CN107094156A - A kind of safety communicating method and system based on P2P patterns - Google Patents
A kind of safety communicating method and system based on P2P patterns Download PDFInfo
- Publication number
- CN107094156A CN107094156A CN201710473340.XA CN201710473340A CN107094156A CN 107094156 A CN107094156 A CN 107094156A CN 201710473340 A CN201710473340 A CN 201710473340A CN 107094156 A CN107094156 A CN 107094156A
- Authority
- CN
- China
- Prior art keywords
- certificate
- center
- communication
- security capabilities
- key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/062—Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/104—Peer-to-peer [P2P] networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
Abstract
The invention discloses a kind of safety communicating method based on P2P patterns and system, comprise the following steps:By P2P communication datas and common discharge data separating;To the encrypted public key of security capabilities center requests P2P Correspondent Node clients;Random key is generated, and encryption will be sent to the P2P communication datas of opposite end client;The random key is encrypted using the encrypted public key of opposite end client;Using the signature private key signature data splitting of local client, the data splitting includes encrypted the P2P communication datas and random key;Signed data splitting is sent to opposite end client.By this programme, safe point-to-point communication between user can be provided.
Description
Technical field
The present invention relates to information security field, and in particular to a kind of safety communicating method and system based on P2P patterns.
Background technology
" internet+" epoch, mobile Internet development in-depth, mobile intelligent terminal is not only communication, converter tools, is even more
Mobile government, mobile law enforcement, mobile office and mobile e-business etc. is promoted to develop rapidly.
As occupation rate of market highest Mobile operating system in smart mobile phone, Android possesses more than one hundred million huge users
Colony, but because its code is increased income, the generality that system vulnerability is present is also beyond imagination.Information of mobile terminal security incident frequency
Hair, information security turns into social concerns focus.
The method for comparing traditional guarantee personal information security in Android phone is just to try to avoid browsing sensitive net
Stand, all kinds of antivirus anti-virus softwares are installed.But this can only ensure that cell phone system is safe within the specific limits, how ensure hand
Machine is also safe in communication process just into a problem.
The content of the invention
In order to solve the above technical problems, the invention provides a kind of safety communicating method based on P2P patterns, including it is following
Step:
1) P2P communication datas are separated with non-P2P communication datas;
2) to the encrypted public key of security capabilities center requests P2P Correspondent Node clients;
3) random key is generated, and encryption will be sent to the P2P communication datas of opposite end client;
4) random key is encrypted using the encrypted public key of opposite end client;
7) using the signature private key signature data splitting of local client, the data splitting includes the described of unencryption
P2P communication datas and random key;
8) signed data splitting and the encrypted P2P communication datas and random key are sent to opposite end visitor
Family end.
Embodiments in accordance with the present invention, it is preferred that the P2P communication datas include:Instant communication data, file transmission number
According to and voice communication data.
Embodiments in accordance with the present invention, it is preferred that the step 1) before, in addition to:
A) local client cryptographically applies for TF Ka Kaika to security capabilities center;
B) security capabilities center decryption application information, and application information is sent to CA centers, notifies CA to be centrally generated card
Book;
C) CA centers Generate Certificate according to the application information and return to the security capabilities center;
D) certificate is sent to out card instrument by security capabilities center according to the application information;
E) drive card instrument and the certificate is write into TF cards.
Embodiments in accordance with the present invention, it is preferred that the step a) includes:
A.1) local client downloads the encrypted public key for obtaining security capabilities center;
A.2) local client encrypts application information and temporal information using the encrypted public key, is demonstrate,proved using the signature of itself
Book private key signature application information and temporal information.
Embodiments in accordance with the present invention, it is preferred that the step b) includes:
B.1) inquiry database in security capabilities center obtains the public signature key of the local client;
B.2) security capabilities center using oneself encryption key decryption obtain the local client application information and
Temporal information, and sign test is carried out to the application information and temporal information;
B.3) the application time information obtained according to decryption determines the information returned.
Embodiments in accordance with the present invention, it is preferred that the local client includes TF cards, the TF cards include:With user
The encryption and decryption certificate and signing certificate of identity binding, while the encryption and decryption certificate, signing certificate and user profile are stored in institute
State security capabilities center.
In order to solve the above technical problems, the invention provides a kind of safe communication system based on P2P patterns, the system bag
Include:
At least two communication terminals, the communication terminal encrypts TF cards using hardware, is packaged into security capabilities SDK, to be upper
Layer safety applications provide user log-in authentication, key agreement, certificate acquisition, hardware enciphering and deciphering, signature, key generation, random number
The function that generation, TF cards are formatted;
Security capabilities center, is responsible for the function of opening with management function, log management and certificate of TF cards, coordinates
The communication terminal completes encryption business:TF card business is opened, self-inspection is reported, login authentication, communication key application, opposite end card
Book application, file encryption, certificate validity authentication function;
CA centers, receive the application at the security capabilities center, for when application is by verifying, to the security capabilities
Center sends the certificate of application;
Communication service module, is serviced the offer communication encryption between the communication terminal, decryption.
Embodiments in accordance with the present invention, it is preferred that the security capabilities center carries out certificate authority using card instrument is driven, and issues
Possesses the certificate with user identity binding in the TF cards for sending out successfully then user communication terminal, while by the certificate and user profile
Security capabilities center is stored in, in case application query and encryption and decryption service.
Embodiments in accordance with the present invention, it is preferred that the certificate includes:Security capabilities center for security capabilities center
Certificate and the communication terminal certificate for communication terminal, the security capabilities center certificate and communication terminal certificate divide respectively
For two versions:Encryption and decryption certificate and signing certificate, the encryption and decryption certificate are used to add the communication data of communicating pair
Decryption, prevents communication data from being stolen by third party, and the signing certificate is used to sign to the communication data of communicating pair, protects
The data for demonstrate,proving communicating pair acquisition come from believable terminal or system.
In order to solve the above technical problems, the invention provides a kind of communication terminal, the communication terminal includes computer disposal
Device and computer-readable storage medium, the computer-readable storage medium are stored with computer instruction, when the computer processor unit is held
When row above computer is instructed, one of above method is performed.
By technical scheme, following beneficial technique effect is achieved:
1) realize that End to End Encryption is conversed in standard voice channel, special line is provided without any third party service provider
Road or O&M are supported, it is to avoid service provider is intentionally or event of being given away secrets caused by administrative skill leak.
2) voice channel is encrypted, and call is stable, and voice is without delay.
3) after lost mobile phone, teleinstruction can be used to wipe sensitive information --- the address list of particular contact and logical
The data informations such as words record.
Brief description of the drawings
Fig. 1 is present system Organization Chart
Fig. 2 be P2P of the present invention communicate-relay frame diagram
Fig. 3 is hair fastener flow chart of the present invention
Fig. 4 is client of the present invention and security capabilities center to center communications flow chart
Fig. 5 is the secret letter login process figure of the present invention
Fig. 6 is file encryption transfer process figure of the present invention.
Embodiment
The present invention is by point-to-point (P2P) communication data (instant messaging, file transmission, voice call) and common discharge data
(non-P2P communication datas) is separated.Development and application software systems carry out mark processing to point-to-point (P2P) data, realize and common
Internet data is separated.
<The system architecture of the present invention>
Fig. 1 shows that the system of the present invention is constituted:Cell phone intelligent terminal (can include the intelligence of various tape operation systems eventually
End, such as Android intelligent terminal and ios intelligent terminals, following client is identical with intelligent terminal implication, intelligent terminal bag
Include encryption TF cards, safe SDK, applications client), security capabilities center, CA centers (certificate authority, Certificate
Authority), secret letter applied business platform (also referred to as secret letter, encrypted word business platform or secret letter server).Wherein, secret letter application
The account that business platform is mainly responsible for the clients of safety applications such as secret letter, encrypted word is registered, logged in, nullifying, individual address pipe
Reason, the management of common IM message communicatings and encrypted word telecommunication management, are the server admin platforms of client secure application software.Should
Above-mentioned functions can be implemented separately by server in secret letter applied business platform, can also together be completed by server and Service Database
Above-mentioned functions, can also realize above-mentioned functions by high in the clouds.
Wherein, cell phone intelligent terminal encrypts TF cards using hardware, is packaged into security capabilities SDK, can be upper layer security application
User log-in authentication, key agreement, certificate acquisition, hardware enciphering and deciphering, signature, key generation, generating random number, TF card lattice are provided
The interfaces such as formula.
Security capabilities center (KMC) --- main responsible TF cards are opened and management function, log management and issue card
The function of book, security capabilities center coordinates encryption equipment to complete encryption business:TF card business is opened, self-inspection is reported, login authentication,
The functions such as communication key application, opposite end certificate request, file encryption, certificate validity checking.
The present invention uses standard PKI systems, and CA server certificates form is the digital certificate of X.509 form.CA is issued
The certificate of hair includes security capabilities center certificate and mobile phone terminal certificate, and both certificates are divided into two versions:Communication
Certificate (i.e. encryption and decryption certificate) and letter of identity (i.e. signing certificate).The communication that wherein communication certificate is used between mobile phone and mobile phone
Communication data between data and mobile phone and security capabilities center carries out encryption and decryption, prevents communication data from being stolen by third party.
And letter of identity is used to sign to the communication data of both sides, it is ensured that the data that both sides obtain are from believable terminal or flat
Platform.
The present invention provides pkcs#11 and the interface of the close 2 kinds of standards of state, it is easier to meet the selection of different user.In system
Sm1, sm2, sm3 and sm4 algorithm are used according to different demands, that is, ensure that security, flexibility has been taken into account again.
Point-to-point communication data transfer uses P2P application frames in present system, can be independent of special in such system
Centralized servers.In P2P structures, each node (peer) mostly has information consumer, informant simultaneously
With the function of the aspect of information communication etc. three.For from computation schema, P2P has broken traditional Client/Server (C/S) mould
Formula, the status of each node in a network is reciprocity.Each node both serves as server, and clothes are provided for other nodes
Business, while also enjoying the service of other nodes offer.
Existing internet has some middlewares, such as NAT and fire wall, causes in two (not in same Intranet)
Client can not direct communication.Most of Middleware implementations a kind of asymmetrical Communication Model, i.e. main frame in Intranet can be with
The external link of initialization, and the main frame of outer net can not initialize the link to Intranet.This intranet host is hidden in centre
Inaccessible after part is accomplished by P2P technologies and realizes Direct Communication between intranet and extranet main frame to cross over NAT.Adopted in the system
With the P2P patterns of via node:Its principle is to two different Intranet clients by a server with public network IP
Communication data is relayed and forwarded, and sees Fig. 2.Customer end A and customer end B are due to being all hidden in behind respective NAT not in figure
Communication connection can be directly set up, is then first all established the link with service end S --- service end S has public network IP, then leads to again
The path of S and other side's foundation is crossed to relay the data of transmission.
Support the data of diversified forms that transmission is encrypted in present system:Text, picture, file, audio frequency and video, phone
Voice etc..
<The method flow of the present invention>
Client first has to security capabilities center and goes application to open card, and flow is shown in Fig. 3:
1) legitimacy of TF cards is verified;
2) drive card instrument and apply for certificate to security capabilities center;
3) CA is centrally generated certificate and returns to security capabilities center;
4) security capabilities center transmits data to out card instrument;
5) by driving card instrument to TF write-in certificates.
Security capabilities center using card instrument is driven in certificate authority, the TF cards for issuing successfully then user have and user
The encrypted certificate and signing certificate of identity binding, while the certificate and user profile are stored in into security capabilities center, in case should
With inquiry and encryption and decryption service.So user just possesses identity in a system of the invention.
Client downloads key after certificate authority success by Fig. 4 flow application.
Fig. 4's comprises the following steps that:
Client:
1) client downloads obtain the encrypted public key at security capabilities center;
2) client encrypts application information and temporal information using security capabilities center public key, uses the signing certificate of itself
Private key signature application information and temporal information.
Security capabilities center:
1) inquiry database in security capabilities center obtains the public signature key of client;
2) security capabilities center obtains the application information and temporal information of client using the decrypted private key decryption of oneself, and
The use of the public signature key sign test data of client whether is that client is sent;
3) judge whether request is out-of-date according to the temporal information of decryption, it is out-of-date, out-of-date information is returned to, if not out-of-date, then
Inquire about the information that database returns to application.
Client after secret letter login interface inputs the user name after registration and password, clicks on login button by Fig. 5, will
User name, encrypted message call the secret letter applied business platform for being sent to secret letter by webService, and secret letter applied business is put down
Platform and security capabilities center mutual authentication return to login result, if login failure, point out user error information, login process knot
Beam.If logining successfully, into secret letter main interface, log in and complete, detailed process is shown in Fig. 5.
SecID:Represent the unique ID, pubc/pric of user:The public/private key pair of user, pubs/pris are represented respectively:Respectively
Represent the public/private key pair at security capabilities center.
Step 1, secret letter client sends log on request to secret letter applied business platform (secret letter server), asks bag data
Including:The data (secID, 16 random numbers, current time) of secID, pubs encryption, data (secID, 16 of pric signatures
Position random number, timestamp).Secret letter client, secret letter terminal herein is identical with the implication of above-mentioned cell phone intelligent terminal, is
Refer to the intelligent terminal for possessing operating system.
For logging in every time for client, the random number occurred at this and the random number subsequently occurred are same random number,
Purpose is to ensure this uniqueness and security for logging in;If such as 2 logins of user's adopting consecutive click chemical reaction, server and client
End just cannot be distinguished by this and log in twice, and logging in twice for user can be made a distinction by the random number of generation;Random number is led to
Cross Generating Random Number generation, it is difficult to be forged, so as to increase the security of system.
Step 2, secret letter applied business platform inquires about whether corresponding service condition can use according to secID.
Step 3, if it is available, then forwarding request, the request bag data of forwarding include:Pubs encryption data (secID,
16 random numbers, current time), the data (secID, 16 random numbers, timestamp) of pric signatures.
Step 4, sign test is decrypted to the request bag data of forwarding in security capabilities center, verify user, random number and when
Between stab, if being proved to be successful produce server timestamp.
Step 5, decryption sign test is successful, then security capabilities center returned data bag, and the packet of return includes:Safety
The data (16 random numbers, server time stamp) of token, pubc encryption, data (16 random numbers, service of pris signatures
Device timestamp).
Step 6, secret letter applied business platform is according to the data of return, generation business token.
Step 7, data verification success of the secret letter applied business platform to return, to secret letter client returned data bag, is returned
The packet for the data returned includes:Data (16 random numbers, server time of business token, safe token, pubc encryption
Stamp), the data (16 random numbers, server time stamp) of pris signatures.
Step 8, secret letter client decryption sign test, checking random number and server timestamp, complete client to server
Checking.
Step 9, secret letter client logs in secret letter to secret letter applied business platform, while carrying business token and safety
token。
Step 10, secret letter applied business platform sends the request for verifying safe token to security capabilities center.
Step 11, security capabilities center returns to secret letter applied business platform and verifies whether successful result.
Step 12, if secret letter applied business platform receives the result being proved to be successful, secret letter applied business platform (secret letter
Server) allow User logs in, set up connection.
Step 13, secret letter applied business platform (secret letter server) to secret letter terminal return log in whether successful result.
When being communicated between client and security capabilities center and between client and client, it is necessary to close by state
Algorithm comes encryption and decryption data and signature sign test data, and because the identity private key of user is only stored in encryption TF cards,
It can guarantee that the data information security between communication parties.
Client (secret letter terminal) is received log in successful result after, can be by Fig. 6 flow using corresponding
Key carries out the data transmission of safety, realizes coded communication.
Fig. 6 file encryption transfer process is as follows:
Customer end A:
1) to the encrypted public key of security capabilities center requests customer end B;
2) generate random key key and the file (sm1 algorithms) of customer end B is sent to this key encrypting key;
3) using the encrypted public key encrypted random keys key (sm2 algorithms) of customer end B;
4) to be sent to the data splitting of customer end B using the signature private key signature of client (sm2 algorithms are signed plaintext
Key and file), customer end B can be just sent to afterwards.
Customer end B:
1) to the public signature key of security capabilities center requests customer end A;
2) encryption key decruption key key is used, and uses key key decryption files (sm1 algorithms);
3) using the public signature key sign test signed data (sm2 algorithms) of customer end A.
The rivest, shamir, adelman for having used state close in present system, in asymmetric encryption techniques, there is two kinds of keys,
It is divided into encryption key and encrypted public key, encryption key is that key is held to the owner, can not be announced, encrypted public key is key to holding
The person of having is published to other people.Encryption key and signature private key in the present invention are stored in encryption TF cards or in encrypted card, no
External disclosure, encrypted public key and public signature key are stored in the database at security capabilities center, are available for communicating pair to inquire about.
Specific embodiment
The encrypted word communication service system for the business level that certain communication operator is done based on the present invention.By for client it is particularly customized
, the special mobile phone terminal for the security encryption chip that built-in close office of state authenticated utilizes the safe skill of commercial cipher technology and information
Art, the end-to-end mobile phone speech communication encryption function of business level is provided to client, prevents eavesdropping.
By implementing technical scheme, following technique effect is achieved.
1. national business's level of confidentiality certification, voice encryption is safer.Enciphering and deciphering algorithm and sm2 asymmetric arithmetics etc. are flowed using sm1
High strength encrypting algorithm.
2. end-to-end whole encryption a, words one are close safer;End-to-end whole ciphertext transmission, random key is once conversed
One key.
3. realizing that End to End Encryption is conversed in standard voice channel, special line is provided without any third party service provider
Road or O&M are supported, it is to avoid service provider is intentionally or event of being given away secrets caused by administrative skill leak.
4. voice channel is encrypted, call is stable, and voice is without delay.
5. after lost mobile phone, teleinstruction can be used to wipe sensitive information --- the address list of particular contact and logical
The data informations such as words record.
The foregoing is merely illustrative of the preferred embodiments of the present invention, is not intended to limit the scope of the present invention.It is all
Within the spirit and principles in the present invention, any modification, equivalent substitution and improvement for being made etc. all should protect the guarantor in the present invention
Within the scope of shield.
Claims (10)
1. a kind of safety communicating method based on P2P patterns, comprises the following steps:
1) P2P communication datas are separated with non-P2P communication datas;
2) to the encrypted public key of security capabilities center requests P2P Correspondent Node clients;
3) random key is generated, and encryption will be sent to the P2P communication datas of opposite end client;
4) random key is encrypted using the encrypted public key of opposite end client;
7) using the signature private key signature data splitting of local client, the P2P that the data splitting includes unencryption leads to
Letter data and random key;
8) signed data splitting and the encrypted P2P communication datas and random key are sent to opposite end client
End.
2. according to the method described in claim 1, the P2P communication datas include:Instant communication data, file transfer data and
Voice communication data.
3. according to the method described in claim 1, the step 1) before, in addition to:
A) local client cryptographically applies for TF Ka Kaika to security capabilities center;
B) security capabilities center decryption application information, and application information is sent to CA centers, notifies CA to be centrally generated certificate;
C) CA centers Generate Certificate according to the application information and return to the security capabilities center;
D) certificate is sent to out card instrument by security capabilities center according to the application information;
E) drive card instrument and the certificate is write into TF cards.
4. method according to claim 3, the step a) includes:
A.1) local client downloads the encrypted public key for obtaining security capabilities center;
A.2) local client encrypts application information and temporal information using the encrypted public key, private using the signing certificate of itself
Key signature application information and temporal information.
5. the method according to claim 3 or 4, the step b) includes:
B.1) inquiry database in security capabilities center obtains the public signature key of the local client;
B.2) security capabilities center obtains application information and the time of the local client using the encryption key decryption of oneself
Information, and sign test is carried out to the application information and temporal information;
B.3) the application time information obtained according to decryption determines the information returned.
6. according to the method described in claim 1, the local client includes TF cards, the TF cards include:With user identity
The encryption and decryption certificate and signing certificate of binding, while the encryption and decryption certificate, signing certificate and user profile are stored in the peace
Full Competence Center.
7. a kind of safe communication system based on P2P patterns, the system includes:
At least two communication terminals, the communication terminal encrypts TF cards using hardware, is packaged into security capabilities SDK, is upper strata peace
Full application provide user log-in authentication, key agreement, certificate acquisition, hardware enciphering and deciphering, signature, key generation, generating random number,
The function that TF cards are formatted;
Security capabilities center, is responsible for the function of opening with management function, log management and certificate of TF cards, coordinates described
Communication terminal completes encryption business:TF card business is opened, self-inspection is reported, login authentication, communication key application, opposite end certificate Shen
Please, file encryption, certificate validity authentication function;
CA centers, receive the application at the security capabilities center, for when application is by verifying, to the security capabilities center
Send the certificate of application;
Communication service module, is serviced the offer communication encryption between the communication terminal, decryption.
8. system according to claim 7, the security capabilities center carries out certificate authority using card instrument is driven, issue into
Work(then possesses the certificate with user identity binding in the TF cards of user communication terminal, while the certificate and user profile are stored
At security capabilities center, in case application query and encryption and decryption service.
9. system according to claim 7, the certificate includes:Security capabilities center certificate for security capabilities center
And the communication terminal certificate for communication terminal, the security capabilities center certificate and communication terminal certificate are respectively divided into two
Individual version:Encryption and decryption certificate and signing certificate, the encryption and decryption certificate are used to carry out encryption and decryption to the communication data of communicating pair,
Prevent communication data from being stolen by third party, the signing certificate is used to sign to the communication data of communicating pair, it is ensured that logical
Believe that the data that both sides obtain come from believable terminal or system.
10. a kind of communication terminal, the communication terminal includes computer processor unit and computer-readable storage medium, computer storage
Media storage has computer instruction, and when the computer processor unit performs above computer instruction, performing aforesaid right will
Seek the method described in one of 1-6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710473340.XA CN107094156B (en) | 2017-06-21 | 2017-06-21 | Secure communication method and system based on P2P mode |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710473340.XA CN107094156B (en) | 2017-06-21 | 2017-06-21 | Secure communication method and system based on P2P mode |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN107094156A true CN107094156A (en) | 2017-08-25 |
| CN107094156B CN107094156B (en) | 2020-02-28 |
Family
ID=59639513
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710473340.XA Active CN107094156B (en) | 2017-06-21 | 2017-06-21 | Secure communication method and system based on P2P mode |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107094156B (en) |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107493294A (en) * | 2017-09-04 | 2017-12-19 | 上海润欣科技股份有限公司 | A kind of secure accessing and management control method of the OCF equipment based on rivest, shamir, adelman |
| CN109361508A (en) * | 2018-10-11 | 2019-02-19 | 深圳市捷恩斯威科技有限公司 | Data transmission method, electronic equipment and computer readable storage medium |
| CN109361512A (en) * | 2018-10-11 | 2019-02-19 | 深圳市捷恩斯威科技有限公司 | Data transmission method |
| CN111030827A (en) * | 2019-12-06 | 2020-04-17 | 深圳乐信软件技术有限公司 | Information interaction method and device, electronic equipment and storage medium |
| CN111538973A (en) * | 2020-03-26 | 2020-08-14 | 成都云巢智联科技有限公司 | Personal authorization access control system based on state cryptographic algorithm |
| CN111931158A (en) * | 2020-08-10 | 2020-11-13 | 深圳大趋智能科技有限公司 | Bidirectional authentication method, terminal and server |
| CN114844713A (en) * | 2022-05-23 | 2022-08-02 | 贵州大学 | Video stream encryption method based on cryptographic algorithm and related equipment |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP1775879A3 (en) * | 2005-09-09 | 2008-07-02 | Samsung Electronics Co., Ltd. | Method and Apparatus for Securely Transmitting and Receiving Data in Peer-to-Peer Manner |
| CN101707611A (en) * | 2009-11-20 | 2010-05-12 | 北京工业大学 | Safe and effective privacy protection method of P2P system |
| CN101741903A (en) * | 2009-11-20 | 2010-06-16 | 北京工业大学 | Group-based trust data management method in mobile P2P network |
| CN102111411A (en) * | 2011-01-21 | 2011-06-29 | 南京信息工程大学 | Method for switching encryption safety data among peer-to-peer user nodes in P2P network |
| CN102868709A (en) * | 2011-07-04 | 2013-01-09 | 中国移动通信集团公司 | Certificate management method and certificate management device based on P2P (peer-to-peer) |
| CN106470201A (en) * | 2015-08-21 | 2017-03-01 | 中兴通讯股份有限公司 | A kind of user authen method and device |
| US10057225B1 (en) * | 2016-12-29 | 2018-08-21 | Wells Fargo Bank, N.A. | Wireless peer to peer mobile wallet connections |
-
2017
- 2017-06-21 CN CN201710473340.XA patent/CN107094156B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP1775879A3 (en) * | 2005-09-09 | 2008-07-02 | Samsung Electronics Co., Ltd. | Method and Apparatus for Securely Transmitting and Receiving Data in Peer-to-Peer Manner |
| CN101707611A (en) * | 2009-11-20 | 2010-05-12 | 北京工业大学 | Safe and effective privacy protection method of P2P system |
| CN101741903A (en) * | 2009-11-20 | 2010-06-16 | 北京工业大学 | Group-based trust data management method in mobile P2P network |
| CN102111411A (en) * | 2011-01-21 | 2011-06-29 | 南京信息工程大学 | Method for switching encryption safety data among peer-to-peer user nodes in P2P network |
| CN102868709A (en) * | 2011-07-04 | 2013-01-09 | 中国移动通信集团公司 | Certificate management method and certificate management device based on P2P (peer-to-peer) |
| CN106470201A (en) * | 2015-08-21 | 2017-03-01 | 中兴通讯股份有限公司 | A kind of user authen method and device |
| US10057225B1 (en) * | 2016-12-29 | 2018-08-21 | Wells Fargo Bank, N.A. | Wireless peer to peer mobile wallet connections |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107493294A (en) * | 2017-09-04 | 2017-12-19 | 上海润欣科技股份有限公司 | A kind of secure accessing and management control method of the OCF equipment based on rivest, shamir, adelman |
| CN107493294B (en) * | 2017-09-04 | 2020-08-21 | 上海润欣科技股份有限公司 | Safe access and management control method of OCF (optical clock and frequency conversion) equipment based on asymmetric encryption algorithm |
| CN109361508A (en) * | 2018-10-11 | 2019-02-19 | 深圳市捷恩斯威科技有限公司 | Data transmission method, electronic equipment and computer readable storage medium |
| CN109361512A (en) * | 2018-10-11 | 2019-02-19 | 深圳市捷恩斯威科技有限公司 | Data transmission method |
| CN111030827A (en) * | 2019-12-06 | 2020-04-17 | 深圳乐信软件技术有限公司 | Information interaction method and device, electronic equipment and storage medium |
| CN111538973A (en) * | 2020-03-26 | 2020-08-14 | 成都云巢智联科技有限公司 | Personal authorization access control system based on state cryptographic algorithm |
| CN111931158A (en) * | 2020-08-10 | 2020-11-13 | 深圳大趋智能科技有限公司 | Bidirectional authentication method, terminal and server |
| CN114844713A (en) * | 2022-05-23 | 2022-08-02 | 贵州大学 | Video stream encryption method based on cryptographic algorithm and related equipment |
Also Published As
| Publication number | Publication date |
|---|---|
| CN107094156B (en) | 2020-02-28 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10243742B2 (en) | Method and system for accessing a device by a user | |
| KR101508360B1 (en) | Apparatus and method for transmitting data, and recording medium storing program for executing method of the same in computer | |
| CN107094156A (en) | A kind of safety communicating method and system based on P2P patterns | |
| CN109309565A (en) | A kind of method and device of safety certification | |
| CN102547688B (en) | Virtual-dedicated-channel-based establishment method for high-credibility mobile security communication channel | |
| CN102685749B (en) | Wireless safety authentication method orienting to mobile terminal | |
| US10742426B2 (en) | Public key infrastructure and method of distribution | |
| CN102625294B (en) | Method for managing mobile service by taking universal serial bus (USB) as virtual subscriber identity module (SIM) card | |
| CN104901935A (en) | Bilateral authentication and data interaction security protection method based on CPK (Combined Public Key Cryptosystem) | |
| CN112425136A (en) | Internet of things security using multi-party computing (MPC) | |
| Nyamtiga et al. | Enhanced security model for mobile banking systems in Tanzania | |
| CN111131416A (en) | Business service providing method and device, storage medium and electronic device | |
| CN101296083A (en) | Enciphered data transmission method and system | |
| Chen et al. | Security analysis and improvement of user authentication framework for cloud computing | |
| Isobe et al. | Security analysis of end-to-end encryption for zoom meetings | |
| CN105577377A (en) | Identity-based authentication method and identity-based authentication system with secret key negotiation | |
| Di Pietro et al. | A two-factor mobile authentication scheme for secure financial transactions | |
| CN114331456A (en) | Communication method, device, system and readable storage medium | |
| CN112448958B (en) | Domain policy issuing method and device, electronic equipment and storage medium | |
| CN107104888B (en) | Safe instant messaging method | |
| CN115473655B (en) | Terminal authentication method, device and storage medium for access network | |
| CN109492359B (en) | Secure network middleware for identity authentication and implementation method and device thereof | |
| CN101437228B (en) | Method, apparatus and system for implementing wireless business based on smart card | |
| CN110809000A (en) | Service interaction method, device, equipment and storage medium based on block chain network | |
| CN112054905B (en) | Secure communication method and system of mobile terminal |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |