data encryption communication method and system | |
| CN111314056B (en) | Heaven and earth integrated network anonymous access authentication method based on identity encryption system | |
| CN111464301B (en) | Key management method and system | |
| US9608971B2 (en) | Method and apparatus for using a bootstrapping protocol to secure communication between a terminal and cooperating servers | |
| CN109495274A (en) | A kind of decentralization smart lock electron key distribution method and system | |
| CN104756458A (en) | Method and apparatus for securing a connection in a communications network | |
| WO2012024872A1 (en) | Method, system and related apparatus for encrypting communication in mobile internet | |
| CN111447220B (en) | Authentication information management method, server of application system and computer storage medium | |
| CN112823503B (en) | Data access method, data access device and mobile terminal | |
| CN105447715A (en) | Method and apparatus for anti-theft electronic coupon sweeping by cooperating with third party | |
| CN112437044B (en) | Instant messaging method and device | |
| CN111865609A (en) | Private cloud platform data encryption and decryption system based on state cryptographic algorithm | |
| CN114338239B (en) | Method and system for data encryption transmission | |
| CN114390524B (en) | Method and device for realizing one-key login service | |
| WO2016000473A1 (en) | Business access method, system and device | |
| CN104243435A (en) | Communication method for HTTP based on OAuth | |
| CN111698203A (en) | Cloud data encryption method | |
| CN114158046B (en) | Method and device for realizing one-key login service | |
| KR101329789B1 (en) | Encryption Method of Database of Mobile Communication Device | |
| CN106972928B (en) | Bastion machine private key management method, device and system | |
| CN112437436B (en) | Identity authentication method and device | |
| CN112769759B (en) | Information processing method, information gateway, server and medium | |
| CN105871788B (en) | Password generation method and device for login server | |
| JP7107241B2 (en) | Key sharing method, key sharing system, agent terminal | |
| CN108156112B (en) | Data encryption method, electronic equipment and network side equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |